[***] Summary: [***]
5 new Open, 22 new Pro (5 + 17). Higaisa CnC, SandCat, Cobalt Strike,
Presenoker, Various Phish.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029639 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2029640 - ET TROJAN Higaisa CnC Activity (trojan.rules)
2029641 - ET TROJAN Win32/Unk.Joia CnC Activity (trojan.rules)
2029642 - ET TROJAN Observed Malicious SSL Cert (Win32/SandCat CnC)
(trojan.rules)
2029643 - ET TROJAN Win32/SandCat CnC Checkin (trojan.rules)
Pro:
2841535 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-17 1) (trojan.rules)
2841536 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-17 2) (trojan.rules)
2841537 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-17 3) (trojan.rules)
2841538 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-17 4) (trojan.rules)
2841539 - ETPRO CURRENT_EVENTS Successful Bancolumbia Phish 2020-03-17
(current_events.rules)
2841540 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish
2020-03-17 (current_events.rules)
2841541 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-17
(current_events.rules)
2841542 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-17
(current_events.rules)
2841543 - ETPRO CURRENT_EVENTS Successful Generic BR Bank Phish
2020-03-17 (current_events.rules)
2841544 - ETPRO CURRENT_EVENTS Successful Amazon JP Phish 2020-03-17
(current_events.rules)
2841545 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2020-03-17
(current_events.rules)
2841546 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-17
(current_events.rules)
2841547 - ETPRO CURRENT_EVENTS Successful Square Phish 2020-03-17
(current_events.rules)
2841548 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-03-17
(current_events.rules)
2841549 - ETPRO CURRENT_EVENTS Successful Standard Bank Online Phish
2020-03-17 (current_events.rules)
2841550 - ETPRO TROJAN Win32/Presenoker CnC Checkin (trojan.rules)
2841551 - ETPRO MALWARE Win32/Presenoker Requesting Batch File M10
(malware.rules)
[///] Modified active rules: [///]
2806943 - ETPRO TROJAN Win32/Nefyn.A POST (trojan.rules)
2808472 - ETPRO TROJAN PWS-Banker!dg Callback (trojan.rules)
2808570 - ETPRO TROJAN Win32.Sisron.B Checkin 2 (trojan.rules)
2809407 - ETPRO MALWARE Win32.SkySTools.A Checkin (malware.rules)
2809576 - ETPRO EXPLOIT Arris Cable Modem Backdoor Cookie 2
(exploit.rules)
2809652 - ETPRO TROJAN Chthonic Bot CnC Beacon 1 (trojan.rules)
2834683 - ETPRO TROJAN Possible Danabot CnC Checkin Request (flowbit set)
(trojan.rules)
[---] Disabled rules: [---]
2808285 - ETPRO TROJAN Win32.Tooka.a Checkin (trojan.rules)