[***] Summary: [***]
13 new OPEN, 38 new PRO (13 + 25). CollectorStealer, VikroStealer, Various ELF/Mirai, Bodegun CnC, Various Remcos, VARIOUS PHISHING.
Thanks: @3xp0rtblog
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030368 - ET TROJAN CollectorStealer CnC Exfil (trojan.rules)
2030369 - ET TROJAN VikroStealer CnC Exfil (trojan.rules)
2030370 - ET TROJAN VikroStealer Retrieving Config (trojan.rules)
2030371 - ET TROJAN Observed VikroStealer CnC Domain in TLS SNI
(trojan.rules)
2030372 - ET CURRENT_EVENTS Chalbhai Phishing Landing 2020-06-22
(current_events.rules)
2030373 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2030374 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2030375 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2030376 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2030377 - ET TROJAN Operation Interception Payload CnC Checkin
(trojan.rules)
2030378 - ET TROJAN DonotGroup Staging Domain in DNS Query (trojan.rules)
2030379 - ET MOBILE_MALWARE NSO Group Domain in DNS Lookup (urlpush .net)
(mobile_malware.rules)
2030380 - ET MOBILE_MALWARE NSO Group Domain in DNS Lookup
(free247downloads .com) (mobile_malware.rules)
Pro:
2843121 - ETPRO TROJAN Observed Babulya/CollectorStealer User-Agent
(trojan.rules)
2843122 - ETPRO CURRENT_EVENTS Successful Mimecast Phish 2020-06-22
(current_events.rules)
2843123 - ETPRO CURRENT_EVENTS Successful Facebook/Whatsapp Phish
2020-06-22 (current_events.rules)
2843124 - ETPRO CURRENT_EVENTS Successful MyEE Phish 2020-06-22
(current_events.rules)
2843125 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-22
(current_events.rules)
2843126 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-22
(current_events.rules)
2843127 - ETPRO CURRENT_EVENTS Successful Elevations Credit Union Phish
2020-06-22 (current_events.rules)
2843128 - ETPRO CURRENT_EVENTS Successful youSee Phish 2020-06-22
(current_events.rules)
2843129 - ETPRO CURRENT_EVENTS Successful Ebay DE Phish 2020-06-22
(current_events.rules)
2843130 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-22
(current_events.rules)
2843131 - ETPRO CURRENT_EVENTS Successful Orange Phish 2020-06-22
(current_events.rules)
2843132 - ETPRO CURRENT_EVENTS Successful Orange Phish 2020-06-22
(current_events.rules)
2843133 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-06-22
(current_events.rules)
2843134 - ETPRO CURRENT_EVENTS Successful Midwest Bank Phish 2020-06-22
(current_events.rules)
2843135 - ETPRO CURRENT_EVENTS Successful Pawtucket Credit Union Phish
2020-06-22 (current_events.rules)
2843136 - ETPRO TROJAN Bodegun CnC Host Initial Checkin (trojan.rules)
2843137 - ETPRO TROJAN Bodegun CnC Host Initial Checkin Response
(trojan.rules)
2843138 - ETPRO TROJAN Bodegun CnC Host Checkin (trojan.rules)
2843139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-20 1) (trojan.rules)
2843140 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-20 2) (trojan.rules)
2843141 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-06-22
(current_events.rules)
2843142 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-06-22
(current_events.rules)
2843143 - ETPRO TROJAN Win32/Remcos RAT Checkin 466 (trojan.rules)
2843144 - ETPRO TROJAN Win32/Remcos RAT Checkin 467 (trojan.rules)
2843145 - ETPRO TROJAN Win32/Remcos RAT Checkin 468 (trojan.rules)
[///] Modified active rules: [///]
2842589 - ETPRO TROJAN Observed Win32/Babulya User-Agent (trojan.rules)