[***]            Summary:            [***]

6 new OPEN, 26 new PRO (6 + 20).  ELF/Kinsing, Ursnif, Remcos, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030243 - ET TROJAN Android/xDrop Ransomware CnC Checkin
(trojan.rules)
2030244 - ET TROJAN ELF/Kinsing Payload Request M1 (trojan.rules)
2030245 - ET TROJAN ELF/Kinsing Payload Request M2 (trojan.rules)
2030246 - ET WEB_SERVER Generic Email Spoofing Tool Accessed on
Internal Compromised Server (web_server.rules)
2030247 - ET WEB_CLIENT Generic Email Spoofing Tool Accessed on
External Compromised Server (web_client.rules)
2030248 - ET POLICY Observed Potential Spyware Domain (app
.hubstaff .com) in TLS SNI (policy.rules)

Pro:

2842842 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-03 1) (trojan.rules)
2842843 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-03 2) (trojan.rules)
2842844 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-03 (current_events.rules)
2842845 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-03 (current_events.rules)
2842846 - ETPRO TROJAN Win32/AnaFTP CnC Host Checkin (trojan.rules)
2842847 - ETPRO TROJAN MSIL/Spy.Agent.CPT Variant CnC Host Checkin
(trojan.rules)
2842848 - ETPRO CURRENT_EVENTS Successful Generic Phish to .ml
Domain 2020-06-03 (current_events.rules)
2842849 - ETPRO CURRENT_EVENTS Successful Generic Byethost Phish
2020-06-03 (current_events.rules)
2842850 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-06-03
(current_events.rules)
2842851 - ETPRO MALWARE Win32/Gpcode.NAI Ransomware Variant CnC
Activity (malware.rules)
2842852 - ETPRO TROJAN Unk/VBS Downloader Activity (trojan.rules)
2842853 - ETPRO CURRENT_EVENTS Successful Comcast Phish 2020-06-03
(current_events.rules)
2842854 - ETPRO TROJAN Observed MSIL/Perseus Variant CnC Domain in
TLS SNI (trojan.rules)
2842855 - ETPRO TROJAN Observed MSIL/Perseus Variant CnC Domain in
TLS SNI (trojan.rules)
2842856 - ETPRO TROJAN MSIL/Perseus Variant CnC Activity
(trojan.rules)
2842857 - ETPRO TROJAN Win32/Remcos RAT Checkin 450 (trojan.rules)
2842858 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2842859 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2842860 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2842861 - ETPRO TROJAN Agent Tesla Data Exfil via SMTP
(trojan.rules)

[///]     Modified active rules:     [///]

2009475 - ET POLICY TeamViewer Dyngate User-Agent (policy.rules)
2021944 - ET CURRENT_EVENTS Netgear Multiple Router Auth Bypass
(current_events.rules)
2812183 - ETPRO INFO ZIP file embedded in JPG (info.rules)
2812860 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Viser.a Checkin
(mobile_malware.rules)
2814297 - ETPRO TROJAN Backdoor.Busadom Exfiltrated Data b64 M2
(trojan.rules)
2814298 - ETPRO TROJAN Backdoor.Busadom Exfiltrated Data b64 M3
(trojan.rules)
2814301 - ETPRO MOBILE_MALWARE Android.Trojan.Fjcon.K Checkin
(mobile_malware.rules)
2814312 - ETPRO TROJAN Win32/Bancos.AMM CnC Beacon 2 (trojan.rules)
2814316 - ETPRO TROJAN W32/Ramnnit.A Checkin 2 (trojan.rules)
2814317 - ETPRO TROJAN W32/Zemot.A Checkin (trojan.rules)
2814338 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.BT Checkin
(mobile_malware.rules)

Date:
Summary title:
6 new OPEN, 26 new PRO (6 + 20). ELF/Kinsing, Ursnif, Remcos, Others.