[***]            Summary:            [***]

2 new OPEN, 29 new PRO (2 + 27). VikroStealer, MSIL/FakeSupport.DS, Win32/Ditertag.A, VARIOUS PHISHING.

Thanks: Nathan Fowler

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030381 - ET TROJAN Observed VikroStealer CnC Domain in TLS SNI
(trojan.rules)
  2030382 - ET TROJAN SluttyPutty isDebuggerPresent in Fake Putty
Executable (trojan.rules)

Pro:

  2843146 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-23)
(trojan.rules)
  2843147 - ETPRO TROJAN MSIL/FakeSupport.DS Variant CnC Host Checkin
(trojan.rules)
  2843148 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-23
(current_events.rules)
  2843149 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-23
(current_events.rules)
  2843150 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-06-23 (current_events.rules)
  2843151 - ETPRO CURRENT_EVENTS Successful Gumtree Phish 2020-06-23
(current_events.rules)
  2843152 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-06-23
(current_events.rules)
  2843153 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-06-23
(current_events.rules)
  2843154 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-06-23 (current_events.rules)
  2843155 - ETPRO CURRENT_EVENTS Successful EMS Phish 2020-06-23
(current_events.rules)
  2843156 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-23
(current_events.rules)
  2843157 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-06-23 (current_events.rules)
  2843158 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-06-23
(current_events.rules)
  2843159 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-23
(current_events.rules)
  2843160 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-06-23
(current_events.rules)
  2843161 - ETPRO CURRENT_EVENTS Successful Ourtime Phish 2020-06-23
(current_events.rules)
  2843162 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-06-23
(current_events.rules)
  2843163 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-06-23
(current_events.rules)
  2843164 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-23 (current_events.rules)
  2843165 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-06-23 (current_events.rules)
  2843168 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-23 1) (trojan.rules)
  2843169 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-23 2) (trojan.rules)
  2843170 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-23 3) (trojan.rules)
  2843171 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-23 4) (trojan.rules)
  2843172 - ETPRO TROJAN Win32/Ditertag.A Download Activity (trojan.rules)

[///]     Modified active rules:     [///]

  2020825 - ET TROJAN Dridex POST Retrieving Second Stage M2 (trojan.rules)
  2022477 - ET TROJAN Mokes CnC Keep-Alive (trojan.rules)
  2022485 - ET WEB_SERVER Possible Compromised Webserver Retriving Inject
(web_server.rules)
  2022491 - ET TROJAN Download Request Containing Suspicious Filename -
Crypted (trojan.rules)
  2022492 - ET TROJAN Win32/Fluxer CnC Checkin (trojan.rules)
  2030154 - ET TROJAN MASSLOGGER Client Data Exfil (POST) (trojan.rules)
  2030369 - ET TROJAN VikroStealer CnC Exfil (trojan.rules)
  2804439 - ETPRO TROJAN Worm.Win32.Qvod Install (trojan.rules)
  2808649 - ETPRO TROJAN Backdoor.Win32.Stantinko.A Checkin 3 (trojan.rules)
  2812394 - ETPRO TROJAN Dropper.Dapato Retrieving js (trojan.rules)
  2815905 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 22
M1 (current_events.rules)
  2816051 - ETPRO TROJAN Win32.Banload Variant Downloading EXE
(trojan.rules)
  2816055 - ETPRO TROJAN APT.Everty CnC Beacon 1 (trojan.rules)
  2816056 - ETPRO TROJAN APT.Everty CnC Beacon 2 (trojan.rules)
  2816062 - ETPRO TROJAN APT.HelKit (BLACKCOFFEE) CnC Beacon M2
(trojan.rules)
  2816065 - ETPRO TROJAN APT.Preshin CnC Beacon (trojan.rules)
  2816077 - ETPRO TROJAN Win32/HydraCrypt Ransom Image Inbound
(trojan.rules)
  2816090 - ETPRO TROJAN Unknown AutoHotKey Malware Checkin (trojan.rules)
  2816106 - ETPRO TROJAN Chinoxy POST CnC Beacon (trojan.rules)
  2816116 - ETPRO TROJAN SteamStealer Item Value Check (trojan.rules)
  2816117 - ETPRO TROJAN Win32/Pottieq.A Ransomware CnC Checkin
(trojan.rules)
  2816118 - ETPRO TROJAN Win32/Pottieq.A Ransomware CnC Crypted Files
(trojan.rules)
  2816124 - ETPRO WEB_CLIENT Possible Malformed XSLT Payload Inbound
(CVE-2016-0033) M1 (web_client.rules)
  2816125 - ETPRO WEB_CLIENT Possible Malformed XSLT Payload Inbound
(CVE-2016-0033) M2 (web_client.rules)
  2816135 - ETPRO WEB_CLIENT Microsoft Office Insecure Library Loading
WebDAV GET (CVE-2016-0042) (web_client.rules)
  2816138 - ETPRO WEB_CLIENT Microsoft Office Insecure Library Loading
WebDAV GET (CVE-2016-0042) 2 (web_client.rules)
  2816145 - ETPRO MOBILE_MALWARE Android.Riskware.Abloshec.A Checkin
(mobile_malware.rules)
  2816154 - ETPRO TROJAN Backdoor.Mizzmo Checkin 1 (trojan.rules)
  2816155 - ETPRO TROJAN Backdoor.Mizzmo Checkin 2 (trojan.rules)
  2816156 - ETPRO TROJAN Backdoor.Mizzmo CnC Beacon (trojan.rules)
  2816157 - ETPRO TROJAN Backdoor.Mizzmo Generic CnC Beacon (trojan.rules)
  2816171 - ETPRO TROJAN Smoke/Sharik HTTP 404 Containing EXE (trojan.rules)
  2816186 - ETPRO TROJAN Dipsind POST CnC Beacon (trojan.rules)
  2816187 - ETPRO TROJAN Dipsind GET CnC Beacon 1 (trojan.rules)
  2816188 - ETPRO TROJAN Dipsind GET CnC Beacon 2 (trojan.rules)
  2816189 - ETPRO TROJAN Dipsind GET CnC Beacon 3 (trojan.rules)
  2816190 - ETPRO TROJAN Sharik/Smoke CnC Beacon 6 (trojan.rules)
  2823117 - ETPRO INFO DNS TXT Response Contains URL (info.rules)
  2834445 - ETPRO TROJAN Throwback Beacon M2 (trojan.rules)

[---]         Disabled rules:        [---]

  2030377 - ET TROJAN Operation Interception Payload CnC Checkin
(trojan.rules)

Date:
Summary title:
2 new OPEN, 29 new PRO (2 + 27). VikroStealer, MSIL/FakeSupport.DS, Win32/Ditertag.A, VARIOUS PHISHING.