[***]            Summary:            [***]

4 new OPEN, 24 new PRO (4 + 20). Backdoor.Elise, Win32/InstallDisck, SHLAYER, Win32/GuaGua, Dharma/CrySiS Ransomware, Dharma/CrySiS Ransomware, Win32/Sohanad.AL, Various PHISH.

TIIF.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2029186 - ET MALWARE Win32/InstallDisck SMTP Checkin (malware.rules)
2030229 - ET TROJAN Backdoor.Elise Style IP Check M2 (trojan.rules)
2030230 - ET POLICY Proxy Server Lookup (nntime) (policy.rules)
2030231 - ET TROJAN SHLAYER CnC (trojan.rules)

Pro:

2803094 - ETPRO MALWARE Win32/GuaGua Checkin (malware.rules)
2811459 - ETPRO MALWARE Win32/Meinhudong.C Variant Checkin (malware.rules)
2842777 - ETPRO TROJAN Dharma/CrySiS Ransomware CnC Checkin (trojan.rules)
2842778 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2842780 - ETPRO TROJAN MalDoc Retrieving Payload 2020-05-29 (trojan.rules)
2842781 - ETPRO WEB_CLIENT Inbound VBScript - Suspicious External HTTP
Download and Execute (web_client.rules)
2842783 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2842785 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-29 1) (trojan.rules)
2842786 - ETPRO TROJAN Win32/Sohanad.AL CnC Host Checkin M1 (trojan.rules)
2842787 - ETPRO TROJAN Win32/Sohanad.AL CnC Host Checkin M2 (trojan.rules)
2842788 - ETPRO CURRENT_EVENTS Successful Lichfield Finance Trust Bank
Phish 2020-05-29 (current_events.rules)
2842789 - ETPRO CURRENT_EVENTS Successful UniCredit Phish 2020-05-29
(current_events.rules)
2842790 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-05-29
(current_events.rules)
2842791 - ETPRO CURRENT_EVENTS Successful Banco de la Nacion Phish
2020-05-29 (current_events.rules)
2842792 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-05-29 (current_events.rules)
2842793 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-05-29 (current_events.rules)
2842794 - ETPRO TROJAN Win32/Addrop.C!bit Activity (trojan.rules)

[///]     Modified active rules:     [///]

2014113 - ET TROJAN Win32/Injector.MUD Variant Reporting (trojan.rules)
2016757 - ET TROJAN W32/Nymaim Checkin (2) (trojan.rules)
2018787 - ET TROJAN Win32/TrojanDownloader.Waski.F Locker DL URI Struct
Jul 25 2014 (trojan.rules)
2019163 - ET TROJAN W32/Alina.POS-Trojan Checkin (trojan.rules)
2021304 - ET TROJAN W2KM_BARTALEX Downloading Payload 2 (trojan.rules)
2021439 - ET TROJAN Win32/Bancos.AMM CnC Beacon (trojan.rules)
2021440 - ET TROJAN KeyBase Keylogger HTTP Pattern (trojan.rules)
2021442 - ET TROJAN Win32.Rioselx.A Checkin (trojan.rules)
2021531 - ET TROJAN W2KM_BARTALEX Downloading Payload M2 (set)
(trojan.rules)
2021555 - ET TROJAN Potao CnC POST Response (trojan.rules)
2021556 - ET TROJAN Dyre CnC Checkin (trojan.rules)
2021557 - ET TROJAN Possible Java/Downloader Observed in Pawn Storm
CVE-2015-2590 1 (trojan.rules)
2021558 - ET TROJAN Possible Java/Downloader Observed in Pawn Storm
CVE-2015-2590 2 (trojan.rules)
2021560 - ET TROJAN URI Struct Observed in Pawn Storm CVE-2015-2950
(trojan.rules)
2021597 - ET TROJAN W32/Alina.POS-Trojan Checkin (trojan.rules)
2021605 - ET TROJAN Win32.VBKrypt.vquj Checkin (trojan.rules)
2021610 - ET TROJAN DarkHotel Initial Beacon (trojan.rules)
2021625 - ET TROJAN W2KM_BARTALEX August 11 2015 (trojan.rules)
2021631 - ET TROJAN Sharik/Smoke CnC Beacon 2 (trojan.rules)
2021644 - ET EXPLOIT Websense Content Gateway submit_net_debug.cgi
cmd_param Param Buffer Overflow Attempt (exploit.rules)
2801283 - ETPRO TROJAN Backdoor.MSIL.Blahavi.A Checkin (trojan.rules)
2806653 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Nidb.a Checkin
(mobile_malware.rules)
2807843 - ETPRO TROJAN Ixeshe/Mecklow Checkin 3 (trojan.rules)
2808688 - ETPRO TROJAN Win32/TrojanDownloader.Banload.UAI Variant Checkin
(trojan.rules)
2808878 - ETPRO TROJAN CoinVault C2 (trojan.rules)
2810154 - ETPRO TROJAN Win32.ProxyChanger.TH Checkin (trojan.rules)
2811711 - ETPRO TROJAN Win32/TrojanDownloader.Speccom.F Variant Checkin
(trojan.rules)
2811859 - ETPRO TROJAN W32/Emogen.F!worm VB Downloader Initial CnC Beacon
(trojan.rules)
2811905 - ETPRO TROJAN PhilBot/Toshliph POST CnC Beacon (trojan.rules)
2812043 - ETPRO MOBILE_MALWARE Android.Trojan.AndroRAT.E Checkin
(mobile_malware.rules)
2812048 - ETPRO TROJAN CryptoWall Test Decrypt Upload (trojan.rules)
2812082 - ETPRO TROJAN Win32/Banker.ChePro Activity (trojan.rules)
2812129 - ETPRO POLICY SpyHunter Spyware Removal Tool PUP Checkin
(policy.rules)
2812140 - ETPRO TROJAN Pirpi CnC Beacon Response Fake 404 (trojan.rules)
2812141 - ETPRO TROJAN Pirpi CnC Beacon HTTP POST (trojan.rules)
2812157 - ETPRO TROJAN Win32/Teags.A CnC Checkin (trojan.rules)
2812172 - ETPRO TROJAN Win32/Troxen!rts DoS Requests (trojan.rules)
2812189 - ETPRO TROJAN MSIL/Povbop.A Checkin (trojan.rules)
2812197 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fx Checkin
(mobile_malware.rules)
2812231 - ETPRO TROJAN Win32/Litera.A CnC Checkin (trojan.rules)
2812232 - ETPRO TROJAN Win32/Litera.A CnC Checkin 2 (trojan.rules)
2812278 - ETPRO TROJAN Win32/Rovnix Variant Checkin (trojan.rules)
2812279 - ETPRO TROJAN Win32/Nitrado.VB CnC Checkin (trojan.rules)
2812284 - ETPRO TROJAN MSIL/Irstil.A Checkin (trojan.rules)
2812295 - ETPRO TROJAN Win32/Small.FY CnC Checkin (trojan.rules)
2812308 - ETPRO TROJAN Sefnit CnC Beacon 3 (trojan.rules)
2812311 - ETPRO TROJAN Win32/FrauDrop.ahxrz CnC Checkin (trojan.rules)
2812328 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.de Checkin 2
(mobile_malware.rules)
2812331 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.hl Checkin
(mobile_malware.rules)
2812332 - ETPRO MOBILE_MALWARE Android/SMSreg.VB Checkin
(mobile_malware.rules)
2812345 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BID Checkin
(mobile_malware.rules)
2812375 - ETPRO TROJAN Possible Dridex 0 byte POST to Pastebin
(trojan.rules)
2812382 - ETPRO USER_AGENTS Suspicious User-Agent (RuokuaiClient)
(user_agents.rules)
2812383 - ETPRO WEB_SPECIFIC_APPS Sycorax sCMS SQLi Attempt
(web_specific_apps.rules)
2812386 - ETPRO WEB_SPECIFIC_APPS WP Symposium Plugin < 15.8 SQLi Attempt
(web_specific_apps.rules)
2812387 - ETPRO TROJAN External IP Address Lookup - aamailsoft.com
(trojan.rules)
2812388 - ETPRO TROJAN Possible Dridex 0 byte POST to Pastebin
(trojan.rules)
2812391 - ETPRO TROJAN Win32/VBS.Lnkget.D Variant Checkin (trojan.rules)
2812395 - ETPRO TROJAN Tapaoux CnC Beacon 1 (trojan.rules)
2812396 - ETPRO TROJAN Tapaoux CnC Beacon 2 (trojan.rules)
2812397 - ETPRO TROJAN Win32.Agent.ifvl CnC Beacon (trojan.rules)
2812411 - ETPRO TROJAN Backdoor.Win32.Atbot.vkt Checkin (trojan.rules)
2812412 - ETPRO TROJAN Zemot Variant CnC POST (trojan.rules)
2812413 - ETPRO TROJAN Zemot Variant CnC GET (trojan.rules)
2812418 - ETPRO TROJAN Win32/Bicololo Variant Checkin (trojan.rules)
2812432 - ETPRO TROJAN Garveep CnC Beacon Fake Headers (trojan.rules)
2812440 - ETPRO TROJAN Andromeda/Gamarue Checkin (trojan.rules)
2812452 - ETPRO TROJAN Rector/Criakl Ransomware CnC Checkin (trojan.rules)
2812467 - ETPRO TROJAN Win32/Gulcrypt CnC Checkin (trojan.rules)
2812477 - ETPRO WEB_CLIENT Possible CoreImpact Client Exploit In Progress
(Pens Being Tested or Possible RocketKitten) (web_client.rules)
2812480 - ETPRO WEB_CLIENT Possible CoreImpact Client Exploit In Progress
Default Landing URI Struct (Pens Being Tested or Possible RocketKitten)
(web_client.rules)
2812487 - ETPRO WEB_CLIENT Possible CoreImpact Client Exploit Payload URI
Struct M1 (Pens Being Tested or Possible RocketKitten) (web_client.rules)
2812500 - ETPRO TROJAN W32/Zemot.A Downloading Binary (trojan.rules)
2812502 - ETPRO TROJAN Agent.BLVS Initial Host Data POST M2 (trojan.rules)
2812504 - ETPRO TROJAN Win32/Denisca.A Variant Checkin (trojan.rules)
2812515 - ETPRO USER_AGENTS Suspicious User-Agent (post_example)
(user_agents.rules)
2812518 - ETPRO TROJAN Vaultlock/BitCryptor Initial Checkin (trojan.rules)
2812527 - ETPRO TROJAN Xunpf.A Variant Retrieving DLL (trojan.rules)
2812529 - ETPRO USER_AGENTS Suspicious User-Agent (FirefoxApp)
(user_agents.rules)
2812530 - ETPRO TROJAN Xunpf.A Variant Beacon 1 (trojan.rules)
2812531 - ETPRO TROJAN Xunpf.A Variant Beacon 2 (trojan.rules)
2812541 - ETPRO TROJAN Win32/VB.SAO Checkin (trojan.rules)
2812551 - ETPRO TROJAN Backdoor.Emdivi Checkin 4 (trojan.rules)
2812552 - ETPRO TROJAN Win32/MGLocker CnC Checkin (trojan.rules)
2812556 - ETPRO MOBILE_MALWARE Android/JSmsHider.O Checkin
(mobile_malware.rules)
2812604 - ETPRO TROJAN Win32/Genasom.FO Attempted Ransom Payment
(trojan.rules)
2812614 - ETPRO TROJAN Win32/Citeary.D CnC Beacon 2 (trojan.rules)
2812616 - ETPRO TROJAN Win32/Citeary.D CnC Beacon (trojan.rules)
2812617 - ETPRO TROJAN Likely Win32/CoinMiner Retreiving Config -
Pastebin (trojan.rules)
2812624 - ETPRO TROJAN Win32/Ixeshe HTTP CnC Beacon 2 (trojan.rules)
2812640 - ETPRO TROJAN OnionDuke CnC Beacon 6 (trojan.rules)
2812641 - ETPRO TROJAN OnionDuke CnC Beacon 7 (trojan.rules)
2812642 - ETPRO TROJAN OnionDuke CnC Beacon 8 (trojan.rules)
2812643 - ETPRO TROJAN OnionDuke CnC Beacon 9 (trojan.rules)
2812644 - ETPRO TROJAN OnionDuke CnC Beacon 10 (trojan.rules)
2812665 - ETPRO TROJAN Minerd Loader Beacon (trojan.rules)
2815201 - ETPRO TROJAN Win32/Agent.XSF Variant CnC Beacon (trojan.rules)
2822031 - ETPRO TROJAN Win32/Wadereh.B Variant Updateinfo Command
(trojan.rules)
2826773 - ETPRO TROJAN Win32/Agent.YKQ Variant Checkin (trojan.rules)
2828446 - ETPRO TROJAN MSIL/TrojanDropper.Agent.DHJ Variant Downloader
Activity (trojan.rules)

[---]  Disabled and modified rules:  [---]

2016252 - ET TROJAN Unknown POST of Windows PW Hashes to External Site
(trojan.rules)
2016253 - ET TROJAN Unknown POST of System Info (trojan.rules)

[---]         Disabled rules:        [---]

2016829 - ET TROJAN Unknown Checkin (trojan.rules)

[---]         Removed rules:         [---]

2029186 - ET TROJAN Win32/Unknown SMTP Checkin (trojan.rules)
2803094 - ETPRO TROJAN Win32/Dynamer.dt Checkin (trojan.rules)
2811459 - ETPRO TROJAN Unknown Checkin (trojan.rules)

Date:
Summary title:
4 new OPEN, 24 new PRO (4 + 20). Backdoor.Elise, Win32/InstallDisck, SHLAYER, Win32/GuaGua, Dharma/CrySiS Ransomware, Dharma/CrySiS Ransomware, Win32/Sohanad.AL, Various PHISH.