[***] Summary: [***]
5 new Open, 35 new Pro (5 + 30). NewMoonlight, ABBCCoin, CobaltStrike, Various Phish, Others.
Thanks @401TRG and @james_inthe_box.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029421 - ET INFO Suspicious EXE requested with Java UA (info.rules)
2029422 - ET POLICY ABBCCoin Checkin (policy.rules)
2029423 - ET USER_AGENTS ABBCCoin Activity Observed (user_agents.rules)
2029424 - ET INFO [TGI] Entrust Entelligence Security Provider (Flowbits Set) (info.rules)
2029425 - ET INFO [TGI] Possible Cobalt Strike Extra Whitespace HTTP Response (info.rules)
Pro:
2840989 - ETPRO TROJAN MalDoc Request for Malicious Packed EXE (trojan.rules)
2840990 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 1) (trojan.rules)
2840991 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 2) (trojan.rules)
2840992 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 3) (trojan.rules)
2840993 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 4) (trojan.rules)
2840994 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 5) (trojan.rules)
2840995 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 6) (trojan.rules)
2840996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 7) (trojan.rules)
2840997 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 8) (trojan.rules)
2840998 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 9) (trojan.rules)
2840999 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 10) (trojan.rules)
2841000 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 11) (trojan.rules)
2841001 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-12 12) (trojan.rules)
2841002 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-02-12 (current_events.rules)
2841003 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-02-12 (current_events.rules)
2841004 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-02-12 (current_events.rules)
2841005 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-12 (current_events.rules)
2841006 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-02-12 (current_events.rules)
2841007 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2020-02-12 (current_events.rules)
2841008 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-02-12 (current_events.rules)
2841009 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-02-12 (current_events.rules)
2841010 - ETPRO CURRENT_EVENTS Successful Citi Phish 2020-02-12 (current_events.rules)
2841011 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-02-12 (current_events.rules)
2841012 - ETPRO CURRENT_EVENTS Successful Visa Phish 2020-02-12 (current_events.rules)
2841013 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2841014 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2841015 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules)
2841016 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2841017 - ETPRO TROJAN Win32/Spy.Pavica.FD Variant Checkin (trojan.rules)
2841018 - ETPRO TROJAN Win32/NewMoonlight Malicious Email Spam - Template 1 Active (Outbound) (trojan.rules)
[///] Modified active rules: [///]
2814937 - ETPRO TROJAN Trojan/Win32.Scar Conn Check (trojan.rules)
2814996 - ETPRO TROJAN Win32/Spy.VB.OBX Checkin (trojan.rules)
2815039 - ETPRO TROJAN NewCT2 CnC Beacon (trojan.rules)
2815180 - ETPRO CURRENT_EVENTS Nuclear EK Landing URI struct Dec 03 2015 M1 (current_events.rules)
2815198 - ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to EK Dec 03 2015 M2 (current_events.rules)
2822458 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phishing Oct 06 2016 (current_events.rules)
2822459 - ETPRO CURRENT_EVENTS Successful Dynamic Folder FreeMobile (FR) Phishing Oct 07 2016 (current_events.rules)
2822485 - ETPRO TROJAN Automated Tor EXE Download Possibly Raum Trojan (trojan.rules)
2822522 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Oct 10 2016 (current_events.rules)
2822523 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Oct 10 2016 (current_events.rules)
2822647 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 14 2016 (current_events.rules)
2825129 - ETPRO TROJAN Carbanak VBS/GGLDR v2 Checkin (trojan.rules)
2825196 - ETPRO TROJAN Win64/Agent.GR CnC Beacon (trojan.rules)
2826000 - ETPRO MOBILE_MALWARE Android/HiddenApp.BF CnC Beacon (mobile_malware.rules)
2826043 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Apr 20 2017 (current_events.rules)
2826123 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Install Activity (trojan.rules)
2826148 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.o Contact Exfil (mobile_malware.rules)
2830308 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dm Checkin 3 (mobile_malware.rules)
2830765 - ETPRO MOBILE_MALWARE Android/Clicker.JV CnC Beacon (mobile_malware.rules)
2833623 - ETPRO TROJAN W32.HTTP.Stager Checkin M1 (trojan.rules)
2834335 - ETPRO TROJAN AZORult CnC Beacon M3 (trojan.rules)
2835751 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.ms Checkin (mobile_malware.rules)
2837686 - ETPRO MALWARE Win32/Adware.Zzinfor.U Retrieving Payload Details (malware.rules)
2837751 - ETPRO MALWARE Win32/Adposhel Adware Activity (malware.rules)
2837832 - ETPRO CURRENT_EVENTS Successful Geneneric Credit Card Information Phish 2019-08-02 (current_events.rules)
2837863 - ETPRO CURRENT_EVENTS Successful TalkTalk Phish 2019-08-05 (current_events.rules)
2838096 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-08-20 (current_events.rules)
2838314 - ETPRO TROJAN Trickbot CnC Activity - Account (trojan.rules)
2838315 - ETPRO TROJAN Trickbot CnC Activity - Executable Path (trojan.rules)
2838316 - ETPRO TROJAN Trickbot CnC Activity - NAT Status (trojan.rules)
2839701 - ETPRO MOBILE_MALWARE Android/TrojanSMS.FakeInst.RA Checkin (mobile_malware.rules)
2840014 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19 (current_events.rules)
2840072 - ETPRO TROJAN Docxer CnC Initial Checkin (trojan.rules)
2840073 - ETPRO TROJAN Docxer CnC Heartbeat (trojan.rules)
2840081 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAK Checkin (mobile_malware.rules)
2840082 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAK Contact Exfil (mobile_malware.rules)
2840212 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2020-01-02 (current_events.rules)
2840608 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2020-01-23 (current_events.rules)
2840986 - ETPRO TROJAN Win32/BroomFury Malicious Email Spam - Template 1 Active M1 (Outbound) (trojan.rules)
2840987 - ETPRO TROJAN Win32/BroomFury Malicious Email Spam - Template 1 Active M2 (Outbound) (trojan.rules)
[---] Disabled and modified rules: [---]
2814766 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M3 (current_events.rules)
2814767 - ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M4 (current_events.rules)
2815122 - ETPRO CURRENT_EVENTS Malicious Redirect Leading to EK Nov 28 2015 (current_events.rules)
2815178 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Pyrof.a Checkin (mobile_malware.rules)
2815214 - ETPRO CURRENT_EVENTS Possible Nuclear EK Payload Dec 06 2015 (current_events.rules)
2822643 - ETPRO CURRENT_EVENTS Successful Outlook Phish Oct 14 2016 (current_events.rules)
2825295 - ETPRO TROJAN MSIL/Neptune Reporting System Information (trojan.rules)
[---] Disabled rules: [---]
2814970 - ETPRO TROJAN Variant.Barys.5471 (B) Checkin (trojan.rules)
2815216 - ETPRO TROJAN Unknown CnC Checkin (trojan.rules)
2815282 - ETPRO MALWARE W32/Unk Reporting PUP Installs (malware.rules)