[***] Summary: [***]
5 new Open, 23 new Pro (5 + 18). COVID-19 Ransomware, Remcos, Various
Phishing.
[+++] Added rules: [+++]
Open:
2029735 - ET TROJAN Observed MSIL/n2019cov (COVID-19) Ransomware CnC
Domain in TLS SNI (trojan.rules)
2029736 - ET TROJAN MSIL/n2019cov (COVID-19) Ransomware CnC Checkin
(trojan.rules)
2029737 - ET CURRENT_EVENTS Successful Colleagues Quarantined with
COVID-19 Phish 2020-03-25 (current_events.rules)
2029738 - ET CURRENT_EVENTS Successful Airbnb COVID-19 Phish 2020-03-25
(current_events.rules)
2029739 - ET TROJAN Win32/Milum CnC (trojan.rules)
Pro:
2841701 - ETPRO TROJAN VBS/LanceurLoader Checkin via Telegram
(trojan.rules)
2841702 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-25 1) (trojan.rules)
2841703 - ETPRO CURRENT_EVENTS Successful Generic Account Settings Phish
2020-03-25 (current_events.rules)
2841704 - ETPRO CURRENT_EVENTS Successful Generic Account Settings Phish
2020-03-25 (current_events.rules)
2841705 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-03-25
(current_events.rules)
2841706 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-03-25 (current_events.rules)
2841707 - ETPRO CURRENT_EVENTS Successful Denizbank Phish 2020-03-25
(current_events.rules)
2841708 - ETPRO CURRENT_EVENTS Successful Intesa SanPaolo Phish
2020-03-25 (current_events.rules)
2841709 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-03-25
(current_events.rules)
2841710 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-03-25 (current_events.rules)
2841711 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-03-25
(current_events.rules)
2841712 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-03-25
(current_events.rules)
2841713 - ETPRO CURRENT_EVENTS Successful Generic Webmail App Phish
2020-03-25 (current_events.rules)
2841714 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-03-25 (current_events.rules)
2841715 - ETPRO CURRENT_EVENTS Successful Advanzia Bank Phish 2020-03-25
(current_events.rules)
2841716 - ETPRO TROJAN Win32/Remcos RAT Checkin 375 (trojan.rules)
2841717 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AIU CnC
(trojan.rules)
2841718 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AIU CnC Domain
in TLS SNI (trojan.rules)
[///] Modified active rules: [///]
2029255 - ET EXPLOIT Possible Citrix Application Delivery Controller
Arbitrary Code Execution Attempt (CVE-2019-19781) M2 (exploit.rules)
2808465 - ETPRO TROJAN Password Stealer MSIL/VOJIN.A Sending Stolen Info
(trojan.rules)
2809776 - ETPRO TROJAN Win32/Unruy.C Checkin 4 (trojan.rules)
2809794 - ETPRO WEB_SPECIFIC_APPS Pandora FMS 5.1 SP1 SQLi Attempt
(web_specific_apps.rules)
2809816 - ETPRO WEB_SPECIFIC_APPS Maarch LetterBox 2.8 PHP File Upload
(web_specific_apps.rules)
2809861 - ETPRO TROJAN Sharik/Smoke CnC Beacon (trojan.rules)
2809863 - ETPRO TROJAN Win32/SvcMiner.A Checkin (trojan.rules)
2812629 - ETPRO CURRENT_EVENTS BossTDS Redirect (current_events.rules)
2814218 - ETPRO MALWARE VSProtect PUA Checkin (malware.rules)
2814224 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving
compressed PE set (.z) (trojan.rules)
2814225 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving
compressed PE set (.Z) (trojan.rules)
2814240 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WEO Receiving
compressed PE set (.7z) (trojan.rules)
2814261 - ETPRO TROJAN Ursnif Fetching DGA Seed (trojan.rules)
2814360 - ETPRO TROJAN Win32/Beebone!rfn External IP Address Check
(trojan.rules)
2814529 - ETPRO TROJAN Win32/Gamker.A Checkin (trojan.rules)
2825290 - ETPRO TROJAN Tofu Backdoor Checkin (trojan.rules)
2828893 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i Checkin
(mobile_malware.rules)
2828894 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.i CnC
Beacon (mobile_malware.rules)
2829338 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin
(mobile_malware.rules)
2829340 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Skygofree.a Checkin 3
(mobile_malware.rules)
2841676 - ETPRO TROJAN Win32/Cobalt Strike CnC Activity (OCSP Spoof)
(trojan.rules)
[---] Disabled and modified rules: [---]
2810480 - ETPRO DOS Slowloris HTTP Traffic Inbound (dos.rules)
2814239 - ETPRO TROJAN Win32/InfoStealer.Banload Variant Retrieving
Payload (trojan.rules)
2814676 - ETPRO TROJAN MSIL/Kryptik.CNO Retrieving Payload (trojan.rules)
2825226 - ETPRO TROJAN Helminth/Oilrig CnC Beacon 2 (trojan.rules)
[---] Disabled rules: [---]
2812634 - ETPRO TROJAN Win32.Scar Checkin (trojan.rules)
2814385 - ETPRO TROJAN Win32/Nivdort!acf CnC Beacon (trojan.rules)
[---] Removed rules: [---]
2841700 - ETPRO TROJAN Win32/Milum CnC (trojan.rules)