[***]            Summary:            [***]

4 new OPEN, 31 new PRO (4 + 27).  CVE-2020-1567, CVE-2020-1570, Avalon Stealer, Various Rule Edits, Various Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030672 - ET TROJAN MSIL/JobCrypter Ransomware Checkin via SMTP
(trojan.rules)
  2030673 - ET TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2030674 - ET TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2030675 - ET TROJAN Win32/Tofsee Pharma Spam Template Active - Outbound
Email Spam (trojan.rules)

Pro:

  2843950 - ETPRO TROJAN Win32/BR.Bit8 Keylogger Checkin via SMTP
(trojan.rules)
  2843951 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Screensh0t.) M2 (trojan.rules)
  2843952 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Cookies_List.txt) M2 (info.rules)
  2843953 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Hardware.txt) M2 (info.rules)
  2843954 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Prgrm.txt) M2 (info.rules)
  2843955 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(CookiesList.txt) M2 (info.rules)
  2843956 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Passwords.txt) M2 (trojan.rules)
  2843957 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(cookieDomains.log) M2 (info.rules)
  2843958 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-11 1) (trojan.rules)
  2843959 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-11 2) (trojan.rules)
  2843960 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-11 3) (trojan.rules)
  2843961 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-11 4) (trojan.rules)
  2843962 - ETPRO TROJAN Avalon Stealer CnC Activity (trojan.rules)
  2843963 - ETPRO TROJAN Win32/Agent.OHX Variant CnC Activity (trojan.rules)
  2843964 - ETPRO MALWARE Win32/Sidejet Activity (malware.rules)
  2843965 - ETPRO TROJAN Win32/VB.OES CnC Activity (trojan.rules)
  2843966 - ETPRO TROJAN Blackmoon Downloader Activity M1 (trojan.rules)
  2843967 - ETPRO TROJAN Blackmoon Downloader Activity M2 (trojan.rules)
  2843968 - ETPRO MALWARE Win32/FileTour Variant Activity (malware.rules)
  2843969 - ETPRO TROJAN Avalon Stealer Client Exfil FTP M1 (trojan.rules)
  2843970 - ETPRO TROJAN Avalon Stealer Client Exfil FTP M2 (trojan.rules)
  2843971 - ETPRO TROJAN Generic Stealer Client Exfil FTP (trojan.rules)
  2843972 - ETPRO TROJAN VBS/Agent.SYE Variant Downloader Activity
(trojan.rules)
  2843973 - ETPRO EXPLOIT Possible IE RCE Inbound (CVE-2020-1570)
(exploit.rules)
  2843974 - ETPRO EXPLOIT Possible IE RCE Inbound (CVE-2020-1567)
(exploit.rules)
  2843975 - ETPRO TROJAN PIPEYUG Bot Powershell Checkin (trojan.rules)
  2843976 - ETPRO TROJAN PIPEYUG Bot Powershell Heartbeat (trojan.rules)

[///]     Modified active rules:     [///]

  2013208 - ET MOBILE_MALWARE Mobile Device Posting Phone Number
(mobile_malware.rules)
  2015907 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish (current_events.rules)
  2015908 - ET CURRENT_EVENTS Successful Generic PII Phish
(current_events.rules)
  2015910 - ET CURRENT_EVENTS Possible Successful AOL Phish Nov 21 2012
(current_events.rules)
  2015911 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Nov 21 2012
(current_events.rules)
  2015912 - ET CURRENT_EVENTS Possible Successful Gmail Phish Nov 21 2012
(current_events.rules)
  2015913 - ET CURRENT_EVENTS Possible Successful Hotmail Phish Nov 21 2012
(current_events.rules)
  2015914 - ET CURRENT_EVENTS Possible Successful Phish - Other Credentials
Nov 21 2012 (current_events.rules)
  2015952 - ET CURRENT_EVENTS Possible Successful Generic SSN Phish
(current_events.rules)
  2017750 - ET CURRENT_EVENTS Possible Successful AOL Phish Nov 25 2013
(current_events.rules)
  2017751 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Nov 25 2013
(current_events.rules)
  2017752 - ET CURRENT_EVENTS Possible Successful Gmail Phish Nov 25 2013
(current_events.rules)
  2017754 - ET CURRENT_EVENTS Possible Successful Phish - Other Credentials
Nov 25 2013 (current_events.rules)
  2019842 - ET WEB_CLIENT Possible Internet Explorer VBscript CVE-2014-6332
multiple redim preserve (web_client.rules)
  2021323 - ET CURRENT_EVENTS Possible Successful Yahoo Phish Jun 23 2015
(current_events.rules)
  2022925 - ET WEB_CLIENT Tech Support Phone Scam Landing M1 Jun 29 2016
(web_client.rules)
  2024192 - ET EXPLOIT Possible CVE-2017-0199 HTA Inbound (exploit.rules)
  2024193 - ET EXPLOIT Possible CVE-2017-0199 HTA Inbound M2 (exploit.rules)
  2024498 - ET TROJAN TDTESS Backdoor User-Agent (trojan.rules)
  2024500 - ET TROJAN Revcode RAT CnC (trojan.rules)
  2024501 - ET TROJAN Revcode RAT CnC 2 (trojan.rules)
  2024502 - ET TROJAN ISMAgent CnC Checkin 1 (trojan.rules)
  2024526 - ET POLICY Internal Host Retrieving External IP Address
(monip.outils-rezo. info) (policy.rules)
  2024528 - ET TROJAN MSIL/Agent.ATS CnC Activity (trojan.rules)
  2024533 - ET TROJAN [PTsecurity] Gozi/Ursnif Payload v12 (trojan.rules)
  2024545 - ET CURRENT_EVENTS Successful Paypal Phish M2 Aug 14 2017
(current_events.rules)
  2024547 - ET CURRENT_EVENTS Successful Square Phish Nov 16 2015
(current_events.rules)
  2024548 - ET EXPLOIT Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host
Remote Command Execution attempt (exploit.rules)
  2024586 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish M1 Aug 17
2017 (current_events.rules)
  2024587 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish M2 Aug 17
2017 (current_events.rules)
  2024599 - ET CURRENT_EVENTS Successful Interac Phish Aug 18 2017
(current_events.rules)
  2024601 - ET TROJAN Win32/Datper CnC Activity (trojan.rules)
  2024605 - ET CURRENT_EVENTS Hancitor/Tordal Document Inbound
(current_events.rules)
  2024606 - ET CURRENT_EVENTS Disdain EK URI Struct Aug 23 2017 M1
(current_events.rules)
  2024607 - ET CURRENT_EVENTS Disdain EK URI Struct Aug 23 2017 M2
(current_events.rules)
  2024612 - ET CURRENT_EVENTS Disdain EK Landing Aug 23 2017
(current_events.rules)
  2024614 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug
25 2017 (current_events.rules)
  2024616 - ET CURRENT_EVENTS Successful Blockchain Account Phish Aug 19
2016 (current_events.rules)
  2024617 - ET CURRENT_EVENTS Successful Poloniex Cryptocurrency Exchange
Phish Aug 28 2017 (current_events.rules)
  2024618 - ET CURRENT_EVENTS Successful Exmo Cryptocurrency Exchange Phish
Aug 28 2017 (current_events.rules)
  2024621 - ET CURRENT_EVENTS Successful Paxful Cryptocurrency Wallet Phish
Aug 30 2017 (current_events.rules)
  2024637 - ET TROJAN Gazer HTTP POST Checkin (trojan.rules)
  2025027 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug
22 2017 (current_events.rules)
  2029660 - ET CURRENT_EVENTS Successful Generic Phish - Fake Loading Page
2017-08-03 (current_events.rules)
  2806798 - ETPRO POLICY XenArmor Password Recovery License
Check/securityxploded retrieval UA (policy.rules)
  2807530 - ETPRO TROJAN Win32/Onkods.C User-Agent (g0g) (trojan.rules)
  2812613 - ETPRO CURRENT_EVENTS Successful BBVA Compass Account Phish Aug
21 2015 (current_events.rules)
  2814199 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 1
2015 (current_events.rules)
  2814207 - ETPRO CURRENT_EVENTS Successful Yahoo Credential Phish Oct 02
2015  (current_events.rules)
  2814282 - ETPRO CURRENT_EVENTS Successful Blackboard Account Phish Oct 8
2015 (current_events.rules)
  2814550 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 23 2015
(current_events.rules)
  2814645 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 28
2015 (current_events.rules)
  2814744 - ETPRO CURRENT_EVENTS Successful Bank of Scotland Phish M1 Nov 4
2015 (current_events.rules)
  2815050 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Nov 20
2015 (current_events.rules)
  2816791 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M1 Mar 29 2016 (current_events.rules)
  2816792 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M2 Mar 29 2016 (current_events.rules)
  2816793 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M3 Mar 29 2016 (current_events.rules)
  2816794 - ETPRO CURRENT_EVENTS L33bo Phishing Kit - Successful Credential
Phish M4 Mar 29 2016 (current_events.rules)
  2820876 - ETPRO TROJAN W32/FusionCoreDownldr.A2 Checkin (trojan.rules)
  2820983 - ETPRO TROJAN XXMM2/Minzen CnC Beacon (trojan.rules)
  2821564 - ETPRO TROJAN Win32/Kryptik.FCPN Facebook Stealer Activity
(trojan.rules)
  2821799 - ETPRO CURRENT_EVENTS Successful Blocked Email Account Phish M1
Aug 23 2016 (current_events.rules)
  2821914 - ETPRO CURRENT_EVENTS Successful Apple Store Transaction
Cancellation Phish Aug 30 2016 (current_events.rules)
  2822030 - ETPRO TROJAN Win32/Wadereh Checkin (trojan.rules)
  2822069 - ETPRO CURRENT_EVENTS Successful Barclays Phish M1 Sept 9 2016
(current_events.rules)
  2822070 - ETPRO CURRENT_EVENTS Successful Barclays Phish M2 Sept 9 2016
(current_events.rules)
  2822071 - ETPRO CURRENT_EVENTS Successful Barclays Phish M3 Sept 9 2016
(current_events.rules)
  2822111 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Sept 14 2016
(current_events.rules)
  2822112 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Sept 14 2016
(current_events.rules)
  2822113 - ETPRO CURRENT_EVENTS Successful Apple Phish M3 Sept 14 2016
(current_events.rules)
  2822348 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 3
2016 (current_events.rules)
  2822432 - ETPRO CURRENT_EVENTS Successful Barclays Phish M1 Oct 06 2016
(current_events.rules)
  2822433 - ETPRO CURRENT_EVENTS Successful Barclays Phish M2 Oct 06 2016
(current_events.rules)
  2822493 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Oct 07 2016
(current_events.rules)
  2822499 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Oct 07 2016
(current_events.rules)
  2822812 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 21
2016 (current_events.rules)
  2822945 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 26
2016 (current_events.rules)
  2822946 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 26
2016 (current_events.rules)
  2822947 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M3 Oct 26
2016 (current_events.rules)
  2822948 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M4 Oct 26
2016 (current_events.rules)
  2823041 - ETPRO CURRENT_EVENTS Successful Apple Phish Oct 31 2016
(current_events.rules)
  2823438 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Nov 22
2016 (current_events.rules)
  2823439 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Nov 22
2016 (current_events.rules)
  2823691 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M1 Dec 08
2016 (current_events.rules)
  2823692 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M2 Dec 08
2016 (current_events.rules)
  2823777 - ETPRO CURRENT_EVENTS Successful Banque Populaire (FR) Phish Dec
12 2016 (current_events.rules)
  2824108 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M1 Dec 29
2016 (current_events.rules)
  2824109 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M2 Dec 29
2016 (current_events.rules)
  2824110 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M3 Dec 29
2016 (current_events.rules)
  2824111 - ETPRO CURRENT_EVENTS Successful Apple Store Phish M4 Dec 29
2016 (current_events.rules)
  2824157 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 30 2016
(current_events.rules)
  2824235 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Jan 05
2017 (current_events.rules)
  2824236 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Jan 05
2017 (current_events.rules)
  2824277 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish Jan 09
2017 (current_events.rules)
  2824857 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish M1
Feb 08 2017 (current_events.rules)
  2824858 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish M2
Feb 08 2017 (current_events.rules)
  2825038 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Mobile Phish
Feb 17 2017 (current_events.rules)
  2825108 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish
M2 Feb 23 2017 (current_events.rules)
  2825109 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Mobile Phish
M3 Feb 23 2017 (current_events.rules)
  2825185 - ETPRO CURRENT_EVENTS Successful My ADP Phish Mar 01 2017
(current_events.rules)
  2825248 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST Mar
06 2017 (current_events.rules)
  2826674 - ETPRO TROJAN Carbanak/FIN7 Bateleur CnC Beacon (trojan.rules)
  2826997 - ETPRO TROJAN Win32/Banload Downloader Checkin (trojan.rules)
  2827114 - ETPRO TROJAN MSIL/Ovidiy Stealer CnC Checkin (trojan.rules)
  2827158 - ETPRO TROJAN Win32/Banload CnC Activity (trojan.rules)
  2827271 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
186 (mobile_malware.rules)
  2827280 - ETPRO TROJAN JS/Cryxos.B Dropper Requesting EXE (trojan.rules)
  2827284 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
187 (mobile_malware.rules)
  2827285 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
188 (mobile_malware.rules)
  2827287 - ETPRO TROJAN Win32/Trojan.Downloader.CSB Checkin 1
(trojan.rules)
  2827288 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
189 (mobile_malware.rules)
  2827289 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
190 (mobile_malware.rules)
  2827290 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.z SMS Exfil
(mobile_malware.rules)
  2827292 - ETPRO TROJAN Hidden-Tear Ransomware Variant (wannafly) CnC
Beacon (trojan.rules)
  2827293 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
191 (mobile_malware.rules)
  2827294 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
192 (mobile_malware.rules)
  2827295 - ETPRO TROJAN Tick Related W32/Datper (trojan.rules)
  2827297 - ETPRO TROJAN Tick Related W32/HomamDownloader  (trojan.rules)
  2827313 - ETPRO CURRENT_EVENTS Successful Adobe Phish Jul 26 2017
(current_events.rules)
  2827315 - ETPRO CURRENT_EVENTS Successful Netflix Phish Jul 26 2017
(current_events.rules)
  2827317 - ETPRO CURRENT_EVENTS Successful Zoominfo Phish Jul 26 2017
(current_events.rules)
  2827318 - ETPRO TROJAN MSIL/Marker.HTTP.Bot CnC Checkin (trojan.rules)
  2827319 - ETPRO TROJAN W32/Bancodor Checkin (trojan.rules)
  2827349 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
193 (mobile_malware.rules)
  2827359 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fl CnC Beacon
(mobile_malware.rules)
  2827363 - ETPRO CURRENT_EVENTS Unknown Downloader EXE DL
(current_events.rules)
  2827365 - ETPRO TROJAN Banload CnC Checkin (trojan.rules)
  2827371 - ETPRO TROJAN MSIL/TbhBot CnC Checkin (trojan.rules)
  2827373 - ETPRO TROJAN Win32/Korplug.NC CnC Activity (trojan.rules)
  2827375 - ETPRO TROJAN Foudre Checkin 2 (trojan.rules)
  2827376 - ETPRO TROJAN Foudre Checkin 1 (trojan.rules)
  2827385 - ETPRO CURRENT_EVENTS Successful Webmail Account Upgrade Phish
Aug 03 2017 (current_events.rules)
  2827387 - ETPRO CURRENT_EVENTS Successful International Card Services
Phish M1 Aug 03 2017 (current_events.rules)
  2827388 - ETPRO CURRENT_EVENTS Successful International Card Services
Phish M2 Aug 03 2017 (current_events.rules)
  2827389 - ETPRO MOBILE_MALWARE Android/Agent.US Checkin
(mobile_malware.rules)
  2827393 - ETPRO CURRENT_EVENTS Successful Norton Email Scan Phish M1 Aug
03 2017 (current_events.rules)
  2827396 - ETPRO POLICY Monero Coinminer Usage (policy.rules)
  2827412 - ETPRO TROJAN Win32/MoneroMiner Downloader - Malicious Monero
Address Observed (trojan.rules)
  2827419 - ETPRO CURRENT_EVENTS GlobeImposter Ransomware Note Counter
Request (current_events.rules)
  2827421 - ETPRO CURRENT_EVENTS Successful Netflix (NL) Phish Aug 07 2017
(current_events.rules)
  2827430 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Aug 07
2017 (current_events.rules)
  2827439 - ETPRO TROJAN MSIL/BR.Banker CnC Checkin (trojan.rules)
  2827440 - ETPRO POLICY Internal Host Retrieving External IP Address
(ipgeoapi. com) (policy.rules)
  2827452 - ETPRO CURRENT_EVENTS Successful UBS Phish Aug 08 2017
(current_events.rules)
  2827459 - ETPRO CURRENT_EVENTS Successful Landesbank Berlin (DE) Phish
Aug 08 2017 (current_events.rules)
  2827460 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Checkin Attempt
(trojan.rules)
  2827471 - ETPRO CURRENT_EVENTS Successful Nedbank Phish Aug 09 2017
(current_events.rules)
  2827472 - ETPRO CURRENT_EVENTS Successful ICICI Bank Phish M1 Aug 09 2017
(current_events.rules)
  2827473 - ETPRO CURRENT_EVENTS Successful ICICI Bank Phish M2 Aug 09 2017
(current_events.rules)
  2827474 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Aug 09 2017
(current_events.rules)
  2827476 - ETPRO TROJAN Winnti Possible Meterpreter or Cobalt Strike
Downloader (trojan.rules)
  2827478 - ETPRO CURRENT_EVENTS Successful Citibank Phish Aug 10 2017
(current_events.rules)
  2827481 - ETPRO CURRENT_EVENTS Successful American Express Phish M1 Aug
10 2017 (current_events.rules)
  2827482 - ETPRO CURRENT_EVENTS Successful American Express Phish M2 Aug
10 2017 (current_events.rules)
  2827483 - ETPRO CURRENT_EVENTS Successful Chase Phish Aug 10 2017
(current_events.rules)
  2827486 - ETPRO CURRENT_EVENTS Successful Caixa Phish Aug 10 2017
(current_events.rules)
  2827496 - ETPRO TROJAN PowerShell/Ukodus CnC Beacon (base64 1)
(trojan.rules)
  2827497 - ETPRO TROJAN PowerShell/Ukodus CnC Beacon (base64 2)
(trojan.rules)
  2827498 - ETPRO TROJAN PowerShell/Ukodus CnC Beacon (base64 3)
(trojan.rules)
  2827506 - ETPRO TROJAN Win32/Spy.Agent.PFM CnC Checkin (trojan.rules)
  2827508 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Aug 14 2017
(current_events.rules)
  2827510 - ETPRO TROJAN MSIL/XnxxAgent Spam Bot Checkin M3 (trojan.rules)
  2827511 - ETPRO TROJAN MSIL/XnxxAgent Spam Bot Version Check
(trojan.rules)
  2827515 - ETPRO CURRENT_EVENTS Successful Apple Phish Aug 14 2017
(current_events.rules)
  2827533 - ETPRO CURRENT_EVENTS Successful Facebook Help Center Update
Security Information Phish Aug 15 2017 (current_events.rules)
  2827534 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Aug 15 2017
(current_events.rules)
  2827537 - ETPRO CURRENT_EVENTS Successful Netflix (BR) M2 Phish Aug 15
2017 (current_events.rules)
  2827538 - ETPRO CURRENT_EVENTS Successful Telia Sverige (SE) Phish Aug 15
2017 (current_events.rules)
  2827539 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 Aug 15 2017
(current_events.rules)
  2827545 - ETPRO TROJAN W32.Defray Ransomware Checkin (trojan.rules)
  2827546 - ETPRO TROJAN W32.SpecCom Variant Checkin (trojan.rules)
  2827559 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Aug 16 2017
(current_events.rules)
  2827560 - ETPRO TROJAN Cobalt Strike Malleable C2 Custom Profile
(trojan.rules)
  2827566 - ETPRO CURRENT_EVENTS Successful Yapikredi Bank (TR) Phish M1
Aug 17 2017 (current_events.rules)
  2827568 - ETPRO CURRENT_EVENTS Successful Citibank Phish M1 Aug 17 2017
(current_events.rules)
  2827570 - ETPRO CURRENT_EVENTS Successful Diamond Bank Phish M1 Aug 17
2017 (current_events.rules)
  2827574 - ETPRO TROJAN Turla JS/KopiLuwak CnC Beacon M1 (trojan.rules)
  2827575 - ETPRO TROJAN Turla JS/KopiLuwak CnC Beacon M2 (trojan.rules)
  2827578 - ETPRO TROJAN Likely Dropper Doc GET to .moe TLD (trojan.rules)
  2827581 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 18
2017 (current_events.rules)
  2827582 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 17
2017 (current_events.rules)
  2827598 - ETPRO CURRENT_EVENTS Successful Bittrex Exchange Phish Aug 21
2017 (current_events.rules)
  2827599 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.AP SaveResult
(trojan.rules)
  2827602 - ETPRO TROJAN StressHub DDoS Bot CnC Checkin (trojan.rules)
  2827603 - ETPRO CURRENT_EVENTS Successful KeyBank Phish Aug 21 2017
(current_events.rules)
  2827626 - ETPRO TROJAN KONNI Retrieving Payload 2 (trojan.rules)
  2827634 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
194 (mobile_malware.rules)
  2827637 - ETPRO CURRENT_EVENTS Successful Onedrive Phish Aug 23 2017
(current_events.rules)
  2827640 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish Aug 23
2017 (current_events.rules)
  2827641 - ETPRO TROJAN VBS.DrinkingGround Checkin (trojan.rules)
  2827657 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Aug 24
2017 (current_events.rules)
  2827658 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M3 Aug 24
2017 (current_events.rules)
  2827659 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M4 Aug 24
2017 (current_events.rules)
  2827670 - ETPRO CURRENT_EVENTS Successful Netflix Phish Aug 25 2017
(current_events.rules)
  2827673 - ETPRO WEB_CLIENT Generic Phishing Redirect Aug 25 2017
(web_client.rules)
  2827675 - ETPRO CURRENT_EVENTS Paypal Phishing Landing Page Aug 25 2017
(current_events.rules)
  2827692 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
195 (mobile_malware.rules)
  2827693 - ETPRO TROJAN Trojan.Win32.TorJok Checkin (trojan.rules)
  2827697 - ETPRO CURRENT_EVENTS Microsoft Online Phishing Landing Page Aug
29 2017 (current_events.rules)
  2827698 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.BN CnC Beacon
(mobile_malware.rules)
  2827699 - ETPRO MOBILE_MALWARE PUP Android/SMSFlooder.Agent.BN CnC Beacon
2 (mobile_malware.rules)
  2827701 - ETPRO TROJAN Win32/Banload Downloader Activity (trojan.rules)
  2827702 - ETPRO TROJAN Possible APT.9002 Fileless Variant CnC Beacon 3
(trojan.rules)
  2827703 - ETPRO TROJAN MSIL.WernikStealer Checkin via SOAP (WriteLogs)
(trojan.rules)
  2827705 - ETPRO TROJAN MSIL.WernikStealer Checkin via SOAP
(GetDownloadDLL) (trojan.rules)
  2827706 - ETPRO TROJAN MSIL.WernikStealer Checkin via SOAP (BuildCode)
(trojan.rules)
  2827707 - ETPRO TROJAN W32.PooLen Coinminer Checkin (trojan.rules)
  2827711 - ETPRO CURRENT_EVENTS Successful Rogers Phish M3 Aug 29 2017
(current_events.rules)
  2827712 - ETPRO TROJAN W32.PooLen User-Agent (trojan.rules)
  2827717 - ETPRO TROJAN W32.PooLen Coinminer Checkin 2 (trojan.rules)
  2827721 - ETPRO CURRENT_EVENTS Successful KerioConnect Webmail Phish Aug
29 2017 (current_events.rules)
  2827752 - ETPRO CURRENT_EVENTS Successful NatWest Phish M2 Aug 30 2017
(current_events.rules)
  2827754 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Checkin - Failed Install
(trojan.rules)
  2827755 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Keepalive (trojan.rules)
  2827756 - ETPRO TROJAN Win32/CoinMiner.ALH CnC Checkin - Log
(trojan.rules)
  2842728 - ETPRO TROJAN Win32/Metamorfo Variant Checkin (trojan.rules)

Date:
Summary title:
4 new OPEN, 31 new PRO (4 + 27). CVE-2020-1567, CVE-2020-1570, Avalon Stealer, Various Rule Edits, Various Others.