[***]            Summary:            [***]

5 new OPEN, 33 new PRO (5 + 28).  OSX/NukeSped, TURLA NETFLASH, Remcos, Various Phish, Rule Edits.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030232 - ET TROJAN Gamaredon Style MalDoc .dot Download on
freedynamicdns .org (trojan.rules)
2030233 - ET TROJAN Higasia CnC Activity (trojan.rules)
2030234 - ET TROJAN Observed OSX/NukeSped Variant CnC Domain
(fudcitydelivers .com) in TLS SNI (trojan.rules)
2030235 - ET TROJAN Observed OSX/NukeSped Variant CnC Domain
(sctemarkets .com) in TLS SNI (trojan.rules)
2030236 - ET TROJAN TURLA NETFLASH CnC (trojan.rules)

Pro:

2842795 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-30 1) (trojan.rules)
2842796 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-30 2) (trojan.rules)
2842797 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-01 (current_events.rules)
2842798 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-01 (current_events.rules)
2842799 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2020-06-01 (current_events.rules)
2842800 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-06-01 (current_events.rules)
2842801 - ETPRO CURRENT_EVENTS Successful Citizens Bank Phish
2020-06-01 (current_events.rules)
2842802 - ETPRO CURRENT_EVENTS Successful Gov UK Tax Refund Phish
2020-06-01 (current_events.rules)
2842803 - ETPRO CURRENT_EVENTS Successful Excel Online Phish
2020-06-01 (current_events.rules)
2842804 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-01 (current_events.rules)
2842805 - ETPRO CURRENT_EVENTS Successful Generic Webmail FR Phish
2020-06-01 (current_events.rules)
2842806 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-06-01 (current_events.rules)
2842807 - ETPRO TROJAN ELF/Mirai Variant User-Agent (Outbound)
(trojan.rules)
2842808 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound)
(scan.rules)
2842809 - ETPRO CURRENT_EVENTS Successful Instagram Phish
2020-06-01 (current_events.rules)
2842810 - ETPRO TROJAN Win32/Agent.NEJ CnC Activity (trojan.rules)
2842811 - ETPRO TROJAN Win32/Remcos RAT Checkin 441 (trojan.rules)
2842812 - ETPRO TROJAN Win32/Remcos RAT Checkin 442 (trojan.rules)
2842813 - ETPRO TROJAN Win32/Remcos RAT Checkin 443 (trojan.rules)
2842814 - ETPRO TROJAN Win32/Remcos RAT Checkin 444 (trojan.rules)
2842815 - ETPRO TROJAN Win32/Remcos RAT Checkin 445 (trojan.rules)
2842816 - ETPRO TROJAN Win32/Remcos RAT Checkin 446 (trojan.rules)
2842817 - ETPRO TROJAN Win32/Remcos RAT Checkin 447 (trojan.rules)
2842818 - ETPRO TROJAN Win32/Remcos RAT Checkin 448 (trojan.rules)
2842819 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2842821 - ETPRO TROJAN Java/Ratty Windows Checkin (trojan.rules)
2842822 - ETPRO TROJAN W32/Sofacy Variant Checkin (trojan.rules)

[///]     Modified active rules:     [///]

2010597 - ET TROJAN Potential FakeAV HTTP GET Check-IN (/check)
(trojan.rules)
2016680 - ET WEB_SERVER WebShell Generic - net user
(web_server.rules)
2019400 - ET TROJAN Possible Bedep Connectivity Check (trojan.rules)
2020722 - ET CURRENT_EVENTS RIG Landing URI Struct March 20 2015
(current_events.rules)
2021719 - ET TROJAN APT Cheshire Cat CnC Beacon (trojan.rules)
2021729 - ET CURRENT_EVENTS PawnStorm Sednit DL Aug 28 2015
(current_events.rules)
2021739 - ET TROJAN Corebot Checkin (trojan.rules)
2021741 - ET TROJAN Corebot Requesting Module (trojan.rules)
2021742 - ET TROJAN Corebot Module Download (trojan.rules)
2021754 - ET TROJAN Corebot Module Download 2 (trojan.rules)
2021756 - ET EXPLOIT FireEye Appliance Unauthorized File Disclosure
(exploit.rules)
2021765 - ET CURRENT_EVENTS Possible Spartan/Nuclear EK Payload
(current_events.rules)
2021800 - ET TROJAN Win32/Spy.Odlanor CnC Checkin (trojan.rules)
2021814 - ET TROJAN Ursnif Variant CnC Beacon 3 (trojan.rules)
2021822 - ET TROJAN XcodeGhost CnC Checkin (trojan.rules)
2021829 - ET TROJAN Ursnif Variant CnC Beacon 4 (trojan.rules)
2021830 - ET TROJAN Ursnif Variant CnC Data Exfil (trojan.rules)
2021832 - ET TROJAN XcodeGhost CnC M2 (trojan.rules)
2021833 - ET TROJAN r0 CnC Check (trojan.rules)
2021834 - ET TROJAN r0 CnC Architecture POST 1 (trojan.rules)
2021835 - ET TROJAN r0 CnC Architecture POST 2 (trojan.rules)
2021836 - ET TROJAN r0 CnC Architecture POST 3 (trojan.rules)
2021837 - ET TROJAN r0 CnC Architecture POST 4 (trojan.rules)
2021838 - ET TROJAN r0 CnC Report POST (trojan.rules)
2021839 - ET TROJAN r0 CnC POST (trojan.rules)
2023693 - ET TROJAN Win32.Banker.bqba Checkin (trojan.rules)
2030222 - ET MALWARE Win32/Adware.Qjwmonkey.H Variant CnC Activity
(malware.rules)
2805200 - ETPRO TROJAN Win32/Spy.Keydoor.D Checkin (trojan.rules)
2807941 - ETPRO TROJAN Linopid HTTP POST CnC Beacon (trojan.rules)
2809118 - ETPRO TROJAN BACKDOOR.SINPID Checkin (trojan.rules)
2811048 - ETPRO TROJAN Superman APT CnC POST (trojan.rules)
2812032 - ETPRO INFO Suspicious Terse HTTP Request to Pastebin
(info.rules)
2812430 - ETPRO TROJAN Win32/Kryptik.DTJT Downloader POST
(trojan.rules)
2812431 - ETPRO TROJAN Win32/Kryptik.DTJT Downloader HEAD Checkin
(trojan.rules)
2812663 - ETPRO TROJAN Win32/Wedots.A Retrieving Config
(trojan.rules)
2812666 - ETPRO MOBILE_MALWARE Android/Spy.Banker.CJ Checkin
(mobile_malware.rules)
2812667 - ETPRO MOBILE_MALWARE Android/Secapk.F Checkin 3
(mobile_malware.rules)
2812685 - ETPRO TROJAN Win32/Kazy.709388 Variant Connectivity Check
(trojan.rules)
2812691 - ETPRO TROJAN Win32/Spy.Agent.OSK Activity (trojan.rules)
2812692 - ETPRO USER_AGENTS Suspicious User-Agent (Browser)
(user_agents.rules)
2812698 - ETPRO TROJAN Win32/Pasta.ztb Checkin (trojan.rules)
2812702 - ETPRO TROJAN Win32/Hacktool.AntiBan Activity 1
(trojan.rules)
2812703 - ETPRO TROJAN Win32/Hacktool.AntiBan Activity 2
(trojan.rules)
2812704 - ETPRO USER_AGENTS Suspicious User-Agent (wf-AntiBan)
(user_agents.rules)
2812709 - ETPRO TROJAN Linopid HTTP GET CnC Beacon (trojan.rules)
2812729 - ETPRO TROJAN Arid Viper APT Checkin 4 (trojan.rules)
2812745 - ETPRO TROJAN Win32.Alman Checkin (trojan.rules)
2812747 - ETPRO TROJAN Win32/Banload.BAW Activity (trojan.rules)
2812767 - ETPRO TROJAN KRBanker Checkin (trojan.rules)
2812768 - ETPRO TROJAN KRBanker Checkin 2 (trojan.rules)
2812770 - ETPRO TROJAN Speccom/Vehidis CnC Beacon (trojan.rules)
2812771 - ETPRO TROJAN W32/Bradelf Checkin (trojan.rules)
2812775 - ETPRO TROJAN Umbra/Multibot Checkin (trojan.rules)
2812785 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.de
Checkin 3 (mobile_malware.rules)
2812786 - ETPRO TROJAN Downloader Agent.wsjbj Checkin 1
(trojan.rules)
2812787 - ETPRO TROJAN Downloader Agent.wsjbj Checkin 2
(trojan.rules)
2812793 - ETPRO TROJAN IRCbot User-Agent (trojan.rules)
2812812 - ETPRO TROJAN Backdoor.Telnneru Possible HTTP CnC Beacon 1
(trojan.rules)
2812813 - ETPRO TROJAN Backdoor.Telnneru Possible HTTP CnC Beacon 2
(trojan.rules)
2812814 - ETPRO TROJAN Backdoor.Telnneru Possible HTTP CnC Beacon 3
(trojan.rules)
2812815 - ETPRO TROJAN Backdoor.Telnneru Possible HTTP CnC Beacon 4
(trojan.rules)
2812822 - ETPRO EXPLOIT Hard Coded XXXXairocon Credentials Inbound
(exploit.rules)
2812830 - ETPRO CURRENT_EVENTS Successful EDF Account Phish Aug 31
(current_events.rules)
2812841 - ETPRO TROJAN Backdoor.Telnneru GET Session CnC Beacon
(trojan.rules)
2812843 - ETPRO TROJAN Win32/Netdevil.1_5 CnC Checkin (trojan.rules)
2812847 - ETPRO TROJAN Unknown Powershell Backdoor Checkin
(trojan.rules)
2812848 - ETPRO TROJAN Unknown Powershell Backdoor Checkin Response
(trojan.rules)
2812849 - ETPRO TROJAN Unknown Powershell Backdoor Beacon
(trojan.rules)
2812850 - ETPRO TROJAN Unknown Powershell Backdoor Retrieve
Commands M1 (trojan.rules)
2812852 - ETPRO TROJAN Unknown Powershell Backdoor Sending Host
Data (trojan.rules)
2812853 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
2812855 - ETPRO TROJAN Win32/Cekar.gen!A CnC Activity (trojan.rules)
2812861 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2812862 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
2812865 - ETPRO TROJAN Spyec Keylogger Checkin (trojan.rules)
2812866 - ETPRO TROJAN Win32/Conpilf Posting Data (trojan.rules)
2812873 - ETPRO TROJAN Win32/Critloki.B CnC Checkin (trojan.rules)
2812874 - ETPRO TROJAN Bedep AdFraud Module Downloading Config
(trojan.rules)
2812886 - ETPRO TROJAN Arcdoor.AJ!worm Checkin (trojan.rules)
2812895 - ETPRO TROJAN Suspicious User-Agent (ExcelMalware)
(trojan.rules)
2812898 - ETPRO TROJAN Kawpfuni.A/Keydoor CnC Checkin - POST Method
(trojan.rules)
2812919 - ETPRO EXPLOIT Hard Coded Phillips In.Sight Credentials
Inbound (exploit.rules)
2812927 - ETPRO TROJAN Tirabot CnC 2 (trojan.rules)
2812928 - ETPRO TROJAN Win32/Skeeyah.A Uploading Stolen Creds
(trojan.rules)
2812947 - ETPRO TROJAN PSW.Papras.EH Checkin (trojan.rules)
2812961 - ETPRO TROJAN Trojan/Banker.Bancos.deq Checkin
(trojan.rules)
2812968 - ETPRO TROJAN PWS.Steam.1991 Checkin (trojan.rules)
2812969 - ETPRO TROJAN Win32/TrojanDownloader.Banload.CXAH
Retrieving Payload (trojan.rules)
2812975 - ETPRO TROJAN Trojan/Win32.Agent Variant Checkin
(trojan.rules)
2812976 - ETPRO TROJAN Python Backdoor Variant CnC Beacon M1
(trojan.rules)
2812982 - ETPRO TROJAN TrojanDownloader.Banload.VHZ Checkin 2
(trojan.rules)
2812989 - ETPRO TROJAN MacOSX.iMuler-1 CheckNetWorkWithCurl
(trojan.rules)
2812995 - ETPRO TROJAN Razer DDoS Ultimate Mark II (trojan.rules)
2813018 - ETPRO TROJAN AlphaCrypt CnC Beacon 4 (trojan.rules)
2813020 - ETPRO TROJAN Win32/Frosparf.A Retrieving Payload
(trojan.rules)
2813022 - ETPRO TROJAN Win32/Spy.Banker.ACLQ Checkin (trojan.rules)
2813024 - ETPRO TROJAN W32.Neshuta.A Checkin (trojan.rules)
2813036 - ETPRO TROJAN Win32/Banload.VJB CnC Checkin (trojan.rules)
2813051 - ETPRO TROJAN MSIL/Bladabindi.G Checkin (trojan.rules)
2813052 - ETPRO TROJAN Win32/TrojanDownloader.Banload.UPP
Requesting Data (trojan.rules)
2813053 - ETPRO TROJAN Win32/Injector.gen!W CnC Checkin
(trojan.rules)
2813060 - ETPRO TROJAN Vawtrak Retrieving Module (trojan.rules)
2813063 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.hpri Checkin
(trojan.rules)
2813068 - ETPRO TROJAN Win32/Skeeyah.A!rfn Variant Checkin
(trojan.rules)
2813069 - ETPRO TROJAN H1N1 Loader connectivity check - adobe.com
(trojan.rules)
2813071 - ETPRO TROJAN H1N1 Loader executable download
(trojan.rules)
2813073 - ETPRO TROJAN Linux.Trojan.Concbak Checkin (trojan.rules)
2813098 - ETPRO TROJAN Win32/Banload Variant CnC Activity 1
(trojan.rules)
2813099 - ETPRO TROJAN Win32/Banload Variant CnC Activity 2
(trojan.rules)
2814005 - ETPRO CURRENT_EVENTS Successful Battle.net Phish
2015-09-22 (current_events.rules)
2814006 - ETPRO CURRENT_EVENTS Successful Amazon Phish Sept 21 M1
(current_events.rules)
2814014 - ETPRO TROJAN Win32/Bancos.EC Activity (trojan.rules)
2814017 - ETPRO TROJAN W32/Nurjax Checkin (trojan.rules)
2814018 - ETPRO TROJAN W32/Delf.NLJ!worm Posting Data (trojan.rules)
2814021 - ETPRO TROJAN Win32/BrowserPassview Sending Data via HTTP
(trojan.rules)
2814025 - ETPRO TROJAN Win32/Banload.VUZ Activity (trojan.rules)
2814028 - ETPRO TROJAN W32/Tepfer Variant CnC Beacon (trojan.rules)
2814034 - ETPRO TROJAN Win32.Diztakun.zsg Infostealer M5
(trojan.rules)
2814047 - ETPRO TROJAN Unknown Downloader CnC Checkin (trojan.rules)
2814049 - ETPRO TROJAN Win32/TrojanDownloader.Banload.VUF
Retrieving Payload (trojan.rules)
2814051 - ETPRO TROJAN Spy.Shiz HTTP b64 CnC Beacon M2 (1)
(trojan.rules)
2814052 - ETPRO TROJAN Spy.Shiz HTTP b64 CnC Beacon M2 (2)
(trojan.rules)
2814053 - ETPRO TROJAN Spy.Shiz HTTP b64 CnC Beacon M2 (3)
(trojan.rules)
2814093 - ETPRO TROJAN Win32/Ramnit.A CnC Checkin 1 (trojan.rules)
2814094 - ETPRO TROJAN Win32/Ramnit.A CnC Checkin 2 (trojan.rules)
2814097 - ETPRO TROJAN Winlock/Torrentlocker Beacon (trojan.rules)
2814108 - ETPRO TROJAN AutoClicker Beacon (trojan.rules)
2814109 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ax
Checkin (mobile_malware.rules)
2814117 - ETPRO TROJAN Win32/Soloniti.A Activity (trojan.rules)
2842768 - ETPRO CURRENT_EVENTS Successful Huntington Bank Phish
2020-05-28 (current_events.rules)

[---]         Removed rules:         [---]

2814110 - ETPRO TROJAN W32/Sofacy Variant Checkin (trojan.rules)
2816920 - ETPRO TROJAN Java/Ratty Windows Checkin (trojan.rules)

Date:
Summary title:
5 new OPEN, 33 new PRO (5 + 28). OSX/NukeSped, TURLA NETFLASH, Remcos, Various Phish, Rule Edits.