[***]    Summary:    [***]

5 new OPEN, 33 new PRO (5 + 28).  CVE-2020-1300, Win32/Elysium, AsyncRAT, Various Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]  Added rules:  [+++]

Open:

2030492 - ET USER_AGENTS Observed Suspicious UA (grab)
(user_agents.rules)
2030493 - ET EXPLOIT Potentially Malicious .cab Inbound
(CVE-2020-1300) (exploit.rules)
2030494 - ET TROJAN FRAT Downloader Activity (trojan.rules)
2030495 - ET TROJAN FRAT Downloader Error Report POST (trojan.rules)
2030496 - ET TROJAN Gafgyt vbot Variant CnC (trojan.rules)

Pro:

2843444 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf /
Anubis Checkin (mobile_malware.rules)
2843445 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf /
Anubis Checkin 2 (mobile_malware.rules)
2843446 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.cf /
Anubis Checkin 3 (mobile_malware.rules)
2843447 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.ck Checkin
(mobile_malware.rules)
2843448 - ETPRO TROJAN Win32/Elysium Stealer CnC Exfil
(trojan.rules)
2843449 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2843450 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2843451 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2843452 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2843453 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-10 1) (trojan.rules)
2843454 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-10 2) (trojan.rules)
2843455 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-07-10 (current_events.rules)
2843456 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-07-10 (current_events.rules)
2843457 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-07-10
(current_events.rules)
2843458 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-10
(current_events.rules)
2843459 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2020-07-10 (current_events.rules)
2843460 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-10
(current_events.rules)
2843461 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-10
(current_events.rules)
2843462 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2020-07-10 (current_events.rules)
2843463 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-07-10 (current_events.rules)
2843464 - ETPRO CURRENT_EVENTS Successful Generic University Phish
2020-07-10 (current_events.rules)
2843465 - ETPRO CURRENT_EVENTS Successful Generic Update Account
Phish 2020-07-10 (current_events.rules)
2843466 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2020-07-10 (current_events.rules)
2843467 - ETPRO TROJAN MSIL/Spy.Keylogger.AVQ Variant Checkin via
Disord (trojan.rules)
2843468 - ETPRO TROJAN Win32/Remcos RAT Checkin 478 (trojan.rules)
2843469 - ETPRO TROJAN Win32/Remcos RAT Checkin 479 (trojan.rules)
2843470 - ETPRO TROJAN Win32/Remcos RAT Checkin 480 (trojan.rules)
2843471 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

2022815 - ET POLICY Possible SQLi Attempt in User Agent (Outbound)
(policy.rules)
2025676 - ET CURRENT_EVENTS Mailbox Update Phishing Landing M2
2016-05-16 (current_events.rules)
2025677 - ET CURRENT_EVENTS Mailbox Update Phishing Landing M1
2016-05-16 (current_events.rules)
2816218 - ETPRO TROJAN Loxes CnC Beacon (trojan.rules)
2820116 - ETPRO EXPLOIT Windows Media Center RCE Inbound Payload
(CVE-2016-0185) (exploit.rules)
2820180 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.by
Checkin (mobile_malware.rules)
2820182 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ic
Checkin (mobile_malware.rules)
2820194 - ETPRO EXPLOIT Novell ServiceDesk Authenticated File
Upload (CVE-2016-1593) (exploit.rules)
2820195 - ETPRO EXPLOIT Novell ServiceDesk Authenticated Remote
Code Execution (CVE-2016-1593) (exploit.rules)
2820196 - ETPRO TROJAN Unknown Likely APT CnC Beacon M1
(trojan.rules)
2820197 - ETPRO TROJAN Unknown Likely APT CnC Beacon M2
(trojan.rules)
2820205 - ETPRO TROJAN W32/Saber Checkin (trojan.rules)
2820213 - ETPRO CURRENT_EVENTS Hunter EK Flash Exploit URI Struct
(current_events.rules)
2820214 - ETPRO TROJAN W32/Banload.BDN Variant Checkin
(trojan.rules)
2820235 - ETPRO TROJAN Trojan.Adkor Checkin (trojan.rules)
2820253 - ETPRO TROJAN Unknown Python RAT Checkin (trojan.rules)
2820254 - ETPRO TROJAN Unknown Python RAT Keepalive (trojan.rules)
2820256 - ETPRO TROJAN Win32.Troj.Cidox Checkin 2 (trojan.rules)
2820257 - ETPRO MOBILE_MALWARE TTrojan-FakeAV.AndroidOS.Balsec.a
Downloading APK (mobile_malware.rules)
2820258 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Balsec.a
Downloading Config (mobile_malware.rules)
2820259 - ETPRO TROJAN Ursnif Inject CnC Request 4 (trojan.rules)
2820313 - ETPRO TROJAN Cript 1.0 Ransomware Installed (trojan.rules)
2820314 - ETPRO TROJAN Cript 1.0 Ransomware Disk Checkin
(trojan.rules)
2820315 - ETPRO TROJAN Cript 1.0 Ransomware File Checkin
(trojan.rules)
2836129 - ETPRO TROJAN Observed Malicious SSL Cert (Possible
Patchwork CnC) (trojan.rules)

[---] Removed rules: [---]

2843441 - ETPRO TROJAN FRAT Downloader Activity (trojan.rules)
2843442 - ETPRO TROJAN FRAT Downloader Error Report POST
(trojan.rules)

Date:
Summary title:
5 new OPEN, 33 new PRO (5 + 28). CVE-2020-1300, Win32/Elysium, AsyncRAT, Various Others.