[***] Summary: [***]
4 new OPEN, 23 new PRO (4 + 19). JS/Magecart, eleethub botnet, SamoRAT, Various CoinMiner and Phish
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030194 - ET TROJAN Observed JS/Magecart Domain in TLS SNI (manag .icu)
(trojan.rules)
2030195 - ET TROJAN eleethub botnet CnC Domain in DNS Lookup (irc.eleethub
.com) (trojan.rules)
2030196 - ET TROJAN eleethub botnet CnC Domain in DNS Lookup
(ghost.eleethub .com) (trojan.rules)
2030197 - ET MALWARE eleethub .com Domain in DNS Lookup (eleethub .com)
(malware.rules)
Pro:
2842650 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-20 1) (trojan.rules)
2842651 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-20 2) (trojan.rules)
2842652 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-20 3) (trojan.rules)
2842653 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-05-20
(current_events.rules)
2842654 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2020-05-20
(current_events.rules)
2842655 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2020-05-20
(current_events.rules)
2842656 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2020-05-20
(current_events.rules)
2842657 - ETPRO CURRENT_EVENTS Successful Word Online Doc Phish 2020-05-20
(current_events.rules)
2842658 - ETPRO CURRENT_EVENTS Successful Paxful Phish 2020-05-20
(current_events.rules)
2842659 - ETPRO CURRENT_EVENTS Successful Intuit Phish 2020-05-20
(current_events.rules)
2842660 - ETPRO CURRENT_EVENTS Successful Intuit Phish 2020-05-20
(current_events.rules)
2842661 - ETPRO TROJAN SamoRAT CnC API Host Checkin (trojan.rules)
2842662 - ETPRO TROJAN W32/Unk.Ransom Blocker CnC M1 (trojan.rules)
2842663 - ETPRO TROJAN W32/Unk.Ransom Blocker CnC M2 (trojan.rules)
2842664 - ETPRO TROJAN W32/Unk.Ransom Blocker CnC M3 (trojan.rules)
2842665 - ETPRO TROJAN W32/Unk.Ransom Blocker CnC M4 (trojan.rules)
2842666 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2842667 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2842668 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
[///] Modified active rules: [///]
2027369 - ET EXPLOIT [NCC GROUP] Possible Bluekeep Inbound RDP Exploitation
Attempt (CVE-2019-0708) (exploit.rules)
2029598 - ET TROJAN Observed JS/Skimmer (likely Magecart) Domain in TLS SNI
(imprintcenter .com) (trojan.rules)
2842546 - ETPRO TROJAN SamoRAT CnC Host Checkin (trojan.rules)
2842547 - ETPRO TROJAN SamoRAT CnC Activity (trojan.rules)