[***] Summary: [***]
14 new Open, 26 new Pro (14 + 12). APT40, Mozart Loader, BroomFury, Various Phish, Others.
Thanks @james_inthe_box.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029407 - ET TROJAN Mozart Loader CnC Checkin (getid) (trojan.rules)
2029408 - ET TROJAN Mozart Loader Command Request (gettasks) (trojan.rules)
2029409 - ET TROJAN Mozart Loader Command Request (getupdates) (trojan.rules)
2029410 - ET TROJAN Mozart Loader Command Request (reporttask) (trojan.rules)
2029411 - ET TROJAN Mozart Loader Command Request (reportupdates) (trojan.rules)
2029412 - ET TROJAN APT40/Dadstache Related DNS Lookup (trojan.rules)
2029413 - ET TROJAN APT40/Dadstache Related DNS Lookup (trojan.rules)
2029414 - ET TROJAN APT40/Dadstache Related DNS Lookup (trojan.rules)
2029415 - ET TROJAN APT40/Dadstache Related DNS Lookup (trojan.rules)
2029416 - ET TROJAN APT40/Dadstache Related DNS Lookup (trojan.rules)
2029417 - ET TROJAN APT40/Dadstache Related DNS Lookup (trojan.rules)
2029418 - ET TROJAN APT40/Dadstache Related DNS Lookup (trojan.rules)
2029419 - ET TROJAN APT40/Dadstache Related DNS Lookup (trojan.rules)
2029420 - ET TROJAN Possible APT40/Dadstache Stage 2 Payload Beacon (trojan.rules)
Pro:
2840977 - ETPRO INFO Suspicious Bash Script Contents Inbound M1 (info.rules)
2840978 - ETPRO INFO Suspicious Bash Script Contents Inbound M2 (info.rules)
2840979 - ETPRO TROJAN Evil Mirai Variant Bash Script Inbound (trojan.rules)
2840980 - ETPRO CURRENT_EVENTS Possible APT40/Dadstache CnC Activity (current_events.rules)
2840981 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-11 (current_events.rules)
2840982 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-02-11 (current_events.rules)
2840983 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-02-11 (current_events.rules)
2840984 - ETPRO TROJAN MSIL/ClipBanker.MH Variant CnC Activity (trojan.rules)
2840985 - ETPRO POLICY Wscript Being Retrieved from Pastebin (policy.rules)
2840986 - ETPRO TROJAN Win32/BroomFury Malicious Email Spam - Template 1 Active M1 (Outbound) (trojan.rules)
2840987 - ETPRO TROJAN Win32/BroomFury Malicious Email Spam - Template 1 Active M2 (Outbound) (trojan.rules)
2840988 - ETPRO TROJAN MSIL/Unk RAT Sending Screenshots via SMTP (trojan.rules)
[///] Modified active rules: [///]
2017520 - ET TROJAN Worm.VBS.ayr CnC command (is-enum-folder) (trojan.rules)
2020944 - ET TROJAN Chthonic CnC Beacon 5 (trojan.rules)
2020946 - ET TROJAN Chthonic CnC Beacon 6 (trojan.rules)
2021030 - ET TROJAN BePush/Kilim CnC Beacon (trojan.rules)
2021051 - ET TROJAN Linux.Mumblehard Initial Checkin (trojan.rules)
2021052 - ET TROJAN Linux.Mumblehard Command Status CnC (trojan.rules)
2021141 - ET CURRENT_EVENTS DNSChanger EK Landing URI Struct May 22 2015 (current_events.rules)
2021229 - ET TROJAN Scanbox Sending Host Data (trojan.rules)
2820288 - ETPRO TROJAN Bolek/Kbot CnC Checkin (trojan.rules)
[---] Disabled and modified rules: [---]
2839262 - ETPRO CURRENT_EVENTS Possible GreenFlash Sundown EK Flash Artifact (current_events.rules)
[---] Disabled rules: [---]
2017518 - ET TROJAN Worm.VBS.ayr CnC command (/iam-ready) (trojan.rules)
2020989 - ET CURRENT_EVENTS Possible Sundown EK Payload Struct T1 Apr 24 2015 (current_events.rules)