[***]            Summary:            [***]

29 new Open, 48 new Pro (29 + 19). Win32/Emotet, Charming Kitten, Parallax, Various Phish

Thanks @James_inthe_box

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029352 - ET TROJAN Parallax CnC Activity M6 (set) (trojan.rules)
2029353 - ET TROJAN Parallax CnC Response Activity M6 (trojan.rules)
2029354 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029355 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029356 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029357 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029358 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029359 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029360 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029361 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029362 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029363 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029364 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029365 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029366 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029367 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029368 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029369 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029370 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029371 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029372 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029373 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029374 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029375 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029376 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029377 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029378 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029379 - ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain) (web_client.rules)
2029380 - ET TROJAN Win32/Emotet CnC Activity (POST) M8 (trojan.rules)

Pro:

2840871 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-05 1) (trojan.rules)
2840872 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish 2020-02-05 (current_events.rules)
2840873 - ETPRO CURRENT_EVENTS Successful Generic BR Bank Phish 2020-02-05 (current_events.rules)
2840874 - ETPRO EXPLOIT AVTECH DVR Unauthenticated SSRF (Outbound) (exploit.rules)
2840875 - ETPRO SCAN AVTECH DVR Unauthenticated SSRF (Inbound) (scan.rules)
2840876 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2840877 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840878 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-02-05 (current_events.rules)
2840879 - ETPRO CURRENT_EVENTS Successful Latam Phish 2020-02-05 (current_events.rules)
2840880 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-02-05 (current_events.rules)
2840881 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-02-05 (current_events.rules)
2840882 - ETPRO CURRENT_EVENTS Successful Whatsapp/Facebook Phish 2020-02-05 (current_events.rules)
2840883 - ETPRO USER_AGENTS Suspicious User-Agent containing Malware (user_agents.rules)
2840884 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-02-05 (current_events.rules)
2840885 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2020-02-05 (current_events.rules)
2840886 - ETPRO CURRENT_EVENTS Successful Dena Bank Phish 2020-02-05 (current_events.rules)
2840887 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-02-05 (current_events.rules)
2840888 - ETPRO MALWARE Win32/InstallCore Checkin (malware.rules)
2840889 - ETPRO TROJAN Discord Token Grabber Exfil Attempt M2 (trojan.rules)

[///]     Modified active rules:     [///]

2013327 - ET MOBILE_MALWARE Android.Zitmo Forwarding SMS Message to CnC Server (mobile_malware.rules)
2013536 - ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses (trojan.rules)
2013537 - ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving New IP Addresses From Server (trojan.rules)
2013538 - ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware >From Server (trojan.rules)
2013539 - ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Server Checkin (trojan.rules)
2013668 - ET TROJAN Win32.Riberow.A (listdir) (trojan.rules)
2013669 - ET TROJAN Win32.Riberow.A (mkdir) (trojan.rules)
2013791 - ET SCAN Apache mod_proxy Reverse Proxy Exposure 1 (scan.rules)
2802863 - ETPRO TROJAN Win32.CashOn!IK Checkin (trojan.rules)
2803333 - ETPRO TROJAN Downloader.Win32.NSIS.hn Checkin (trojan.rules)
2803495 - ETPRO TROJAN Win32.Lexip Checkin (trojan.rules)
2803502 - ETPRO TROJAN Virus.Win32.Sality.k Checkin (trojan.rules)
2803619 - ETPRO TROJAN W32/Infostealer.A!Maximus Checkin (trojan.rules)
2803684 - ETPRO WEB_CLIENT MPlayer for Windows Calloc Integer Overflow - SET .qt (web_client.rules)
2803908 - ETPRO MOBILE_MALWARE LeNa Android CnC Command (StartDown) (mobile_malware.rules)
2804054 - ETPRO TROJAN Tapaoux Initial Checkin (trojan.rules)
2804083 - ETPRO WEB_CLIENT Flash authoring tool Flex XSS attempt (web_client.rules)
2804095 - ETPRO TROJAN Win32/Virut.BN Download Set (trojan.rules)
2804414 - ETPRO TROJAN TrojanDropper.Win32/Agent.KA Checkin (trojan.rules)
2839723 - ETPRO TROJAN Win32/Agent Tesla SMTP Activity (trojan.rules)
2840655 - ETPRO TROJAN Discord Token Grabber Exfil Attempt M1 (trojan.rules)

[---]  Disabled and modified rules:  [---]

2013671 - ET TROJAN Win32.Riberow.A (touch) (trojan.rules)
2014265 - ET POLICY IP geo location service response (policy.rules)

[---]         Disabled rules:        [---]

2010153 - ET TROJAN Koobface fetch C&C command detected (trojan.rules)

Date: 
Tuesday, February 4, 2020 - 22:00