[***] Summary: [***]
5 new Open, 30 new Pro (5 + 25). Win32/RaaLoader CnC, TROJAN Win32/Milum
CnC, Linksys WRT54G Command Injection, Various Phishing.
Thanks @nstarke
[+++] Added rules: [+++]
Open:
2029730 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
2029731 - ET TROJAN Win32/RaaLoader CnC Activity (trojan.rules)
2029732 - ET CURRENT_EVENTS Common Unhidebody Function Observed in
Phishing Landing (current_events.rules)
2029733 - ET WEB_CLIENT Microsoft Tech Support Scam 2020-03-24
(web_client.rules)
2029734 - ET EXPLOIT Linksys WRT54G Version 3.1 Command Injection Attempt
(exploit.rules)
Pro:
2841676 - ETPRO TROJAN Win32/Cobalt Strike CnC Activity (OCSP Spoof)
(trojan.rules)
2841677 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-24 1) (trojan.rules)
2841678 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-24 2) (trojan.rules)
2841679 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-24
(current_events.rules)
2841680 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-03-24
(current_events.rules)
2841681 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2020-03-24 (current_events.rules)
2841682 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-24
(current_events.rules)
2841683 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2020-03-24
(current_events.rules)
2841684 - ETPRO CURRENT_EVENTS Successful Adobe Cloud Phish 2020-03-24
(current_events.rules)
2841685 - ETPRO CURRENT_EVENTS Successful Adobe Download Document Phish
2020-03-24 (current_events.rules)
2841686 - ETPRO CURRENT_EVENTS Successful TSB Phish 2020-03-24
(current_events.rules)
2841687 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-24
(current_events.rules)
2841688 - ETPRO CURRENT_EVENTS Successful Adobe PDF Reader Phish
2020-03-24 (current_events.rules)
2841689 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish
2020-03-24 (current_events.rules)
2841690 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish
2020-03-24 (current_events.rules)
2841691 - ETPRO CURRENT_EVENTS Successful First Bank Phish 2020-03-24
(current_events.rules)
2841692 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-03-24
(current_events.rules)
2841693 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2020-03-24
(current_events.rules)
2841694 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-03-24
(current_events.rules)
2841695 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-03-24
(current_events.rules)
2841696 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-03-24
(current_events.rules)
2841697 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-03-24
(current_events.rules)
2841698 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2841699 - ETPRO TROJAN Observed Malicious SSL Cert (IcedID CnC)
(trojan.rules)
2841700 - ETPRO TROJAN Win32/Milum CnC (trojan.rules)
[///] Modified active rules: [///]
2029700 - ET CURRENT_EVENTS Successful World Health Organization COVID-19
Phish 2020-03-23 (current_events.rules)
2810585 - ETPRO TROJAN Trojan-Banker.Win32.ChePro Variant CnC Beacon
(trojan.rules)
2810719 - ETPRO MALWARE Win32/FlyStudio CnC Beacon 2 (malware.rules)
2810733 - ETPRO TROJAN TrojanSpy.Win32/Mafod Checkin (trojan.rules)
2811630 - ETPRO TROJAN BACKDOOR.EMDIVI Checkin Response 2 (trojan.rules)
2811810 - ETPRO TROJAN Win32/Dowector.A Checkin (trojan.rules)
2812053 - ETPRO MALWARE Win32/Multibar.EA Variant PUP Google Connectivity
Check (malware.rules)
2812060 - ETPRO TROJAN Win32/FakeJa Checkin (trojan.rules)
2812063 - ETPRO TROJAN Win32/Banload2 Variant Checkin (trojan.rules)
2812182 - ETPRO TROJAN ZIP file embedded in Large JPG (~10-100MB)
(trojan.rules)
2812183 - ETPRO INFO ZIP file embedded in JPG (info.rules)
2812201 - ETPRO MOBILE_MALWARE Android/Clicker.C Checkin
(mobile_malware.rules)
2812381 - ETPRO TROJAN Win32/Bagsu!rfn Variant Checkin (trojan.rules)
2812407 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon (trojan.rules)
2812710 - ETPRO TROJAN Linopid HTTP CnC Beacon (trojan.rules)
2812735 - ETPRO MALWARE PUP.PCClean Install (malware.rules)
2812746 - ETPRO TROJAN Win32/MicroFake Downloader Checkin (trojan.rules)
2812784 - ETPRO MALWARE Adware/Illyx Install Activity (malware.rules)
2812791 - ETPRO MALWARE IdleCrawler PUP Checkin (malware.rules)
2812807 - ETPRO MALWARE Win32/Adware.1ClickDownload Checkin
(malware.rules)
2812842 - ETPRO TROJAN Win32/Ghost.E CnC Checkin (trojan.rules)
2812885 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WKA Receiving Data
(trojan.rules)
2812962 - ETPRO TROJAN MSIL/Agent.QSE CnC Activity (trojan.rules)
2812984 - ETPRO TROJAN Win32/Banker.AEA Checkin (trojan.rules)
2812986 - ETPRO TROJAN Trojan/Win32.SteamComplex Checkin (trojan.rules)
2813095 - ETPRO TROJAN Unknown Downloader Likely Retrieving Ponmocup
(trojan.rules)
2814044 - ETPRO MALWARE QQBrowser Adware PUP Activity (malware.rules)
2841553 - ETPRO TROJAN MSIL/Poulight Stealer CnC Activity (trojan.rules)
[---] Disabled and modified rules: [---]
2810602 - ETPRO TROJAN Unknown Banker .dat file download 2 (trojan.rules)
2810923 - ETPRO TROJAN PolloLocker PS1 Script Download Response
(trojan.rules)
2812068 - ETPRO TROJAN Win32/Ransomware Inbound PowerShell Payload
(trojan.rules)
2812501 - ETPRO TROJAN Agent.BLVS Initial Host Data POST M1 (trojan.rules)
2812851 - ETPRO TROJAN Unknown Powershell Backdoor Retrieve Commands M2
(trojan.rules)
[---] Disabled rules: [---]
2810919 - ETPRO MALWARE ZyngaTables Downloading Malicious Chrome
Extension (malware.rules)
2811668 - ETPRO TROJAN Pirpi Variant CnC Beacon (trojan.rules)
2811723 - ETPRO CURRENT_EVENTS APT SWC Redirected Request June 29 2015
(current_events.rules)
2812409 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon Response 2
(trojan.rules)
2812844 - ETPRO TROJAN Win32/Trfijan.A Checkin (trojan.rules)
2812966 - ETPRO TROJAN MSIL/Stimilina.F Checkin (trojan.rules)
2812979 - ETPRO TROJAN Win32/Neshta.A Checkin (trojan.rules)
2812983 - ETPRO TROJAN TrojanDownloader.Banload.VHZ Checkin 3
(trojan.rules)