[***] Summary: [***]
8 Open, 18 Pro (8 + 10). Cobalt Strike, DiplomatLoader, ZEROCRAT, Kimsuky, Various Phishing.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030349 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike Malleable
C2 Domain) (trojan.rules)
2030350 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-18)
(trojan.rules)
2030351 - ET TROJAN SSL/TLS Certificate Observed (DiplomatLoader)
(trojan.rules)
2030352 - ET TROJAN Possible DNS Tunneling Observed (trojan.rules)
2030353 - ET MALWARE Win32/Adware.VrBrothers.AI Variant CnC Activity
(malware.rules)
2030354 - ET MALWARE MediaDrug CnC Activity (malware.rules)
2030355 - ET MALWARE SUPERAntiSpyware Install Checkin (malware.rules)
2030356 - ET TROJAN Operation Interception Beacon (trojan.rules)
Pro:
2843097 - ETPRO TROJAN Observed DNS Query to DADSTACHE/Leviathan CnC
Domain (trojan.rules)
2843098 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-06-18
(current_events.rules)
2843099 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-18 1) (trojan.rules)
2843100 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-18 2) (trojan.rules)
2843101 - ETPRO TROJAN Kimsuky Related Host Data Exfil M3 (trojan.rules)
2843102 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-06-18
(current_events.rules)
2843103 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-18
(current_events.rules)
2843104 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-18
(current_events.rules)
2843105 - ETPRO TROJAN Win32/Remcos RAT Checkin 465 (trojan.rules)
2843106 - ETPRO TROJAN ZEROCRAT Client Info Post M2 (trojan.rules)
[///] Modified active rules: [///]
2022467 - ET TROJAN Bedep Connectivity Check M2 (trojan.rules)
2022470 - ET TROJAN CenterPOS Delete Plugins (trojan.rules)
2022471 - ET TROJAN CenterPOS Load Plugins (trojan.rules)
2807783 - ETPRO TROJAN Win32/TrojanProxy.Agent.NJK CnC Checkin Response
(trojan.rules)
2812408 - ETPRO TROJAN Win32/Venik HTTP CnC Beacon Response 1
(trojan.rules)
2815943 - ETPRO TROJAN Win32/Toga!rfn Checkin (trojan.rules)
2815995 - ETPRO TROJAN Unknown/PyInstaller CnC Checkin M2 (trojan.rules)
2815997 - ETPRO TROJAN Unknown.PWS CnC Checkin (trojan.rules)
2816009 - ETPRO TROJAN Password Stealer MSIL/Spy.Agent.AIF Checkin
(trojan.rules)
2816011 - ETPRO TROJAN Win32/Banatrix Variant Checkin (trojan.rules)
2816013 - ETPRO CURRENT_EVENTS Navy Federal Credit Union Phishing Landing
2016-01-30 (current_events.rules)
2816016 - ETPRO TROJAN Yuckyll CnC Beacon 1 M2 (trojan.rules)
2836270 - ETPRO TROJAN QuasarRAT C2 Init (trojan.rules)
2841429 - ETPRO TROJAN MSIL/Spy.Small.EU Variant Host Checkin
(trojan.rules)
2842984 - ETPRO TROJAN Unk.Loader Retrieving Payload 2020-06-11
(trojan.rules)
2843029 - ETPRO TROJAN KarenLogger CnC Host Checkin (trojan.rules)