[***]            Summary:            [***]

16 new Open, 44 new Pro (16 + 28).  AZORult, Netwire, CVE-2020-0618, Cobalt Strike, Various Phish.

Thanks @401TRG

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029476 - ET EXPLOIT Possible Microsoft SQL RCE Attempt (CVE-2020-0618) (exploit.rules)
2029477 - ET TROJAN Netwire RAT Check-in (set) (trojan.rules)
2029478 - ET TROJAN Possible NK APT SLICKSHOES Host Checkin (trojan.rules)
2029479 - ET TROJAN Win32/AZORult V3.2 Client Checkin M16 (trojan.rules)
2029480 - ET TROJAN Win32/AZORult V3.2 Client Checkin M17 (trojan.rules)
2029481 - ET TROJAN Win32/AZORult V3.2 Client Checkin M18 (trojan.rules)
2029482 - ET TROJAN Win32/AZORult V3.3 Client Checkin M16 (trojan.rules)
2029483 - ET TROJAN Win32/AZORult V3.3 Client Checkin M17 (trojan.rules)
2029484 - ET TROJAN Win32/AZORult V3.3 Client Checkin M18 (trojan.rules)
2029485 - ET TROJAN Win32/AZORult V3.2 Client Checkin M19 (trojan.rules)
2029486 - ET TROJAN Win32/AZORult V3.2 Client Checkin M20 (trojan.rules)
2029487 - ET TROJAN Win32/AZORult V3.2 Client Checkin M21 (trojan.rules)
2029488 - ET TROJAN Win32/AZORult V3.3 Client Checkin M19 (trojan.rules)
2029489 - ET TROJAN Win32/AZORult V3.3 Client Checkin M20 (trojan.rules)
2029490 - ET TROJAN Win32/AZORult V3.3 Client Checkin M21 (trojan.rules)
2029491 - ET TROJAN Malicious SSL Certificate detected (Cobalt Strike CnC) (trojan.rules)

Pro:

2841073 - ETPRO TROJAN Win32/Spy.KeyLogger.QKA CnC Exfil (trojan.rules)
2841074 - ETPRO TROJAN Unrecom Style External IP Check (trojan.rules)
2841075 - ETPRO TROJAN Terse Request to paste .ee - Possible Download (trojan.rules)
2841076 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2841078 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-18 1) (trojan.rules)
2841079 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-18 2) (trojan.rules)
2841080 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-02-18 3) (trojan.rules)
2841081 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-18 (current_events.rules)
2841082 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-02-18 (current_events.rules)
2841083 - ETPRO CURRENT_EVENTS Successful WeChat Phish 2020-02-18 (current_events.rules)
2841084 - ETPRO CURRENT_EVENTS Successful Plenty of Fish Phish 2020-02-18 (current_events.rules)
2841085 - ETPRO CURRENT_EVENTS Successful ING Phish 2020-02-18 (current_events.rules)
2841086 - ETPRO CURRENT_EVENTS Successful ING Phish 2020-02-18 (current_events.rules)
2841087 - ETPRO CURRENT_EVENTS Successful Generic Invoice Phish 2020-02-18 (current_events.rules)
2841088 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish 2020-02-18 (current_events.rules)
2841089 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish 2020-02-18 (current_events.rules)
2841090 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-02-18 (current_events.rules)
2841091 - ETPRO CURRENT_EVENTS Successful Unicredit Bank Phish 2020-02-18 (current_events.rules)
2841092 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-02-18 (current_events.rules)
2841093 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-02-18 (current_events.rules)
2841094 - ETPRO CURRENT_EVENTS Successful Banco de Oro Phish 2020-02-18 (current_events.rules)
2841095 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-02-18 (current_events.rules)
2841096 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-02-18 (current_events.rules)
2841097 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-02-18 (current_events.rules)
2841098 - ETPRO CURRENT_EVENTS Fallout EK Redirector Domain TLS SNI (current_events.rules)
2841099 - ETPRO CURRENT_EVENTS Fallout EK Redirector Domain Malicious SSL Cert  (current_events.rules)

[///]     Modified active rules:     [///]

2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2022803 - ET INFO Flowbit set for POST to Quicken Updater (info.rules)
2022841 - ET CURRENT_EVENTS Possible ReactorBot .bin Download (current_events.rules)
2022952 - ET TROJAN Ransomware Locky CnC Beacon 21 May (trojan.rules)
2023966 - ET TROJAN CozyCar V2 CnC Beacon (trojan.rules)
2024015 - ET CURRENT_EVENTS Successful Orderlink (IN) Phish Feb 24 2017 (current_events.rules)
2024306 - ET TROJAN MWI Maldoc Load Payload (trojan.rules)
2024307 - ET TROJAN MWI Maldoc Posting Host Data (trojan.rules)
2024338 - ET TROJAN Observed GET Request to Jaff Domain (orhangazitur . com) (trojan.rules)
2024340 - ET TROJAN Jaff Ransomware Checkin (trojan.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2027695 - ET POLICY Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI) (policy.rules)
2028867 - ET POLICY Vulnerable Java Version 11.0.x Detected (policy.rules)
2028869 - ET POLICY Vulnerable Java Version 13.0.x Detected (policy.rules)

[---]         Removed rules:         [---]

2837545 - ETPRO TROJAN Netwire RAT Check-in (set) (trojan.rules)

Date:
Summary title:
16 new Open, 44 new Pro (16 + 28). AZORult, Netwire, CVE-2020-0618, Cobalt Strike, Various Phish.