[***] Summary: [***]
4 new Open, 20 new Pro (4 + 16). CVE-2020-0796, Win32/DiamondFox
Variant, Various SSL/TLS, Various Phish, Others.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029602 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2029603 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2029604 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2029605 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
Pro:
2841440 - ETPRO TROJAN Win32/DiamondFox Variant CnC Checkin (trojan.rules)
2841441 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 1) (trojan.rules)
2841442 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 2) (trojan.rules)
2841443 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 3) (trojan.rules)
2841444 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 4) (trojan.rules)
2841445 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 5) (trojan.rules)
2841446 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-10 6) (trojan.rules)
2841447 - ETPRO CURRENT_EVENTS Successful Xiaomi Cloud Phish 2020-03-10
(current_events.rules)
2841448 - ETPRO CURRENT_EVENTS Successful Virgin Mobile Account Phish
2020-03-10 (current_events.rules)
2841449 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-03-10 (current_events.rules)
2841450 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-03-10 (current_events.rules)
2841451 - ETPRO CURRENT_EVENTS Successful Generic Webapp Phish 2020-03-10
(current_events.rules)
2841452 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-03-10
(current_events.rules)
2841453 - ETPRO EXPLOIT Possible SMBv3 Exploitation Attempt
(CVE-2020-0796) (exploit.rules)
2841454 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2841455 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
[///] Modified active rules: [///]
2015471 - ET WEB_SPECIFIC_APPS joomla com_edir controller parameter Local
File Inclusion vulnerability (web_specific_apps.rules)
2029594 - ET TROJAN Observed Malicious SSL Cert (MonetizUs/LNKR)
(trojan.rules)
2029595 - ET TROJAN Observed Malicious SSL Cert (MonetizUs/LNKR)
(trojan.rules)
2826327 - ETPRO TROJAN W32/Emotet Empty CnC Beacon (trojan.rules)
2826342 - ETPRO TROJAN MSIL/Agent.AUK CnC Checkin (trojan.rules)
2826362 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 6
(mobile_malware.rules)
2826431 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ay SMS Exfil
3 (mobile_malware.rules)
2826455 - ETPRO MOBILE_MALWARE Android/Agent.AKX Checkin
(mobile_malware.rules)
2826461 - ETPRO TROJAN MSIL/ClipBanker.BX CnC Checkin (trojan.rules)
2826479 - ETPRO MOBILE_MALWARE Android.Trojan.Agent.GE Checkin
(mobile_malware.rules)
2826484 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.hh SMS Exfil
(mobile_malware.rules)
2826505 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 7
(mobile_malware.rules)
2826506 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 8
(mobile_malware.rules)
2826511 - ETPRO MOBILE_MALWARE Unknown Android Loader CnC Beacon
(mobile_malware.rules)
2826515 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.PP CnC Beacon
(mobile_malware.rules)
2826529 - ETPRO MOBILE_MALWARE Android/Agent.LK CnC Beacon 2
(mobile_malware.rules)
2826562 - ETPRO TROJAN Hidden-Tear Ransomware Variant CnC Checkin
(trojan.rules)
2826598 - ETPRO TROJAN ROKRAT Checkin (trojan.rules)
2826599 - ETPRO TROJAN ROKRAT Checkin 2 (trojan.rules)
[---] Removed rules: [---]
2029592 - ET INFO MonetizeUs Outbound Activity Observed M1 (info.rules)
2029593 - ET INFO MonetizeUs Outbound Activity Observed M2 (info.rules)