[***]            Summary:            [***]

9 new OPEN, 30 new PRO (9 + 21). Android/TrojanDropper.Shedun.V, Win32/Caypnamer , IcedID TLS Sigs, Various Phishing

Thanks: @malware_traffic.

We're pleased to announce the availability of rules generated from the excellent work from the 3CORESec team.  The file (3coresec.rules) is available within the ETOPEN ruleset and will be updated with every release.  Details on the 3CoreSec blocklist can be found at https://blacklist.3coresec.net.  3CORESec rules have been allocated SIDs starting at 2525000.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030565 - ET MALWARE Downer.B Variant Checkin (malware.rules)
2030566 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030567 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030568 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030569 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030570 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030571 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030572 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2030573 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)

Pro:

2843599 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.NX Checkin
(mobile_malware.rules)
2843600 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.V Checkin
(mobile_malware.rules)
2843601 - ETPRO POLICY External IP Lookup via ip ip2c .org (policy.rules)
2843602 - ETPRO TROJAN Likely Evil Request for Invoke-Mimikatz
(trojan.rules)
2843603 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-21 1) (trojan.rules)
2843604 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-21 2) (trojan.rules)
2843605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-21 3) (trojan.rules)
2843606 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-21 4) (trojan.rules)
2843607 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-21 5) (trojan.rules)
2843608 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-21 6) (trojan.rules)
2843610 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-21
(current_events.rules)
2843611 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-21
(current_events.rules)
2843612 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish 2020-07-21
(current_events.rules)
2843613 - ETPRO CURRENT_EVENTS Successful Singtel Phish 2020-07-21
(current_events.rules)
2843614 - ETPRO TROJAN Win32/Delf.ATM Banker Variant Checkin (trojan.rules)
2843615 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2020-07-21
(current_events.rules)
2843616 - ETPRO TROJAN Win32/Remcos RAT Checkin 497 (trojan.rules)
2843617 - ETPRO TROJAN Win32/Remcos RAT Checkin 498 (trojan.rules)
2843618 - ETPRO TROJAN Win32/Remcos RAT Checkin 499 (trojan.rules)
2843619 - ETPRO MALWARE Win32/Caypnamer CnC Activity M2 (malware.rules)

[///]     Modified active rules:     [///]

2806768 - ETPRO TROJAN Win32/BestaFera Variant Checkin (trojan.rules)
2821118 - ETPRO TROJAN Win32/Spy.Banker.ADBY Checkin (trojan.rules)

Date:
Summary title:
9 new OPEN, 30 new PRO (9 + 21). Android/TrojanDropper.Shedun.V, Win32/Caypnamer , IcedID TLS Sigs, Various Phishing