[***] Summary: [***]
7 new OPEN, 18 new PRO (7 + 11). GoldenSpy, Rovnix, RHttpCtrl, BlackMoon, Kwapi, VARIOUS PHISHING.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030392 - ET POLICY Suspicious Terse Request for .pif (policy.rules)
2030393 - ET TROJAN Unk.PowerShell Reporting System Information
(trojan.rules)
2030394 - ET TROJAN GoldenSpy CnC Activity (trojan.rules)
2030395 - ET TROJAN Rovnix CnC Domain in DNS Query (trojan.rules)
2030396 - ET TROJAN GoldenSpy CnC Activity (trojan.rules)
2030397 - ET TROJAN RHttpCtrl Backdoor CnC (trojan.rules)
2030398 - ET TROJAN RCtrl Backdoor CnC Checkin M2 (trojan.rules)
Pro:
2843190 - ETPRO TROJAN BlackMoonRAT CnC Checkin (trojan.rules)
2843191 - ETPRO TROJAN BlackMoonRAT CnC Keep-Alive (Outbound)
(trojan.rules)
2843192 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
2843193 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-06-25
(current_events.rules)
2843194 - ETPRO CURRENT_EVENTS Successful AOL Phish 2020-06-25
(current_events.rules)
2843195 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2020-06-25 (current_events.rules)
2843196 - ETPRO CURRENT_EVENTS Successful TIM Phish 2020-06-25
(current_events.rules)
2843197 - ETPRO TROJAN MSIL/Filecoder.AAJ Variant CnC Host Checkin
(trojan.rules)
2843198 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-25 1) (trojan.rules)
2843199 - ETPRO TROJAN Win32/Kwapi CnC Checkin (trojan.rules)
2843200 - ETPRO TROJAN Win32/Remcos RAT Checkin 469 (trojan.rules)
[///] Modified active rules: [///]
2823676 - ETPRO TROJAN Win32 QuasarRAT 1.3/VenomRAT Connectivity Check
(trojan.rules)