[***] Summary: [***]
2 new OPEN, 29 new PRO (2 + 27). VikroStealer, MSIL/FakeSupport.DS, Win32/Ditertag.A, VARIOUS PHISHING.
Thanks: Nathan Fowler
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030381 - ET TROJAN Observed VikroStealer CnC Domain in TLS SNI
(trojan.rules)
2030382 - ET TROJAN SluttyPutty isDebuggerPresent in Fake Putty
Executable (trojan.rules)
Pro:
2843146 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-23)
(trojan.rules)
2843147 - ETPRO TROJAN MSIL/FakeSupport.DS Variant CnC Host Checkin
(trojan.rules)
2843148 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-23
(current_events.rules)
2843149 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-23
(current_events.rules)
2843150 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-06-23 (current_events.rules)
2843151 - ETPRO CURRENT_EVENTS Successful Gumtree Phish 2020-06-23
(current_events.rules)
2843152 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-06-23
(current_events.rules)
2843153 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-06-23
(current_events.rules)
2843154 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-06-23 (current_events.rules)
2843155 - ETPRO CURRENT_EVENTS Successful EMS Phish 2020-06-23
(current_events.rules)
2843156 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-23
(current_events.rules)
2843157 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-06-23 (current_events.rules)
2843158 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-06-23
(current_events.rules)
2843159 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-23
(current_events.rules)
2843160 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-06-23
(current_events.rules)
2843161 - ETPRO CURRENT_EVENTS Successful Ourtime Phish 2020-06-23
(current_events.rules)
2843162 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-06-23
(current_events.rules)
2843163 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-06-23
(current_events.rules)
2843164 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-23 (current_events.rules)
2843165 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-06-23 (current_events.rules)
2843168 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-23 1) (trojan.rules)
2843169 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-23 2) (trojan.rules)
2843170 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-23 3) (trojan.rules)
2843171 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-23 4) (trojan.rules)
2843172 - ETPRO TROJAN Win32/Ditertag.A Download Activity (trojan.rules)
[///] Modified active rules: [///]
2020825 - ET TROJAN Dridex POST Retrieving Second Stage M2 (trojan.rules)
2022477 - ET TROJAN Mokes CnC Keep-Alive (trojan.rules)
2022485 - ET WEB_SERVER Possible Compromised Webserver Retriving Inject
(web_server.rules)
2022491 - ET TROJAN Download Request Containing Suspicious Filename -
Crypted (trojan.rules)
2022492 - ET TROJAN Win32/Fluxer CnC Checkin (trojan.rules)
2030154 - ET TROJAN MASSLOGGER Client Data Exfil (POST) (trojan.rules)
2030369 - ET TROJAN VikroStealer CnC Exfil (trojan.rules)
2804439 - ETPRO TROJAN Worm.Win32.Qvod Install (trojan.rules)
2808649 - ETPRO TROJAN Backdoor.Win32.Stantinko.A Checkin 3 (trojan.rules)
2812394 - ETPRO TROJAN Dropper.Dapato Retrieving js (trojan.rules)
2815905 - ETPRO CURRENT_EVENTS Phishing Landing via Webeden.co.uk Jan 22
M1 (current_events.rules)
2816051 - ETPRO TROJAN Win32.Banload Variant Downloading EXE
(trojan.rules)
2816055 - ETPRO TROJAN APT.Everty CnC Beacon 1 (trojan.rules)
2816056 - ETPRO TROJAN APT.Everty CnC Beacon 2 (trojan.rules)
2816062 - ETPRO TROJAN APT.HelKit (BLACKCOFFEE) CnC Beacon M2
(trojan.rules)
2816065 - ETPRO TROJAN APT.Preshin CnC Beacon (trojan.rules)
2816077 - ETPRO TROJAN Win32/HydraCrypt Ransom Image Inbound
(trojan.rules)
2816090 - ETPRO TROJAN Unknown AutoHotKey Malware Checkin (trojan.rules)
2816106 - ETPRO TROJAN Chinoxy POST CnC Beacon (trojan.rules)
2816116 - ETPRO TROJAN SteamStealer Item Value Check (trojan.rules)
2816117 - ETPRO TROJAN Win32/Pottieq.A Ransomware CnC Checkin
(trojan.rules)
2816118 - ETPRO TROJAN Win32/Pottieq.A Ransomware CnC Crypted Files
(trojan.rules)
2816124 - ETPRO WEB_CLIENT Possible Malformed XSLT Payload Inbound
(CVE-2016-0033) M1 (web_client.rules)
2816125 - ETPRO WEB_CLIENT Possible Malformed XSLT Payload Inbound
(CVE-2016-0033) M2 (web_client.rules)
2816135 - ETPRO WEB_CLIENT Microsoft Office Insecure Library Loading
WebDAV GET (CVE-2016-0042) (web_client.rules)
2816138 - ETPRO WEB_CLIENT Microsoft Office Insecure Library Loading
WebDAV GET (CVE-2016-0042) 2 (web_client.rules)
2816145 - ETPRO MOBILE_MALWARE Android.Riskware.Abloshec.A Checkin
(mobile_malware.rules)
2816154 - ETPRO TROJAN Backdoor.Mizzmo Checkin 1 (trojan.rules)
2816155 - ETPRO TROJAN Backdoor.Mizzmo Checkin 2 (trojan.rules)
2816156 - ETPRO TROJAN Backdoor.Mizzmo CnC Beacon (trojan.rules)
2816157 - ETPRO TROJAN Backdoor.Mizzmo Generic CnC Beacon (trojan.rules)
2816171 - ETPRO TROJAN Smoke/Sharik HTTP 404 Containing EXE (trojan.rules)
2816186 - ETPRO TROJAN Dipsind POST CnC Beacon (trojan.rules)
2816187 - ETPRO TROJAN Dipsind GET CnC Beacon 1 (trojan.rules)
2816188 - ETPRO TROJAN Dipsind GET CnC Beacon 2 (trojan.rules)
2816189 - ETPRO TROJAN Dipsind GET CnC Beacon 3 (trojan.rules)
2816190 - ETPRO TROJAN Sharik/Smoke CnC Beacon 6 (trojan.rules)
2823117 - ETPRO INFO DNS TXT Response Contains URL (info.rules)
2834445 - ETPRO TROJAN Throwback Beacon M2 (trojan.rules)
[---] Disabled rules: [---]
2030377 - ET TROJAN Operation Interception Payload CnC Checkin
(trojan.rules)