[***] Summary: [***]
47 Open, 72 Pro (47 + 25). Get2 CnC, Kimsuky, Remcos, Various Phish.
42 Phishing rules were migrated from PRO to OPEN to improve community
detection of scams exploiting the COVID-19 outbreak.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2029648 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2029649 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2029650 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2029651 - ET TROJAN Observed Malicious SSL Cert (Get2 CnC) (trojan.rules)
2029652 - ET CURRENT_EVENTS Possible Successful Generic Phish Aug 31 2015
(current_events.rules)
2029653 - ET CURRENT_EVENTS Successful DHL Account Phish 2015-11-03
(current_events.rules)
2029654 - ET CURRENT_EVENTS Successful DHL Phish 2015-09-14
(current_events.rules)
2029655 - ET CURRENT_EVENTS Successful Mailbox Update Phish 2016-02-17
(current_events.rules)
2029656 - ET CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M2 (current_events.rules)
2029657 - ET CURRENT_EVENTS Successful Generic Phish (302) 2016-12-16
(current_events.rules)
2029658 - ET CURRENT_EVENTS Microsoft Office Phishing Landing 2016-12-18
(current_events.rules)
2029659 - ET CURRENT_EVENTS Successful DHL Phish (Meta HTTP-Equiv
Refresh) 2017-02-08 (current_events.rules)
2029660 - ET CURRENT_EVENTS Successful Generic Phish - Fake Loading Page
2017-08-03 (current_events.rules)
2029661 - ET CURRENT_EVENTS Successful Facebook Mobile Phish 2017-08-15
(current_events.rules)
2029662 - ET CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017
(current_events.rules)
2029663 - ET CURRENT_EVENTS Successful OX App Suite Phish 2017-10-12
(current_events.rules)
2029664 - ET CURRENT_EVENTS Successful Generic 000webhostapp.com Phish
2017-10-27 (current_events.rules)
2029665 - ET CURRENT_EVENTS Successful Facebook Phish 2018-01-26
(current_events.rules)
2029666 - ET CURRENT_EVENTS Successful Generic Personalized Phish
2018-09-27 M2 (current_events.rules)
2029667 - ET CURRENT_EVENTS Successful Fedex/DHL Phish 2018-10-22
(current_events.rules)
2029668 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-29
(current_events.rules)
2029669 - ET CURRENT_EVENTS Successful Generic Personalized Phish
2019-02-13 (current_events.rules)
2029670 - ET CURRENT_EVENTS Successful Generic Mailbox Phish 2019-03-07
(current_events.rules)
2029671 - ET CURRENT_EVENTS Successful Generic Personalized Phish
2019-03-11 (current_events.rules)
2029672 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-12
(current_events.rules)
2029673 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-26
(current_events.rules)
2029674 - ET CURRENT_EVENTS Successful Interac Phish 2019-05-15
(current_events.rules)
2029675 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-06-04 (current_events.rules)
2029676 - ET CURRENT_EVENTS Successful Geneneric Credit Card Information
Phish 2019-08-02 (current_events.rules)
2029677 - ET CURRENT_EVENTS Successful Facebook Phish 2019-08-29
(current_events.rules)
2029678 - ET CURRENT_EVENTS Successful Facebook Phish 2019-08-29
(current_events.rules)
2029679 - ET CURRENT_EVENTS Successful DHL Phish 2019-10-18
(current_events.rules)
2029680 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-04 (current_events.rules)
2029681 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2019-11-06
(current_events.rules)
2029682 - ET CURRENT_EVENTS Successful Apple Phish 2019-12-18
(current_events.rules)
2029683 - ET CURRENT_EVENTS Successful Facebook Phish 2020-01-10
(current_events.rules)
2029684 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-27 (current_events.rules)
2029685 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2029686 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2029687 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2029688 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2029689 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2029690 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2029691 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-25 (current_events.rules)
2029692 - ET CURRENT_EVENTS Successful Microsoft Office Phish 2020-02-26
(current_events.rules)
2029693 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2020-03-04
(current_events.rules)
2029694 - ET POLICY External IP Lookup (api .ipstack .com) (policy.rules)
Pro:
2841593 - ETPRO TROJAN Win32/Unk.Rewbar CnC Checkin (trojan.rules)
2841594 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2841595 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-19 1) (trojan.rules)
2841596 - ETPRO CURRENT_EVENTS Successful Personalized Adobe Phish
2020-03-19 (current_events.rules)
2841597 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-03-19
(current_events.rules)
2841598 - ETPRO CURRENT_EVENTS Successful Alimail Enterprise Phish
2020-03-19 (current_events.rules)
2841599 - ETPRO CURRENT_EVENTS Successful Shared Excel Document Phish
2020-03-19 (current_events.rules)
2841600 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-03-19
(current_events.rules)
2841601 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-19
(current_events.rules)
2841602 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-19
(current_events.rules)
2841603 - ETPRO CURRENT_EVENTS Successful Amazon Web Services Phish
2020-03-19 (current_events.rules)
2841604 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-03-19
(current_events.rules)
2841605 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-03-19
(current_events.rules)
2841606 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-19
(current_events.rules)
2841607 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-19
(current_events.rules)
2841608 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-19
(current_events.rules)
2841609 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-03-19
(current_events.rules)
2841610 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-03-19
(current_events.rules)
2841611 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-03-19
(current_events.rules)
2841612 - ETPRO CURRENT_EVENTS Successful Indeed Phish 2020-03-19
(current_events.rules)
2841613 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-19
(current_events.rules)
2841614 - ETPRO TROJAN W32/Oulif CnC Host Checkin (trojan.rules)
2841615 - ETPRO MALWARE Win32/InstallCore Requesting Affiliate Install
(malware.rules)
2841616 - ETPRO TROJAN Python Kimsuky Payload - CnC Checkin (trojan.rules)
2841617 - ETPRO TROJAN Win32/Remcos RAT Checkin 367 (trojan.rules)
[///] Modified active rules: [///]
2020728 - ET TROJAN Possible Adwind/jSocket SSL Cert (assylias.Inc)
(trojan.rules)
2029623 - ET TROJAN VBS/TrojanDownloader.Agent.SEB Checkin (trojan.rules)
2029624 - ET TROJAN VBS/TrojanDownloader.Agent.SEB Keep-Alive
(trojan.rules)
2029625 - ET TROJAN VBS/TrojanDownloader.Agent.SEB Reporting Network Info
(trojan.rules)
2809797 - ETPRO WEB_SPECIFIC_APPS WP Video Gallery 2.7 SQLi Attempt
(web_specific_apps.rules)
2809946 - ETPRO TROJAN Win32/Unruy.C Possible Click Fraud (trojan.rules)
2810007 - ETPRO TROJAN Win32/Bagfi Variant Checkin (trojan.rules)
2810055 - ETPRO TROJAN Sharik/Smoke Loader CnC Beacon Response
(trojan.rules)
2810084 - ETPRO TROJAN Win32.Androm.gljb Trojan Checkin (trojan.rules)
2831526 - ETPRO TROJAN W32.Unk.Stealer Checkin M2 (trojan.rules)
2841453 - ETPRO EXPLOIT Possible SMBv3 Exploitation Attempt
(CVE-2020-0796) (exploit.rules)
[---] Removed rules: [---]
2812824 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Aug 31
2015 (current_events.rules)
2812877 - ETPRO CURRENT_EVENTS Successful DHL Account Phish Sept 3
(current_events.rules)
2813010 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 14 2015
(current_events.rules)
2816284 - ETPRO CURRENT_EVENTS Successful Mailbox Update Phish Feb 17 M1
(current_events.rules)
2820695 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M2 (current_events.rules)
2823937 - ETPRO CURRENT_EVENTS Successful Generic Phish (302) Dec 16 2016
(current_events.rules)
2823945 - ETPRO CURRENT_EVENTS Microsoft Office Phishing Landing Dec 18
2016 (current_events.rules)
2824861 - ETPRO CURRENT_EVENTS Successful DHL Phish (Meta HTTP-Equiv
Refresh) Feb 08 2017 (current_events.rules)
2827386 - ETPRO CURRENT_EVENTS Successful Generic Phish - Fake Loading
Page Aug 03 2017 (current_events.rules)
2827540 - ETPRO CURRENT_EVENTS Successful Facebook Mobile Phish Aug 15
2017 (current_events.rules)
2827572 - ETPRO CURRENT_EVENTS Successful Generic .EDU Phish Aug 17 2017
(current_events.rules)
2828256 - ETPRO CURRENT_EVENTS Successful OX App Suite Phish Oct 12 2017
(current_events.rules)
2828454 - ETPRO CURRENT_EVENTS Successful Generic 000webhostapp.com Phish
Oct 27 2017 (current_events.rules)
2829449 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2018-01-26
(current_events.rules)
2832842 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2018-09-27 M2 (current_events.rules)
2833236 - ETPRO CURRENT_EVENTS Successful Fedex/DHL Phish 2018-10-22
(current_events.rules)
2834639 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-01-29 (current_events.rules)
2834876 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2019-02-13 (current_events.rules)
2835234 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Phish
2019-03-07 (current_events.rules)
2835277 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2019-03-11 (current_events.rules)
2835843 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-12
(current_events.rules)
2836081 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-04-26
(current_events.rules)
2836324 - ETPRO CURRENT_EVENTS Successful Interac Phish 2019-05-15
(current_events.rules)
2836642 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-06-04 (current_events.rules)
2837832 - ETPRO CURRENT_EVENTS Successful Geneneric Credit Card
Information Phish 2019-08-02 (current_events.rules)
2838222 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-08-29
(current_events.rules)
2838224 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-08-29
(current_events.rules)
2838997 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-10-18
(current_events.rules)
2839214 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-11-04 (current_events.rules)
2839244 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-06 (current_events.rules)
2839993 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-18
(current_events.rules)
2840371 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-10
(current_events.rules)
2840672 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-27 (current_events.rules)
2841146 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2841149 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2841151 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2841152 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2841153 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2841154 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2841155 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-21 (current_events.rules)
2841197 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-02-25 (current_events.rules)
2841225 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish
2020-02-26 (current_events.rules)
2841347 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-03-04 (current_events.rules)