[***]            Summary:            [***]

2 new Open, 33 new Pro (2 + 31). Emotet Wifi Bruter, HeyRAT, GravityRAT, GoBot,  InstallCapital Adware, VARIOUS PHISH

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:
2029398 - ET TROJAN Emotet Wifi Bruter Module Checkin (trojan.rules)
2029399 - ET TROJAN Possible Satan Cryptor GeoIP Lookup (trojan.rules)

Pro:

2840909 - ETPRO TROJAN Koadic Command Execution via CnC (trojan.rules)
2840910 - ETPRO MALWARE InstallCapital Request for Payload (malware.rules)
2840911 - ETPRO TROJAN Unk.Stealer CnC Checkin (trojan.rules)
2840912 - ETPRO TROJAN GravityRAT Checkin (trojan.rules)
2840913 - ETPRO TROJAN HeyRAT Checkin (trojan.rules)
2840914 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-07 1) (trojan.rules)
2840915 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-07 2) (trojan.rules)
2840916 - ETPRO CURRENT_EVENTS Successful Visa/Mastercard OTP Phish 2020-02-07 (current_events.rules)
2840917 - ETPRO CURRENT_EVENTS Successful Visa/Mastercard OTP Phish 2020-02-07 (current_events.rules)
2840918 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-02-07 (current_events.rules)
2840919 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-07 (current_events.rules)
2840920 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-07 (current_events.rules)
2840921 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-07 (current_events.rules)
2840922 - ETPRO CURRENT_EVENTS Successful Receive Secure Cloud Files Phish 2020-02-07 (current_events.rules)
2840923 - ETPRO CURRENT_EVENTS Successful Ziraat Bankasi Phish 2020-02-07 (current_events.rules)
2840924 - ETPRO CURRENT_EVENTS Successful Generic Hosted Googleapi Phish 2020-02-07 (current_events.rules)
2840925 - ETPRO CURRENT_EVENTS Successful Facebook IN Phish 2020-02-07 (current_events.rules)
2840926 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-07 (current_events.rules)
2840927 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish 2020-02-07 (current_events.rules)
2840928 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-02-07 (current_events.rules)
2840929 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish 2020-02-07 (current_events.rules)
2840930 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish 2020-02-07 (current_events.rules)
2840931 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-02-07 (current_events.rules)
2840932 - ETPRO CURRENT_EVENTS Successful Generic Account Verification Phish 2020-02-07 (current_events.rules)
2840933 - ETPRO INFO GQUIC Protocol Observed to Non-Google Service (info.rules)
2840934 - ETPRO TROJAN GoBot CnC Checkin (trojan.rules)
2840935 - ETPRO TROJAN GoBot CnC Activity (trojan.rules)
2840936 - ETPRO TROJAN Satan Cryptor - Telegram Checkin (trojan.rules)
2840937 - ETPRO TROJAN BackDoor.Pigeon1.12826 CnC Activity M1 (set) (trojan.rules)
2840938 - ETPRO TROJAN BackDoor.Pigeon1.12826 CnC Activity M1 (trojan.rules)
2840939 - ETPRO TROJAN BackDoor.Pigeon1.12826 M2 (trojan.rules)

[///]     Modified active rules:     [///]

2013439 - ET TROJAN Dirt Jumper/Russkill3 Checkin (trojan.rules)
2018463 - ET TROJAN possible OneLouder header structure (trojan.rules)
2018977 - ET DOS HOIC with booster outbound (dos.rules)
2018978 - ET DOS HOIC with booster inbound (dos.rules)
2019166 - ET TROJAN Stobox Connectivity Check (trojan.rules)
2019608 - ET TROJAN HB_Banker16 Get (trojan.rules)
2020076 - ET TROJAN Andromeda Checkin Dec 29 2014 (trojan.rules)
2802952 - ETPRO TROJAN Herpbot.B Checkin (trojan.rules)
2804882 - ETPRO TROJAN Win32/Waledac.R Retrieving exe file (trojan.rules)
2805969 - ETPRO TROJAN Backdoor.Win32.Oblivion reporting via ICQ WWW script (trojan.rules)
2806739 - ETPRO TROJAN Win32/Fabucks.A Checkin (trojan.rules)
2806921 - ETPRO TROJAN Win32/Carberp.G Checkin (trojan.rules)
2808386 - ETPRO TROJAN Trojan.Win32.Generic.AtsI Checkin (trojan.rules)
2808493 - ETPRO TROJAN Win32/Beastdoor.L sending infected IP address via ICQ (trojan.rules)
2808575 - ETPRO TROJAN Trojan.Graybird IP Check (trojan.rules)
2808804 - ETPRO TROJAN Win32/Cendelf.gen!A www.163.com connectivity check (trojan.rules)
2808808 - ETPRO TROJAN Win32/ChkBot.A Checkin (trojan.rules)
2808817 - ETPRO TROJAN Win32.Chifrax Variant C2 (trojan.rules)
2809016 - ETPRO TROJAN Win32.Cosmu (trojan.rules)
2809041 - ETPRO TROJAN Win32/CoinMiner.SO .exe download (trojan.rules)
2809091 - ETPRO TROJAN Win32/RpcBrute.A CnC (trojan.rules)
2809204 - ETPRO TROJAN Win32.Trojan.Win32.TravNet HTTP Checkin (trojan.rules)
2809405 - ETPRO TROJAN Win32.Spy.Banker.UAE Checkin (trojan.rules)

[---]  Disabled and modified rules:  [---]

2011312 - ET POLICY hide-my-ip.com POST version check (policy.rules)
2018353 - ET CURRENT_EVENTS Win32.RBrute Scan (Outgoing) (current_events.rules)
2018354 - ET CURRENT_EVENTS Win32.RBrute Scan (incoming) (current_events.rules)
2018362 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
2019765 - ET CURRENT_EVENTS DRIVEBY Nuclear EK SWF (current_events.rules)
2808459 - ETPRO EXPLOIT Omeka 2.2 CSRF Add Persistent XSS (exploit.rules)
2808460 - ETPRO EXPLOIT Omeka 2.2 CSRF Disable Fie Validation (exploit.rules)
2809077 - ETPRO TROJAN JST Perl IrcBot v3.0 HTTP GET Request (trojan.rules)

[---]         Disabled rules:        [---]

2013511 - ET TROJAN Win32/CazinoSilver Checkin (trojan.rules)
2017412 - ET TROJAN Gh0st_Apple Checkin (trojan.rules)
2807975 - ETPRO TROJAN Trojan.DownLoader9.54232 Checkin (trojan.rules)
2808772 - ETPRO TROJAN Win32.Yakes.fudl Checkin (trojan.rules)
2808807 - ETPRO TROJAN Win32/PSWTool.WebBrowserPassView.B checkin (trojan.rules)
2809006 - ETPRO TROJAN BackDoor.Tishop.2 Checkin (trojan.rules)
2809074 - ETPRO TROJAN WIN32.AGENT.AGLKL Checkin (trojan.rules)
2809249 - ETPRO TROJAN Backdoor.MSIL.Soaphrish.A checkin (trojan.rules)

Date:
Summary title:
2 new Open, 33 new Pro (2 + 31). Emotet Wifi Bruter, HeyRAT, GravityRAT, GoBot, InstallCapital Adware, VARIOUS PHISH