[***]            Summary:            [***]

5 new OPEN, 20 new PRO (15 + 5). NEWPASS, Rozena, AsyncRAT, Remcos, Various Phish.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030553 - ET WEB_CLIENT Generic Cpanel Cracker Accessed on External
Compromised Server (web_client.rules)
  2030554 - ET WEB_SERVER Generic Cpanel Cracker Accessed on Internal
Compromised Server (web_server.rules)
  2030555 - ET INFO Outbound RRSIG DNS Query Observed (info.rules)
  2030556 - ET USER_AGENTS Observed Suspicious UA (justupdate)
(user_agents.rules)
  2030557 - ET TROJAN NEWPASS CnC Client Checkin (trojan.rules)

Pro:

  2843561 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-17
(current_events.rules)
  2843562 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2020-07-17
(current_events.rules)
  2843563 - ETPRO TROJAN Win64/Rozena.EU Variant CnC Activity (trojan.rules)
  2843564 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2020-07-17 (current_events.rules)
  2843565 - ETPRO CURRENT_EVENTS Successful Generic Email Settings Phish
2020-07-17 (current_events.rules)
  2843566 - ETPRO CURRENT_EVENTS Successful Tmobile Phish 2020-07-17
(current_events.rules)
  2843567 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-07-17
(current_events.rules)
  2843568 - ETPRO CURRENT_EVENTS Successful Banreservas Phish 2020-07-17
(current_events.rules)
  2843569 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-17 1) (trojan.rules)
  2843570 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-17 2) (trojan.rules)
  2843571 - ETPRO TROJAN Win32/Remcos RAT Checkin 490 (trojan.rules)
  2843572 - ETPRO TROJAN Win32/Remcos RAT Checkin 491 (trojan.rules)
  2843573 - ETPRO TROJAN Win32/Remcos RAT Checkin 492 (trojan.rules)
  2843574 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2843575 - ETPRO CURRENT_EVENTS Successful Canadian Revenue Agency Phish
2020-07-17 (current_events.rules)

[///]     Modified active rules:     [///]

  2022929 - ET TROJAN Win32/Satana Ransomware Checkin (trojan.rules)
  2022965 - ET INFO SUSPICIOUS Excel Add-in Download M1 (info.rules)
  2022966 - ET INFO SUSPICIOUS Excel Add-in Download M2 (info.rules)
  2022968 - ET TROJAN Ranscam Ransomware Contact Form (trojan.rules)
  2022969 - ET TROJAN Win32.Razy.azv Downloading Content (trojan.rules)
  2029865 - ET WEB_CLIENT ALFA TEaM Webshell Accessed on External
Compromised Server (web_client.rules)
  2029866 - ET WEB_SERVER ALFA TEaM Webshell Accessed on Internal
Compromised Server (web_server.rules)
  2030053 - ET TROJAN Win32/IcedID Requesting Encoded Binary M4
(trojan.rules)
  2812748 - ETPRO TROJAN Win32/Banload.BAW CnC Checkin (trojan.rules)
  2815132 - ETPRO TROJAN MSIL/Spy.Agent Variant Checkin (trojan.rules)
  2815828 - ETPRO TROJAN PadCrypt CnC Checkin 2 (trojan.rules)
  2820942 - ETPRO TROJAN WildFire Locker CnC Activity (trojan.rules)
  2820946 - ETPRO TROJAN Win32/Unknown Reporting Infection (trojan.rules)
  2820952 - ETPRO TROJAN SBDH Toolkit Checkin (trojan.rules)
  2820964 - ETPRO CURRENT_EVENTS Possible USAA Phishing Landing 2016-07-05
(current_events.rules)
  2820970 - ETPRO TROJAN APT.Scarcruft CnC Beacon (pCloud) (trojan.rules)
  2820972 - ETPRO USER_AGENTS Wget User Agent (flowbits set)
(user_agents.rules)
  2820997 - ETPRO TROJAN APT 28 EK Ajax POST of Plugindetect Results
(trojan.rules)
  2821027 - ETPRO TROJAN APT.ZeroT CnC Beacon Fake User-Agent (trojan.rules)
  2821067 - ETPRO WEB_CLIENT Flash Local Security Policy Bypass M1
(CVE-2016-4178) (web_client.rules)
  2821068 - ETPRO WEB_CLIENT Flash Local Security Policy Bypass M2
(CVE-2016-4178) (web_client.rules)
  2821090 - ETPRO TROJAN AutoIt.Downloader Likely Retrieving Zekapab
(trojan.rules)
  2821091 - ETPRO TROJAN Zekapab CnC Beacon 1 (trojan.rules)
  2821092 - ETPRO TROJAN Zekapab CnC Beacon 2 (trojan.rules)
  2821093 - ETPRO TROJAN PadCrypt CnC Checkin 3 (trojan.rules)
  2821102 - ETPRO TROJAN PWS:Win32/Zbot!ZA Client Checkin M1 (trojan.rules)
  2821103 - ETPRO TROJAN PWS:Win32/Zbot!ZA Client Checkin M2 (trojan.rules)
  2821105 - ETPRO EXPLOIT Boa HTTPd RCE Attempt (exploit.rules)
  2821128 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.jm Checkin
(mobile_malware.rules)
  2821135 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.AVPass.d Checkin
(mobile_malware.rules)
  2821136 - ETPRO CURRENT_EVENTS Successful Hotmail Phish 2016-07-14
(current_events.rules)
  2821162 - ETPRO TROJAN Bolek/Kbot CnC Checkin 2 (trojan.rules)
  2821164 - ETPRO CURRENT_EVENTS Synchronize Email Account Phishing Landing
2016-07-15 (current_events.rules)
  2821171 - ETPRO CURRENT_EVENTS Webmail Account Upgrade Phishing Landing
2016-07-15 (current_events.rules)
  2821173 - ETPRO CURRENT_EVENTS Successful Generic Webmail Account Phish
2016-07-15 (current_events.rules)

Date:
Summary title:
5 new OPEN, 20 new PRO (15 + 5). NEWPASS, Rozena, AsyncRAT, Remcos, Various Phish.