[***]            Summary:            [***]

  13 new Open, 35 new Pro (13 + 22).  LNKR, TSCookie, RedLine, Various
SSL/TLS, Various Phish, Others.

  Thanks @JAMESWT_MHT.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2029587 - ET TROJAN BlackTech ELF/TSCookie CnC Observed in DNS Query
(trojan.rules)
  2029588 - ET TROJAN Win32/LODEINFO CnC Checkin (trojan.rules)
  2029589 - ET INFO Generic IOT Downloader Malware in GET (Outbound)
(info.rules)
  2029590 - ET INFO Generic IOT Downloader Malware in GET (Inbound)
(info.rules)
  2029591 - ET TROJAN Inbound MonetizeUs/LNKR Struct (trojan.rules)
  2029592 - ET INFO MonetizeUs Outbound Activity Observed M1 (info.rules)
  2029593 - ET INFO MonetizeUs Outbound Activity Observed M2 (info.rules)
  2029594 - ET TROJAN Observed Malicious SSL Cert (MonetizeUs/LNKR)
(trojan.rules)
  2029595 - ET TROJAN Observed Malicious SSL Cert (MonetizeUs/LNKR)
(trojan.rules)
  2029596 - ET TROJAN Observed Malicious SSL Cert (MalDoc 2020-03-09)
(trojan.rules)
  2029597 - ET TROJAN Observed JS/Skimmer (likely Magecart) CnC Domain in
DNS Lookup (trojan.rules)
  2029598 - ET TROJAN Observed JS/Skimmer (likely Magecart) Domain
(imprintcenter .com in TLS SNI) (trojan.rules)
  2029599 - ET POLICY Mattermost API Usage (policy.rules)

Pro:

  2841418 - ETPRO TROJAN Win32/DiamondFox POSTing FTP Data (trojan.rules)
  2841419 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-06 1) (trojan.rules)
  2841420 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-06 2) (trojan.rules)
  2841421 - ETPRO CURRENT_EVENTS Successful Personalized Microsoft Account
Phish 2020-03-09 (current_events.rules)
  2841422 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-03-09
(current_events.rules)
  2841423 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-03-09
(current_events.rules)
  2841424 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-03-09 (current_events.rules)
  2841425 - ETPRO CURRENT_EVENTS Successful Generic Phish Redirect to
Google Drive 2020-03-09 (current_events.rules)
  2841426 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2841427 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2841428 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-09 (current_events.rules)
  2841429 - ETPRO TROJAN MSIL/Spy.Small.EU Variant Host Checkin
(trojan.rules)
  2841430 - ETPRO TROJAN MSIL/Spy.Small.EU Variant Module Download
(trojan.rules)
  2841431 - ETPRO TROJAN MSIL/Spy.Small.EU Variant Data Exfiltration
(trojan.rules)
  2841432 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-09 (current_events.rules)
  2841433 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-09 (current_events.rules)
  2841434 - ETPRO CURRENT_EVENTS Successful Whatsapp Phish 2020-03-09
(current_events.rules)
  2841435 - ETPRO TROJAN RedLine - GetSettings Request (trojan.rules)
  2841436 - ETPRO TROJAN RedLine - GetSettings Repsone (trojan.rules)
  2841437 - ETPRO TROJAN RedLine - GetTasks Repsone (trojan.rules)
  2841438 - ETPRO TROJAN Win32/Remcos RAT Checkin 362 (trojan.rules)
  2841439 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

  2015547 - ET TROJAN Pakes2 - EXE Download Request (trojan.rules)
  2015625 - ET WEB_SERVER Magento XMLRPC-Exploit Attempt (web_server.rules)
  2016175 - ET EXPLOIT Possible CVE-2013-0156 Ruby On Rails XML POST to
Disallowed Type YAML (exploit.rules)
  2016176 - ET EXPLOIT Possible CVE-2013-0156 Ruby On Rails XML POST to
Disallowed Type SYMBOL (exploit.rules)
  2016434 - ET TROJAN Win32/COOKIEBAG Cookie APT1 Related (trojan.rules)
  2016573 - ET TROJAN APT_NGO_wuaclt (trojan.rules)
  2016759 - ET TROJAN Win32/Redyms.A Checkin (trojan.rules)
  2016764 - ET CURRENT_EVENTS GrandSoft PDF Payload Download
(current_events.rules)
  2016869 - ET CURRENT_EVENTS FlimKit Post Exploit Payload Download
(current_events.rules)
  2016939 - ET TROJAN Variant.Kazy.174106 Checkin (trojan.rules)
  2016991 - ET TROJAN Alina Server Response Code (trojan.rules)
  2017074 - ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File
Upload (web_specific_apps.rules)
  2017131 - ET EXPLOIT Potential Internet Explorer Use After Free
CVE-2013-3163 Exploit URI Struct 1 (exploit.rules)
  2017261 - ET TROJAN SmokeLoader Checkin (trojan.rules)
  2017573 - ET WEB_SPECIFIC_APPS Possible JBoss/JMX InvokerServlet RCE
Using Marshalled Object (web_specific_apps.rules)
  2017574 - ET WEB_SPECIFIC_APPS Possible JBoss/JMX EJBInvokerServlet RCE
Using Marshalled Object (web_specific_apps.rules)
  2018052 - ET CURRENT_EVENTS Zbot Generic URI/Header Struct .bin
(current_events.rules)
  2826254 - ETPRO TROJAN Custom Cobalt Strike Beacon UA (trojan.rules)
  2826255 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.pac CnC
Beacon (mobile_malware.rules)
  2826320 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 2
(mobile_malware.rules)
  2826321 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 3
(mobile_malware.rules)
  2826323 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 4
(mobile_malware.rules)
  2826326 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot CnC Beacon
(mobile_malware.rules)
  2841160 - ETPRO TROJAN RedLine - CnC Activity (trojan.rules)

Date:
Summary title:
13 new Open, 35 new Pro (13 + 22). LNKR, TSCookie, RedLine, Various SSL/TLS, Various Phish, Others.