[***] Summary: [***]
5 new Open, 40 new Pro (5 + 35). MZRevenge, Polaris Botnet, Various
Reversed Strings, Various Phish.
Tks @PTSecurity
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029634 - ET INFO Suspected Malicious Telegram Communication (POST)
(info.rules)
2029644 - ET MALWARE [PTsecurity] MZRevenge Ransomware Server Response
(malware.rules)
2029645 - ET SCAN Polaris Botnet User-Agent (Inbound) (scan.rules)
2029646 - ET TROJAN Polaris Botnet User-Agent (Outbound) (trojan.rules)
2029647 - ET TROJAN MZRevenge Ransomware CnC (trojan.rules)
Pro:
2841555 - ETPRO INFO Observed Suspicious Reversed String Inbound
(DeleteFile) (info.rules)
2841556 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(obshell.run) (trojan.rules)
2841557 - ETPRO INFO Observed Suspicious Reversed String Inbound
(objFile.Write) (info.rules)
2841558 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(Winmgmts:/) (trojan.rules)
2841559 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(cmd.exe /C) (trojan.rules)
2841560 - ETPRO INFO Observed Suspicious Reversed String Inbound
(CreateTextFile) (info.rules)
2841561 - ETPRO INFO Observed Suspicious Reversed String Inbound
(FileSystemObject) (info.rules)
2841562 - ETPRO INFO Observed Suspicious Reversed String Inbound
(ExpandEnvironmentStrings) (info.rules)
2841563 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(Wscript.Shell) (trojan.rules)
2841564 - ETPRO INFO Observed Suspicious Reversed String Inbound
(ProgramData) (info.rules)
2841565 - ETPRO INFO Observed Suspicious Reversed String Inbound
(Microsoft) (info.rules)
2841566 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(WScript.CreateObject) (trojan.rules)
2841567 - ETPRO INFO Observed Suspicious Reversed String Inbound
(Scripting.FileSystemObject) (info.rules)
2841568 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(Shell.Application) (trojan.rules)
2841569 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(objWMIService.ExecQuery) (trojan.rules)
2841570 - ETPRO INFO Observed Suspicious Reversed String Inbound
(StrReverse) (info.rules)
2841571 - ETPRO INFO Observed Suspicious Reversed String Inbound
(Microsoft.XMLHTTP) (info.rules)
2841572 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-18 1) (trojan.rules)
2841573 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-18 2) (trojan.rules)
2841574 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-03-18 (current_events.rules)
2841575 - ETPRO CURRENT_EVENTS Successful Whatsapp Phish 2020-03-18
(current_events.rules)
2841576 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-03-18 (current_events.rules)
2841577 - ETPRO CURRENT_EVENTS Successful DCU Phish 2020-03-18
(current_events.rules)
2841578 - ETPRO CURRENT_EVENTS Successful DCU Phish 2020-03-18
(current_events.rules)
2841579 - ETPRO CURRENT_EVENTS Successful DCU Phish 2020-03-18
(current_events.rules)
2841580 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-03-18
(current_events.rules)
2841581 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-18
(current_events.rules)
2841582 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2020-03-18
(current_events.rules)
2841583 - ETPRO CURRENT_EVENTS Successful Telekom/Tmobile Phish
2020-03-18 (current_events.rules)
2841584 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2020-03-18
(current_events.rules)
2841585 - ETPRO CURRENT_EVENTS Successful NAB Phish 2020-03-18
(current_events.rules)
2841586 - ETPRO CURRENT_EVENTS Successful ING Phish 2020-03-18
(current_events.rules)
2841587 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2020-03-18
(current_events.rules)
2841588 - ETPRO TROJAN Fake Teamviewer CnC Host Checkin (trojan.rules)
2841592 - ETPRO TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
[///] Modified active rules: [///]
2829455 - ETPRO MOBILE_MALWARE Android/Agent.IW SMS Exfil
(mobile_malware.rules)
2829588 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.TF Checkin
(mobile_malware.rules)
2829886 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Dnotua.olg Checkin
(mobile_malware.rules)
2829888 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.cx Checkin
(mobile_malware.rules)
2829899 - ETPRO MOBILE_MALWARE SMS-Flooder.AndroidOS.Agent.l CnC Beacon
(mobile_malware.rules)
2830033 - ETPRO TROJAN Win32/Agent.xxxyeb Connectivity Check
(trojan.rules)
2830040 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BHH Checkin
(mobile_malware.rules)
2830045 - ETPRO MOBILE_MALWARE Android/Inmobi.D Checkin 2
(mobile_malware.rules)
2830078 - ETPRO POLICY Android Bitcoin Wallet CnC Beacon (policy.rules)
2830249 - ETPRO TROJAN MSIL/SocketPlayer RAT Receiving Screenshot Command
(trojan.rules)
2830303 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.w Checkin
(mobile_malware.rules)
2830305 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.PN Checkin
(mobile_malware.rules)
2830307 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dm Checkin 2
(mobile_malware.rules)
2830513 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven Device Info
Exfil (mobile_malware.rules)
2830515 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven Location Exfil
(mobile_malware.rules)
2830516 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven SMS Exfil
(mobile_malware.rules)
2830535 - ETPRO MOBILE_MALWARE Android Trojan-Spy Simpkol Call Log Exfil
(mobile_malware.rules)
2830686 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ZooPark Checkin
(mobile_malware.rules)
2830727 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Wifle.A CallLog/SMS Exfil
(mobile_malware.rules)
2830868 - ETPRO MOBILE_MALWARE Android/Monitor.SpyHuman Checkin
(mobile_malware.rules)
2830870 - ETPRO MOBILE_MALWARE Android-Trojan/Downloader.907ce CnC Beacon
(mobile_malware.rules)
2830925 - ETPRO WEB_CLIENT Tech Support Phone Scam Landing M1 - May 20
2018 (web_client.rules)
2830996 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.pf CnC Beacon
(mobile_malware.rules)
[---] Removed rules: [---]
2029634 - ET TROJAN Suspected Malicious Telegram Communication (POST)
(trojan.rules)