[***]            Summary:            [***]

6 new OPEN, 41 new PRO (6 + 35).  Remcos, IcedID, CVE-2020-13699, MustangPanda, Various Rule Updates, Others.

Thanks: @reecdeep.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030666 - ET POLICY External IP Lookup SSL/TLS Certificate (ifconfig .me)
(policy.rules)
  2030667 - ET WEB_SPECIFIC_APPS vBulletin RCE Inbound (CVE-2019-16759
Bypass) (web_specific_apps.rules)
  2030668 - ET EXPLOIT TeamViewer .tvs iFrame Observed (CVE-2020-13699)
(exploit.rules)
  2030669 - ET TROJAN Observed DCRat CnC Domain in TLS SNI (trojan.rules)
  2030670 - ET TROJAN Observed IcedID CnC Domain (nothingtodo .co in TLS
SNI) (trojan.rules)
  2030671 - ET TROJAN APT Mustang Panda CnC Activity (trojan.rules)

Pro:

  2843914 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Firefox_Autocomplete) M2 (info.rules)
  2843915 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(default_Cookies.txt) M2 (info.rules)
  2843916 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Browsers/History/Firefox_) M2 (info.rules)
  2843917 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Browsers/Cookies/Thunderbird_) M2 (info.rules)
  2843918 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(General/forms.txt) M2 (info.rules)
  2843919 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(History/Mozilla.txt) M2 (info.rules)
  2843920 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(History/Edge.txt) M2 (info.rules)
  2843921 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(History/Chrome.txt) M2 (info.rules)
  2843923 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Wallets/Bitcoin.dat) M2 (trojan.rules)
  2843924 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Other/Actions.txt) M2 (info.rules)
  2843925 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Wallets/Documents.dat) M2 (info.rules)
  2843926 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(FileForms.txt) M2 (info.rules)
  2843927 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(FileCookies.txt) M2 (info.rules)
  2843928 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (FilePasswords.txt) M2 (trojan.rules)
  2843929 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (desktop.) M2 (trojan.rules)
  2843930 - ETPRO TROJAN VBS/Unk.VBSLoader Init CnC Checkin (trojan.rules)
  2843931 - ETPRO CURRENT_EVENTS Successful AWS Elasticbeanstalk Hosted
Generic Phish 2020-08-10 (current_events.rules)
  2843932 - ETPRO CURRENT_EVENTS Successful Appspot Hosted Generic Phish
2020-08-10 (current_events.rules)
  2843933 - ETPRO CURRENT_EVENTS Successful XSPH RU Hosted Generic Phish
2020-08-05 (current_events.rules)
  2843934 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2843935 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2843936 - ETPRO TROJAN Generic Ransom.BTCWare CnC Host Checkin
(trojan.rules)
  2843937 - ETPRO TROJAN Ragnarok Ransomware CnC Activity M3 (trojan.rules)
  2843938 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2020-08-10 (current_events.rules)
  2843939 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-08-10
(current_events.rules)
  2843940 - ETPRO TROJAN MSIL/Spy.Agent.AES Variant CnC Host Checkin
(trojan.rules)
  2843941 - ETPRO TROJAN MSIL/Spy.Agent.AES Variant CnC Activity M1
(trojan.rules)
  2843942 - ETPRO TROJAN MSIL/Spy.Agent.AES Variant CnC Activity M2
(trojan.rules)
  2843943 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-08 1) (trojan.rules)
  2843944 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-08 2) (trojan.rules)
  2843945 - ETPRO TROJAN Win32/Remcos RAT Checkin 518 (trojan.rules)
  2843946 - ETPRO TROJAN Win32/Remcos RAT Checkin 519 (trojan.rules)
  2843947 - ETPRO TROJAN Win32/Remcos RAT Checkin 520 (trojan.rules)
  2843948 - ETPRO TROJAN Win32/Remcos RAT Checkin 521 (trojan.rules)
  2843949 - ETPRO POLICY CyberEssentials DNS Lookup (policy.rules)

[///]     Modified active rules:     [///]

  2017753 - ET CURRENT_EVENTS Possible Successful Remax Phish - Hotmail
Creds Nov 25 2013 (current_events.rules)
  2021296 - ET CURRENT_EVENTS Successful Adobe Phish Jun 17 2015
(current_events.rules)
  2021297 - ET CURRENT_EVENTS Successful Google Drive Phish June 17 2015
(current_events.rules)
  2021298 - ET CURRENT_EVENTS Successful Dropbox Phish June 17 2015
(current_events.rules)
  2021322 - ET CURRENT_EVENTS Possible Successful Remax Phish - AOL Creds
Jun 23 2015 (current_events.rules)
  2021324 - ET CURRENT_EVENTS Possible Successful Remax Phish - Other Creds
Jun 23 2015 (current_events.rules)
  2021692 - ET CURRENT_EVENTS Possible Successful Generic Phish - Credit
Card (current_events.rules)
  2021693 - ET CURRENT_EVENTS Possible Successful Generic Phish - Three
Security Questions (current_events.rules)
  2023047 - ET CURRENT_EVENTS Adobe Shared Document Phishing Landing Nov 19
2015 (current_events.rules)
  2023061 - ET CURRENT_EVENTS Successful Excel Phish Aug 15 2016
(current_events.rules)
  2023698 - ET CURRENT_EVENTS Successful National Bank Phish Jan 05 2017
(current_events.rules)
  2023770 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish Jan 30 2017
(current_events.rules)
  2024432 - ET INFO Suspicious HTML Hex Obfuscated Title - Possible
Phishing Landing Jun 28 2017 (info.rules)
  2024443 - ET TROJAN Possible Win32/Petya Conn Check (trojan.rules)
  2024450 - ET WEB_CLIENT Possible Phishing Blockchain title over non SSL
Jul 10 2017 (web_client.rules)
  2024455 - ET TROJAN MSIL/PSW.Agent.QJK Stealer Data Exfil Via HTTP
(trojan.rules)
  2024462 - ET CURRENT_EVENTS Successful Netflix Payment Phish M1 Jan 04
2017 (current_events.rules)
  2024468 - ET WEB_SPECIFIC_APPS OGNL Expression Injection (CVE-2017-9791)
(web_specific_apps.rules)
  2024480 - ET WEB_CLIENT Tech Support Scam Landing Jul 19 2017
(web_client.rules)
  2024482 - ET TROJAN DarkHotel Downloader CnC Beacon 1 (trojan.rules)
  2024483 - ET TROJAN DarkHotel Downloader CnC Beacon 2 (trojan.rules)
  2024580 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul
06 2017 (current_events.rules)
  2024581 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul
10 2017 (current_events.rules)
  2024582 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul
11 2017 (current_events.rules)
  2024707 - ET CURRENT_EVENTS Possible Apple Phishing Landing - Title over
non SSL (current_events.rules)
  2024797 - ET CURRENT_EVENTS Possible CIBC Phishing Landing - Title over
non SSL (current_events.rules)
  2025021 - ET CURRENT_EVENTS Successful Tesco Bank Phish (set) Jul 17 2017
(current_events.rules)
  2025022 - ET CURRENT_EVENTS Successful Tesco Phish (set) M1 Jul 18 2017
(current_events.rules)
  2025023 - ET CURRENT_EVENTS Successful Tesco Phish (set) M2 Jul 18 2017
(current_events.rules)
  2025024 - ET CURRENT_EVENTS Successful Tesco Phish (set) M3 Jul 18 2017
(current_events.rules)
  2025025 - ET CURRENT_EVENTS Successful Tesco Phish (set) M4 Jul 18 2017
(current_events.rules)
  2025691 - ET CURRENT_EVENTS Chase Mobile Phishing Landing M2
(current_events.rules)
  2029672 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-12
(current_events.rules)
  2030169 - ET TROJAN Suspected USBFERRY CnC (trojan.rules)
  2030170 - ET USER_AGENTS Suspicious User-Agent (MSIE) (user_agents.rules)
  2812175 - ETPRO CURRENT_EVENTS Possible Successful Google Drive Phish M1
July 27 2015 (current_events.rules)
  2812176 - ETPRO CURRENT_EVENTS Possible Successful Google Drive Phish M2
July 27 2015 (current_events.rules)
  2812195 - ETPRO CURRENT_EVENTS Possible Successful Fedex Phish Jul 28
2015 (current_events.rules)
  2812280 - ETPRO CURRENT_EVENTS Possible Successful Apple Phish Jul 29
2015 (current_events.rules)
  2812546 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M1 Aug 20
2015 (current_events.rules)
  2812547 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M2 Aug 20
2015 (current_events.rules)
  2812557 - ETPRO CURRENT_EVENTS Successful Adobe Online Account Phish Aug
20 2015 (current_events.rules)
  2812796 - ETPRO CURRENT_EVENTS Successful Adobe Phish Aug 28 2015
(current_events.rules)
  2812828 - ETPRO CURRENT_EVENTS Successful Account Update Phish Aug 31
2015 (current_events.rules)
  2814241 - ETPRO CURRENT_EVENTS Successful Alibaba Credential Phish Oct 5
2015 (current_events.rules)
  2814801 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 6 2015
(current_events.rules)
  2815172 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Dec 2 2015
(current_events.rules)
  2815245 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 8 2015
(current_events.rules)
  2815310 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Dec 10 M1
(current_events.rules)
  2815497 - ETPRO CURRENT_EVENTS Successful Anonisma Paypal Phish Dec 28
2015 (current_events.rules)
  2815503 - ETPRO CURRENT_EVENTS Successful PHOEN!X Apple Phish M2 Dec 28
2015 (current_events.rules)
  2819995 - ETPRO CURRENT_EVENTS Successful Adobe Phish Apr 29 2016
(current_events.rules)
  2820061 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish May
4 (current_events.rules)
  2820539 - ETPRO POLICY External IP Lookup whereisip.net (policy.rules)
  2821032 - ETPRO CURRENT_EVENTS Successful Adobe Phish M1 Jul 11 2016
(current_events.rules)
  2821138 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016
(current_events.rules)
  2821139 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016
(current_events.rules)
  2821140 - ETPRO CURRENT_EVENTS Successful AOL Phish M3 Jul 14 20116
(current_events.rules)
  2821312 - ETPRO CURRENT_EVENTS Successful Adobe Phish Jul 21 2016
(current_events.rules)
  2821598 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
10 2016 (current_events.rules)
  2821870 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
26 2016 (current_events.rules)
  2821964 - ETPRO CURRENT_EVENTS Successful Generic Epass Phish Aug 31 2016
(current_events.rules)
  2822004 - ETPRO CURRENT_EVENTS Successful Account Update Phish Sept 6
2016 (current_events.rules)
  2822121 - ETPRO CURRENT_EVENTS Successful Adobe Phish Sept 14 2016
(current_events.rules)
  2822122 - ETPRO CURRENT_EVENTS Successful Personalized Phish Sept 14 2016
(current_events.rules)
  2822144 - ETPRO CURRENT_EVENTS Possible Successful Phish - Generic Form
Names Sept 9 2016 (current_events.rules)
  2822286 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sept 28 2016
(current_events.rules)
  2822292 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
Sept 29 2016 (current_events.rules)
  2822310 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sept 29 2016
(current_events.rules)
  2822313 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Sept 29 2016
(current_events.rules)
  2822376 - ETPRO CURRENT_EVENTS Successful Apple ID Phish M1 Oct 04 2016
(current_events.rules)
  2822401 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 04 2016
(current_events.rules)
  2822419 - ETPRO CURRENT_EVENTS Successful Amazon Phish M2 Oct 05 2016
(current_events.rules)
  2822665 - ETPRO CURRENT_EVENTS Successful Amazon (UK) Phish Oct 17 2016
(current_events.rules)
  2822713 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 18 2016
(current_events.rules)
  2822890 - ETPRO TROJAN W32.Cerber Ransomware README.hta HTTP Referer
(trojan.rules)
  2822891 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 26 2016
(current_events.rules)
  2822897 - ETPRO CURRENT_EVENTS Successful ABSA Phish Oct 26 2016
(current_events.rules)
  2822903 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish M1 Oct 26 2016
(current_events.rules)
  2822904 - ETPRO CURRENT_EVENTS Successful Ameli.fr Phish M2 Oct 26 2016
(current_events.rules)
  2822982 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Oct 28 2016
(current_events.rules)
  2823240 - ETPRO TROJAN EDA2 Ransomware Variants/Magic CnC Checkin
(trojan.rules)
  2823272 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Nov
15 2016 (current_events.rules)
  2823362 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish M1 Nov 18
2016 (current_events.rules)
  2823969 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Dec 20 2016
(current_events.rules)
  2824348 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Jan 10
2017 (current_events.rules)
  2824356 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Jan 11
2017 (current_events.rules)
  2824384 - ETPRO CURRENT_EVENTS Successful Personalized Generic Webmail
Phish M1 Jan 11 2017 (current_events.rules)
  2824403 - ETPRO CURRENT_EVENTS Successful Apple (CA) Phish Jan 12 2017
(current_events.rules)
  2824469 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Validation
Phish Jan 17 2017 (current_events.rules)
  2824521 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Upgrade Phish
Jan 19 2017 (current_events.rules)
  2824531 - ETPRO CURRENT_EVENTS Successful AOL Phish Jan 19 2017
(current_events.rules)
  2824559 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Jan 20
2017 (current_events.rules)
  2824662 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Jan 26
2017 (current_events.rules)
  2824855 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish M2 Feb 08 2017
(current_events.rules)
  2825252 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Mar 07 2017
(current_events.rules)
  2825882 - ETPRO CURRENT_EVENTS Successful Email Shutdown/Verification
Phish Apr 11 2017 (current_events.rules)
  2826669 - ETPRO CURRENT_EVENTS Successful Netlix Phish Jun 08 2017
(current_events.rules)
  2826787 - ETPRO TROJAN Targeted MSIL Payload CnC Beacon (trojan.rules)
  2826872 - ETPRO CURRENT_EVENTS Successful Santander Phish M1 Jun 26 2017
(current_events.rules)
  2826873 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
159 (mobile_malware.rules)
  2826874 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
160 (mobile_malware.rules)
  2826875 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Jun 26 2017
(current_events.rules)
  2826878 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jun 26 2017
(current_events.rules)
  2826881 - ETPRO CURRENT_EVENTS Possible Successful Generic Brasil Banking
Phish Jun 26 2017 (current_events.rules)
  2826882 - ETPRO CURRENT_EVENTS Successful Santander Phish M4 Jun 26 2017
(current_events.rules)
  2826883 - ETPRO CURRENT_EVENTS Successful Santander Phish M5 Jun 26 2017
(current_events.rules)
  2826885 - ETPRO CURRENT_EVENTS Successful Santander Phish M6 Jun 26 2017
(current_events.rules)
  2826886 - ETPRO CURRENT_EVENTS Successful Santander Phish M7 Jun 26 2017
(current_events.rules)
  2826887 - ETPRO CURRENT_EVENTS Successful Santander Phish M8 Jun 26 2017
(current_events.rules)
  2826888 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jun 26 2017
(current_events.rules)
  2826891 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jun 26 2017
(current_events.rules)
  2826894 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Jun 27 2017
(current_events.rules)
  2826897 - ETPRO CURRENT_EVENTS Phantom Phishing Landing (Various Brands)
Jun 27 2017 (current_events.rules)
  2826898 - ETPRO CURRENT_EVENTS Possible Successful Phantom Phish (Various
Brands) Jun 27 2017 (current_events.rules)
  2826899 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
161 (mobile_malware.rules)
  2826901 - ETPRO MOBILE_MALWARE Android Trojan-Spy Contact/SMS Exfil
(mobile_malware.rules)
  2826905 - ETPRO CURRENT_EVENTS Capital One Phishing Landing Jun 28 2017
(current_events.rules)
  2826906 - ETPRO CURRENT_EVENTS Successful Capital One Phish Jun 28 2017
(current_events.rules)
  2826908 - ETPRO CURRENT_EVENTS Successful Postfinance Phish Jun 28 2017
(current_events.rules)
  2826909 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish Jun 27
2017 (current_events.rules)
  2826911 - ETPRO CURRENT_EVENTS Successful Google Drive Phish M2 Jun 28
2017 (current_events.rules)
  2826913 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish Jun 28 2017
(current_events.rules)
  2826914 - ETPRO INFO Form Submitted to Form2pay.com - Possible Successful
Phish Jun 28 2017 (info.rules)
  2826916 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jun 28 2017
(current_events.rules)
  2826917 - ETPRO CURRENT_EVENTS Facebook Account Verification Phishing
Landing Jun 28 2017 (current_events.rules)
  2826918 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
162 (mobile_malware.rules)
  2826925 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload June 26 2017
(current_events.rules)
  2826928 - ETPRO TROJAN MSIL/SprRapty CnC Checkin (trojan.rules)
  2826929 - ETPRO TROJAN MSIL/SprRapty Sending Screenshots (trojan.rules)
  2826934 - ETPRO CURRENT_EVENTS Successful Stanford Phish Jun 29 2017
(current_events.rules)
  2826937 - ETPRO CURRENT_EVENTS Successful Adobe PDF Phish Jun 29 2017
(current_events.rules)
  2826938 - ETPRO CURRENT_EVENTS Successful Comerica Bank Phish M1 Jun 29
2017 (current_events.rules)
  2826939 - ETPRO CURRENT_EVENTS Successful Comerica Bank Phish M2 Jun 29
2017 (current_events.rules)
  2826942 - ETPRO CURRENT_EVENTS Successful Royal Bank of Scotland Phish M1
Jun 29 2017 (current_events.rules)
  2826943 - ETPRO CURRENT_EVENTS Successful Royal Bank of Scotland Phish M2
Jun 29 2017 (current_events.rules)
  2826944 - ETPRO CURRENT_EVENTS Successful Royal Bank of Scotland Phish M3
Jun 29 2017 (current_events.rules)
  2826946 - ETPRO CURRENT_EVENTS Successful UPS Phish Jun 29 2017
(current_events.rules)
  2826947 - ETPRO CURRENT_EVENTS Successful TD Bank Phish Jun 29 2017
(current_events.rules)
  2826949 - ETPRO CURRENT_EVENTS Successful Netflix Phish M1 Jun 29 2017
(current_events.rules)
  2826950 - ETPRO CURRENT_EVENTS Successful Netflix Phish M2 Jun 29 2017
(current_events.rules)
  2826957 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
163 (mobile_malware.rules)
  2826958 - ETPRO MOBILE_MALWARE Android/Spy.Agent.WH Checkin
(mobile_malware.rules)
  2826960 - ETPRO TROJAN Win32/Agent.SNZ CnC Checkin 2 (trojan.rules)
  2826981 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
164 (mobile_malware.rules)
  2826982 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
165 (mobile_malware.rules)
  2826983 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
166 (mobile_malware.rules)
  2826984 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
167 (mobile_malware.rules)
  2826985 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
168 (mobile_malware.rules)
  2826988 - ETPRO CURRENT_EVENTS Successful Chase Mobile Phish M2 Jul 05
2017 (current_events.rules)
  2826989 - ETPRO CURRENT_EVENTS Chase Mobile Phishing Landing M1
(current_events.rules)
  2826991 - ETPRO TROJAN Win32/Agent.SCO Variant CnC Activity (trojan.rules)
  2826993 - ETPRO CURRENT_EVENTS Successful Outlook Webmail Account Phish
Jul 05 2017 (current_events.rules)
  2826996 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jul 05 2017
(current_events.rules)
  2827000 - ETPRO CURRENT_EVENTS Successful Paypal Phish (Confirm Address)
Jul 05 2017 (current_events.rules)
  2827003 - ETPRO CURRENT_EVENTS Paypal Phishing Landing M1 Jul 05 2017
(current_events.rules)
  2827004 - ETPRO CURRENT_EVENTS Paypal Phishing Landing M2 Jul 05 2017
(current_events.rules)
  2827006 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
169 (mobile_malware.rules)
  2827031 - ETPRO CURRENT_EVENTS Successful Chase Phish Jul 06 2017
(current_events.rules)
  2827035 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish Jul 06 2017
(current_events.rules)
  2827036 - ETPRO TROJAN Unknown Powershell CnC Heartbeat (trojan.rules)
  2827046 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
170 (mobile_malware.rules)
  2827050 - ETPRO CURRENT_EVENTS Successful Outlook Phish Jul 07 2017
(current_events.rules)
  2827051 - ETPRO CURRENT_EVENTS Successful DHL Phish Jul 07 2017
(current_events.rules)
  2827053 - ETPRO CURRENT_EVENTS Successful Expedia Partner Central Phish
Jul 07 2017 (current_events.rules)
  2827056 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Jul 07 2017
(current_events.rules)
  2827058 - ETPRO CURRENT_EVENTS Successful Email Shutdown Phish Jul 07
2017 (current_events.rules)
  2827059 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
171 (mobile_malware.rules)
  2827060 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
172 (mobile_malware.rules)
  2827061 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
173 (mobile_malware.rules)
  2827063 - ETPRO CURRENT_EVENTS Successful Commerce Bank Phish Jul 10 2017
(current_events.rules)
  2827073 - ETPRO CURRENT_EVENTS Successful Norton Email Scan Phish Jul 11
2017 (current_events.rules)
  2827079 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Jul 11
2017 (current_events.rules)
  2827081 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
174 (mobile_malware.rules)
  2827083 - ETPRO CURRENT_EVENTS Successful OWA Phish Jul 11 2017
(current_events.rules)
  2827110 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
175 (mobile_malware.rules)
  2827115 - ETPRO TROJAN MSIL/Ovidiy Stealer Reporting Passwords
(trojan.rules)
  2827122 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
176 (mobile_malware.rules)
  2827127 - ETPRO TROJAN vjw0rm Exfiltration via User-Agent Header
(trojan.rules)
  2827138 - ETPRO CURRENT_EVENTS Successful Kiwibank Phish Jul 14 2017
(current_events.rules)
  2827145 - ETPRO TROJAN Monsoon APT Backdoor Checkin M1 (trojan.rules)
  2827155 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
177 (mobile_malware.rules)
  2827156 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
178 (mobile_malware.rules)
  2827170 - ETPRO CURRENT_EVENTS Erebus Infected Site (current_events.rules)
  2827181 - ETPRO CURRENT_EVENTS Successful Tesco Bank Phish Jul 17 2017
(current_events.rules)
  2827188 - ETPRO POLICY External IP Address Lookup (utrace .de)
(policy.rules)
  2827198 - ETPRO CURRENT_EVENTS Successful Generic Phish - Redirect to
Google Jul 18 2017 (current_events.rules)
  2827199 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
179 (mobile_malware.rules)
  2827200 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Jul 18
2017 (current_events.rules)
  2827203 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
180 (mobile_malware.rules)
  2827211 - ETPRO TROJAN Win32/Harmony.A Checkin (trojan.rules)
  2827212 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Jul 19 2017
(current_events.rules)
  2827214 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Jul 19 2017
(current_events.rules)
  2827216 - ETPRO CURRENT_EVENTS Successful Apple Phish M5 Jul 19 2017
(current_events.rules)
  2827221 - ETPRO CURRENT_EVENTS Successful Successful PHOEN!X Apple Phish
Jul 19 2017 (current_events.rules)
  2827223 - ETPRO CURRENT_EVENTS Successful Docusign Phish Jul 19 2017
(current_events.rules)
  2827224 - ETPRO CURRENT_EVENTS Successful Account Verification Phish Jul
19 2017 (current_events.rules)
  2827229 - ETPRO TROJAN Win32.Reconyc.iddk Retrieving Payload
(trojan.rules)
  2827240 - ETPRO TROJAN MSIL/Unk.CoinMiner/PWS Password Exfil
(trojan.rules)
  2827248 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jul 20 2017
(current_events.rules)
  2827249 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Jul 20 2017
(current_events.rules)
  2827250 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Jul 20 2017
(current_events.rules)
  2827256 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
181 (mobile_malware.rules)
  2827257 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
182 (mobile_malware.rules)
  2827258 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
183 (mobile_malware.rules)
  2827266 - ETPRO TROJAN MSIL/InstagramAccount Bot CnC Checkin
(trojan.rules)
  2827267 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
184 (mobile_malware.rules)
  2827269 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
185 (mobile_malware.rules)
  2827270 - ETPRO TROJAN Genome K2T IP Check (trojan.rules)
  2830016 - ETPRO CURRENT_EVENTS Successful Itaucard Phish 2018-03-16
(current_events.rules)
  2833162 - ETPRO CURRENT_EVENTS Successful 1&1 Hosting Phish 2018-10-17
(current_events.rules)
  2833385 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2018-10-31
(current_events.rules)
  2836270 - ETPRO TROJAN QuasarRAT C2 Init (trojan.rules)
  2843335 - ETPRO TROJAN SandMe CnC Host Checkin (trojan.rules)
  2843377 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-07-07
(current_events.rules)
  2843462 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-07-10
(current_events.rules)

[---]         Removed rules:         [---]

  2834614 - ETPRO CURRENT_EVENTS Successful AliExpress Phish 2019-01-28
(current_events.rules)

Date:
Summary title:
6 new OPEN, 41 new PRO (6 + 35). Remcos, IcedID, CVE-2020-13699, MustangPanda, Various Rule Updates, Others.