[***]            Summary:            [***]

7 new Open, 38 new Pro (7 + 31).  AZORult, TransparentTribe, HeyRAT, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029400 - ET TROJAN Observed Malicious SSL Cert (TinyNuke Variant CnC) 2020-02-09 (trojan.rules)
2029401 - ET TROJAN Win32/AZORult V3.2 Client Checkin M1 (trojan.rules)
2029402 - ET TROJAN Win32/AZORult V3.2 Client Checkin M2 (trojan.rules)
2029403 - ET TROJAN Win32/AZORult V3.2 Client Checkin M3 (trojan.rules)
2029404 - ET TROJAN Win32/AZORult V3.3 Client Checkin M1 (trojan.rules)
2029405 - ET TROJAN Win32/AZORult V3.3 Client Checkin M2 (trojan.rules)
2029406 - ET TROJAN Win32/AZORult V3.3 Client Checkin M3 (trojan.rules)

Pro:

2840940 - ETPRO WEB_CLIENT WordPress Plugin DZS-VideoGallery Cross-Site Scripting (Inbound) M1 (web_client.rules)
2840941 - ETPRO WEB_CLIENT WordPress Plugin DZS-VideoGallery Cross-Site Scripting (Inbound) M2 (web_client.rules)
2840942 - ETPRO WEB_CLIENT WordPress Plugin DZS-VideoGallery Cross-Site Scripting (Outbound) M1 (web_client.rules)
2840943 - ETPRO WEB_CLIENT WordPress Plugin DZS-VideoGallery Cross-Site Scripting (Outbound) M2 (web_client.rules)
2840944 - ETPRO TROJAN APT/TransparentTribe CnC Checkin M2 (trojan.rules)
2840945 - ETPRO TROJAN MalDoc Requesting Malicious crt Payload 2020-02-10 (trojan.rules)
2840946 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-08 1) (trojan.rules)
2840947 - ETPRO TROJAN HeyRAT CnC Activity (trojan.rules)
2840948 - ETPRO MALWARE Win32/Adware.Kraddare Variant Checkin (malware.rules)
2840949 - ETPRO TROJAN Win32/Hematite.C Checkin (trojan.rules)
2840950 - ETPRO CURRENT_EVENTS Successful First Bank Phish 2020-02-10 (current_events.rules)
2840951 - ETPRO CURRENT_EVENTS Successful Ionos 1&1 Phish 2020-02-10 (current_events.rules)
2840952 - ETPRO CURRENT_EVENTS Successful Ionos 1&1 Phish 2020-02-10 (current_events.rules)
2840953 - ETPRO CURRENT_EVENTS Successful Quickbooks Phish 2020-02-10 (current_events.rules)
2840954 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-02-10 (current_events.rules)
2840955 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-02-10 (current_events.rules)
2840956 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-10 (current_events.rules)
2840957 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-02-10 (current_events.rules)
2840958 - ETPRO CURRENT_EVENTS Successful Generic FR Phish 2020-02-10 (current_events.rules)
2840959 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-02-10 (current_events.rules)
2840960 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-02-10 (current_events.rules)
2840961 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-02-10 (current_events.rules)
2840962 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-02-10 (current_events.rules)
2840963 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-02-10 (current_events.rules)
2840964 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-02-10 (current_events.rules)
2840965 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-02-10 (current_events.rules)
2840969 - ETPRO TROJAN Win32/Occamy.C Activity M4 (trojan.rules)
2840970 - ETPRO TROJAN Win32/Occamy.C Activity M5 (trojan.rules)
2840971 - ETPRO TROJAN Win32/Occamy.C Activity M6 (trojan.rules)
2840972 - ETPRO TROJAN Win32/Occamy.C Activity M7 (trojan.rules)
2840973 - ETPRO TROJAN Win32/Remcos RAT Checkin 334 (trojan.rules)

[///]     Modified active rules:     [///]

2009053 - ET WEB_SPECIFIC_APPS MODx CMS Thumbnail.php base_path Remote File Inclusion (web_specific_apps.rules)
2009220 - ET SCAN Tomcat upload from external source (scan.rules)
2009670 - ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt (web_server.rules)
2010009 - ET WEB_SPECIFIC_APPS Webmin Pre-1.290 Compromise Attempt (web_specific_apps.rules)
2010379 - ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (POST) (web_server.rules)
2010380 - ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET) (web_server.rules)
2010510 - ET WEB_SPECIFIC_APPS Possible OSSIM uniqueid Parameter Remote Command Execution Attempt (web_specific_apps.rules)
2016976 - ET CURRENT_EVENTS CoolEK Payload Download (9) (current_events.rules)
2017309 - ET TROJAN FortDisco Reporting Status (trojan.rules)
2017787 - ET MOBILE_MALWARE Android.KorBanker Fake Banking App Install CnC Beacon (mobile_malware.rules)
2017869 - ET TROJAN W32/Liftoh.Downloader Final.html Payload Request (trojan.rules)
2018025 - ET MALWARE W32/BettrExperience.Adware POST Checkin (malware.rules)
2018026 - ET MALWARE W32/BettrExperience.Adware Update Checkin (malware.rules)
2018123 - ET TROJAN Win32/Almanahe.B Checkin (trojan.rules)
2018143 - ET TROJAN Backdoor.Win32.Popwin Checkin (trojan.rules)
2018245 - ET TROJAN Gamut Spambot Checkin (trojan.rules)
2018257 - ET TROJAN Gamut Spambot Checkin 2 (trojan.rules)
2018640 - ET TROJAN Unknown Trojan with Fake Java User-Agent (trojan.rules)
2018650 - ET TROJAN Win32.Banload.BTQP Checkin 2 (trojan.rules)
2018775 - ET TROJAN Dyreza RAT Fake Server Header (trojan.rules)
2018793 - ET TROJAN EUPUDS.A Requests for Boleto replacement (trojan.rules)
2020470 - ET TROJAN Dridex POST Retrieving Second Stage (trojan.rules)
2021133 - ET TROJAN JavaScriptBackdoor HTTP POST CnC Beacon (trojan.rules)
2021153 - ET TROJAN Wordpress Errorcontent CnC Beacon (trojan.rules)
2028963 - ET TROJAN DADJOKE/Rail Tycoon Initial Macro Execution (trojan.rules)
2029380 - ET TROJAN Win32/Emotet CnC Activity (POST) M8 (trojan.rules)
2820288 - ETPRO TROJAN Bolek/Kbot CnC Checkin (trojan.rules)
2822685 - ETPRO TROJAN TheTrick Banking Trojan Affiliate Download (trojan.rules)
2822734 - ETPRO TROJAN Win32/DNtoolz0.BR Checkin (trojan.rules)
2822753 - ETPRO CURRENT_EVENTS Successful Google Docs Phish M2 Oct 19 2016 (current_events.rules)
2822893 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Oct 26 2016 (current_events.rules)
2823266 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov 15 2016 (current_events.rules)
2823401 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov 21 M1 2016 (current_events.rules)
2823402 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov 21 M2 2016 (current_events.rules)
2823403 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Nov 21 M3 2016 (current_events.rules)
2828629 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff CnC Beacon (mobile_malware.rules)
2828634 - ETPRO MOBILE_MALWARE Android/SMSFlooder.Agent.BP CnC Beacon (mobile_malware.rules)
2828644 - ETPRO TROJAN Zebrocy Requesting Stage 2 Payload (trojan.rules)
2828913 - ETPRO TROJAN WIN32/KOVTER.B Checkin 2 M3 (trojan.rules)
2829537 - ETPRO TROJAN VBS.ARS Plugin Report (trojan.rules)
2829538 - ETPRO TROJAN VBS.ARS Password Stealer Plugin Report (trojan.rules)
2829908 - ETPRO MOBILE_MALWARE Android.Styricka.GEN6254 Checkin (mobile_malware.rules)
2831402 - ETPRO TROJAN MSIL/Predator The Thief CnC Checkin (trojan.rules)

[---]  Disabled and modified rules:  [---]

2014884 - ET CURRENT_EVENTS Request to malicious SutraTDS - lonly= in cookie (current_events.rules)
2015818 - ET CURRENT_EVENTS g01pack Exploit Kit .homeip. Landing Page (current_events.rules)
2015819 - ET CURRENT_EVENTS g01pack Exploit Kit .homelinux. Landing Page (current_events.rules)
2015946 - ET CURRENT_EVENTS CrimeBoss - Setup (current_events.rules)
2016708 - ET CURRENT_EVENTS CrimeBoss Recent Jar (3) (current_events.rules)
2018533 - ET MOBILE_MALWARE Android.Adware.Wapsx.A (mobile_malware.rules)
2021056 - ET TROJAN Dyre Downloading Mailer 2 (trojan.rules)

[---]         Disabled rules:        [---]

2015939 - ET CURRENT_EVENTS g01pack Exploit Kit .blogsite. Landing Page (current_events.rules)
2017718 - ET TROJAN Trojan.BlackRev Botnet Login Request CnC Beacon (trojan.rules)
2020654 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Checkin 1 (trojan.rules)
2020655 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Checkin 2 (trojan.rules)

Date: 
Sunday, February 9, 2020 - 22:00