[***] Summary: [***]
6 new OPEN, 28 new PRO (6 + 22). JS/Ostap, Zynn, ELF/Mirai Variant, Omega CnC, MassLogger, VARIOUS PHISHING.
Thanks: @malwrhunterteam.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030601 - ET TROJAN JS/Ostap CnC Activity (trojan.rules)
2030602 - ET TROJAN Observed Malicious SSL Cert (JS/Ostap CnC)
(trojan.rules)
2030603 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M1 (current_events.rules)
2030604 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M2 (current_events.rules)
2030605 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M3 (current_events.rules)
2030606 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M4 (current_events.rules)
Pro:
2843705 - ETPRO POLICY Zynn DNS Lookup (policy.rules)
2843706 - ETPRO POLICY Zynn DNS Lookup 2 (policy.rules)
2843707 - ETPRO POLICY Totok DNS Lookup (policy.rules)
2843708 - ETPRO POLICY Tiktok DNS Lookup (policy.rules)
2843709 - ETPRO POLICY Byteoversea TikTok related DNS Lookup
(policy.rules)
2843710 - ETPRO POLICY Tiktok DNS Lookup 2 (policy.rules)
2843711 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload 2020-07-27
(current_events.rules)
2843712 - ETPRO TROJAN Observed Elysium/Taurus Stealer CnC Domain in TLS
SNI (trojan.rules)
2843713 - ETPRO TROJAN ELF/Mirai Variant CnC Checkin (trojan.rules)
2843714 - ETPRO CURRENT_EVENTS Successful Westpac Phish 2020-07-28
(current_events.rules)
2843715 - ETPRO CURRENT_EVENTS Successful Westpac Phish 2020-07-28
(current_events.rules)
2843716 - ETPRO CURRENT_EVENTS Successful Westpac Phish 2020-07-28
(current_events.rules)
2843717 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
(current_events.rules)
2843718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-28 1) (trojan.rules)
2843719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-28 2) (trojan.rules)
2843720 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-28 3) (trojan.rules)
2843721 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-28 4) (trojan.rules)
2843722 - ETPRO TROJAN Omega CnC Activity (trojan.rules)
2843723 - ETPRO TROJAN MassLogger Client Exfil FTP (trojan.rules)
2843724 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2843725 - ETPRO CURRENT_EVENTS Successful Netflix Credential Phish
2020-07-28 (current_events.rules)
2843726 - ETPRO CURRENT_EVENTS Successful Hetzner Credential Phish
2020-07-28 (current_events.rules)
[///] Modified active rules: [///]
2030599 - ET TROJAN IP Grabber CnC Activity (trojan.rules)
2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules)
2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules)
2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules)
2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules)
2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules)
2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules)
2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules)
2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules)
2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules)
2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules)
2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules)
2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules)
2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules)
2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules)
2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules)
2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules)
2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules)
2822245 - ETPRO TROJAN MSIL.ShopBot.avf Downloader URI Geo Response
(trojan.rules)
2822247 - ETPRO TROJAN MSIL.ShopBot.avf Downloader Execute Command
Response (trojan.rules)
2822254 - ETPRO CURRENT_EVENTS Successful Apple Phish Sept 27 2016
(current_events.rules)
2822259 - ETPRO TROJAN Dreambot/Gozi DGA Seed Request (trojan.rules)
2836763 - ETPRO CURRENT_EVENTS Successful Generic Login Verification
Phish 2019-06-10 (current_events.rules)
2837474 - ETPRO POLICY Suspicious Localhost SSL/TLS Certificate Observed
(policy.rules)