[***] Summary: [***]
7 new OPEN, 26 new PRO (7 + 19). ThiefQuest, Win32/Fsysna.hlwd, Win32/Spy.Banker.QEO, BlackClaw Ransomware, VARIOUS PHISHING.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030607 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-07-29)
(trojan.rules)
2030608 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
2030609 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
2030610 - ET CURRENT_EVENTS Possible Phishing Landing Captcha Check
(current_events.rules)
2030611 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on External
Server (current_events.rules)
2030612 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on Internal
Server (current_events.rules)
2030613 - ET TROJAN ThiefQuest CnC Domain in DNS Lookup (trojan.rules)
Pro:
2843728 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-07-29)
(trojan.rules)
2843729 - ETPRO TROJAN Win32/Fsysna.hlwd CnC Checkin (trojan.rules)
2843730 - ETPRO POLICY AppWizard Installer (Possible PUP/PUA) Activity
(policy.rules)
2843731 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2843732 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2843733 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-29 1) (trojan.rules)
2843734 - ETPRO TROJAN Win32/Spy.Banker.QEO Variant CnC Host Checkin
(trojan.rules)
2843735 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-07-29
(current_events.rules)
2843736 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2020-07-29
(current_events.rules)
2843737 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-07-29 (current_events.rules)
2843738 - ETPRO CURRENT_EVENTS Successful Generic Phish (parent.location)
M1 2020-07-29 (current_events.rules)
2843739 - ETPRO CURRENT_EVENTS Successful Generic Phish (parent.location)
M2 2020-07-29 (current_events.rules)
2843740 - ETPRO CURRENT_EVENTS Possible Successful Firebase Hosted Phish
2020-07-29 (current_events.rules)
2843741 - ETPRO CURRENT_EVENTS Possible Successful Firebase Hosted Phish
2020-07-29 (current_events.rules)
2843742 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-07-29 (current_events.rules)
2843743 - ETPRO CURRENT_EVENTS Successful Generic Personalized Phish
2020-07-29 (current_events.rules)
2843744 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-29
(current_events.rules)
2843745 - ETPRO TROJAN BlackClaw Ransomware Domain in DNS Lookup
(trojan.rules)
2843746 - ETPRO TROJAN BlackClaw Ransomware CnC (trojan.rules)
[///] Modified active rules: [///]
2007695 - ET POLICY Windows 98 User-Agent Detected - Possible Malware or
Non-Updated System (policy.rules)
2023306 - ET TROJAN Anuna PHP Backdoor Sucessful Exploit (trojan.rules)
2023964 - ET CURRENT_EVENTS Successful WeTransfer Phish Oct 04 2016
(current_events.rules)
2025002 - ET CURRENT_EVENTS Successful Personalized OWA Webmail Phish Oct
04 2016 (current_events.rules)
2809023 - ETPRO TROJAN Pkybot Checkin (trojan.rules)
2815287 - ETPRO TROJAN RTM Banker CnC M1 (trojan.rules)
2815288 - ETPRO TROJAN RTM Banker CnC M2 (trojan.rules)
2815661 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
(mobile_malware.rules)
2815900 - ETPRO INFO Possible Phishing Landing via MoonFruit.com (set)
Jan 22 (info.rules)
2815901 - ETPRO INFO Possible Phishing Landing via MoonFruit.com Jan 22
M1 (info.rules)
2815902 - ETPRO INFO Possible Phishing Landing via MoonFruit.com Jan 22
M2 (info.rules)
2815903 - ETPRO INFO Possible Phishing Landing via MoonFruit.com Jan 22
M3 (info.rules)
2815963 - ETPRO INFO Possible Phishing Landing via Moonfruit Jan 26 M2
(info.rules)
2822285 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish Sept 28
2016 (current_events.rules)
2822289 - ETPRO CURRENT_EVENTS Unknown MalDoc Requesting Remote Template
M1 (current_events.rules)
2822293 - ETPRO TROJAN AgentTesla PWS Exfil via HTTP (trojan.rules)
2822294 - ETPRO POLICY Internal Host Retrieving External IP Address (
geolocation.com) (policy.rules)
2822295 - ETPRO TROJAN iSpy/HawkSpy Keylogger PWS Checkin via HTTP
(trojan.rules)
2822296 - ETPRO TROJAN iSpy/HawkSpy Keylogger PWS Checkin via HTTP M2
(trojan.rules)
2822303 - ETPRO TROJAN BKDR_ASPXSPY.A Checkin (trojan.rules)
2822311 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Sept 29 2016
(current_events.rules)
2822325 - ETPRO TROJAN Win32/CONFUCIUS_B CnC Checkin (trojan.rules)
2822330 - ETPRO TROJAN MSIL/Eskimo.A Steam PWS Fake Alert (trojan.rules)
2822334 - ETPRO CURRENT_EVENTS Successful Facebook Phish M1 Sep 30 2016
(current_events.rules)
2822340 - ETPRO CURRENT_EVENTS Successful Postbank Online Banking Phish
M1 Sep 30 2016 (current_events.rules)
2822341 - ETPRO CURRENT_EVENTS Successful Postbank Online Banking Phish
M2 Sep 30 2016 (current_events.rules)
2822344 - ETPRO TROJAN MSIL/Bazidow.A CnC Checkin (trojan.rules)
2822360 - ETPRO INFO Possible Phishing Landing via Moonfruit Oct 3 M1
(info.rules)
2822361 - ETPRO INFO Possible Phishing Landing via Moonfruit Oct 3 M2
(info.rules)
2822363 - ETPRO TROJAN Win32/Agent.XWB CnC Beacon (trojan.rules)
2822364 - ETPRO CURRENT_EVENTS Unknown MalDoc Requesting Remote Template
M2 (current_events.rules)
2822368 - ETPRO WEB_CLIENT Suspicious Byethost Phishing Redirect Oct 04
2016 (web_client.rules)
2822373 - ETPRO CURRENT_EVENTS Successful Generic OWA Phish Oct 04 2016
(current_events.rules)
2822381 - ETPRO CURRENT_EVENTS Paypal Phishing Landing (DE) Oct 04 2016
(current_events.rules)
2822384 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Oct 04 2016
(fbset) (current_events.rules)
2822385 - ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to EK Oct
04 2016 (BossTDS) M1 (current_events.rules)