[***] Summary: [***]
3 new OPEN, 33 new PRO (3 + 30). IndigoDrop/Cobalt Strike, RCtrl Backdoor CnC, ToxicEye Stealer, Various SSL, VARIOUS PHISH.
TIIF.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030400 - ET TROJAN Possible IndigoDrop/Cobalt Strike Download
(trojan.rules)
2030401 - ET TROJAN RCtrl Backdoor CnC Checkin M1 (trojan.rules)
2030402 - ET POLICY COCCOC Browser (VN) Installed (policy.rules)
Pro:
2843202 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-26)
(trojan.rules)
2843203 - ETPRO TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2843204 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-06-26
2) (trojan.rules)
2843205 - ETPRO TROJAN Malicious Encoded EXE Inbound (trojan.rules)
2843206 - ETPRO TROJAN ToxicEye Stealer Checkin via Telegram
(trojan.rules)
2843207 - ETPRO TROJAN ToxicEye Stealer Command via Telegram (starting
autostealer) (trojan.rules)
2843208 - ETPRO TROJAN ToxicEye Stealer Command via Telegram (uploading
file) (trojan.rules)
2843209 - ETPRO TROJAN ToxicEye Stealer Credit Card Exfil via Telegram
(trojan.rules)
2843210 - ETPRO TROJAN ToxicEye Stealer Cookies Exfil via Telegram
(trojan.rules)
2843211 - ETPRO TROJAN ToxicEye Stealer Passwords Exfil via Telegram
(trojan.rules)
2843212 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
2843213 - ETPRO TROJAN MSIL/Spy.Small.EU Variant exfil (firefoxpwd)
(trojan.rules)
2843216 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-26
(current_events.rules)
2843217 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-26
(current_events.rules)
2843218 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-26
(current_events.rules)
2843219 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-06-26 (current_events.rules)
2843220 - ETPRO CURRENT_EVENTS Successful China Mobile Phish 2020-06-26
(current_events.rules)
2843221 - ETPRO CURRENT_EVENTS Successful Shaw Webmail Phish 2020-06-26
(current_events.rules)
2843222 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-06-26
(current_events.rules)
2843223 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-26
(current_events.rules)
2843224 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-26
(current_events.rules)
2843225 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-26 (current_events.rules)
2843226 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-06-26
(current_events.rules)
2843227 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-26
(current_events.rules)
2843229 - ETPRO CURRENT_EVENTS Wells Fargo Phish 2020-06-26
(current_events.rules)
2843228 - ETPRO TROJAN PawnBAT CnC Activity (getjob) (trojan.rules)
2843230 - ETPRO TROJAN PawnBAT CnC Activity (active) (trojan.rules)
2843201 - ETPRO TROJAN PawnBAT CnC Activity (trojan.rules)
[///] Modified active rules: [///]
2821683 - ETPRO SCADA DNP3 Cold Restart (scada.rules)
[---] Disabled and modified rules: [---]
2812204 - ETPRO TROJAN Nlex UDP CnC Beacon (trojan.rules)
[---] Disabled rules: [---]
2812203 - ETPRO TROJAN Nlex TCP CnC Beacon (trojan.rules)