[***]    Summary:    [***]

23 new OPEN, 42 new PRO (23 + 19).  CobaltStrike, Various Phish, Various CoinMiners, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]  Added rules:  [+++]

Open:

2030446 - ET WEB_CLIENT Predator the Thief Password Prompt Accessed
on External Compromised Server (web_client.rules)
2030447 - ET WEB_SERVER Predator the Thief Password Prompt Accessed
on Internal Compromised Server (web_server.rules)
2030448 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030449 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030450 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030451 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030452 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030453 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030454 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030455 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030456 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030457 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030458 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030459 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030460 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030461 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030462 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030463 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030464 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030465 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030466 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2030467 - ET TROJAN Observed CobaltStrike CnC Domain in TLS SNI
(trojan.rules)
2030468 - ET POLICY go-external-ip library User-Agent (policy.rules)

Pro:

2843310 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-03 1) (trojan.rules)
2843311 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-03 2) (trojan.rules)
2843312 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-03 3) (trojan.rules)
2843313 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-03 4) (trojan.rules)
2843314 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-03
(current_events.rules)
2843315 - ETPRO CURRENT_EVENTS Successful IONOS Webmail Phish
2020-07-03 (current_events.rules)
2843316 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-07-03
(current_events.rules)
2843317 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish
2020-07-03 (current_events.rules)
2843318 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-07-03 (current_events.rules)
2843319 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-07-03 (current_events.rules)
2843320 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-03 (current_events.rules)
2843321 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-03 (current_events.rules)
2843322 - ETPRO CURRENT_EVENTS Successful Posteitaliane Phish
2020-07-03 (current_events.rules)
2843323 - ETPRO CURRENT_EVENTS Successful Santander Phish
2020-07-03 (current_events.rules)
2843324 - ETPRO CURRENT_EVENTS Successful Santander Phish
2020-07-03 (current_events.rules)
2843325 - ETPRO CURRENT_EVENTS Successful Telekom/Tmobile Phish
2020-07-03 (current_events.rules)
2843326 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2020-07-03
(current_events.rules)
2843327 - ETPRO TROJAN Win64/TrojanDownloader.Agent.FY CnC Activity
M1 (trojan.rules)
2843328 - ETPRO TROJAN Win64/TrojanDownloader.Agent.FY CnC Activity
M2 (trojan.rules)

Date:
Summary title:
23 new OPEN, 42 new PRO (23 + 19). CobaltStrike, Various Phish, Various CoinMiners, Others.