[***]            Summary:            [***]

4 new OPEN, 26 new PRO (4 + 22).  CobaltStrike, Mirai, AveMaria RAT, Various Phish, Others.

Thanks: @travisbgreen.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030676 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
  2030677 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
  2030678 - ET TROJAN Win32/TrojanDownloader.Agent.FC CnC Activity
(trojan.rules)
  2030679 - ET TROJAN Ave Maria RAT CnC Domain in DNS Lookup (uknwn.linkpc
.net) (trojan.rules)

Pro:

  2843977 - ETPRO USER_AGENTS Observed Suspicious UA (lpload)
(user_agents.rules)
  2843978 - ETPRO TROJAN CobaltStrike Malleable C2 Activity (OCSP Profile)
(trojan.rules)
  2843979 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Default_Google_Chrome_Credit_Cards.log) M2 (trojan.rules)
  2843980 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Default_Google_Chrome_Autofill.log) M2 (info.rules)
  2843981 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Default_Google_Chrome_Cookies.txt) M2 (info.rules)
  2843982 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Google_Password.txt) M2 (trojan.rules)
  2843983 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(BSSID.txt) M2 (info.rules)
  2843984 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(System_Info.txt) M2 (info.rules)
  2843985 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(procs.txt) M2 (info.rules)
  2843986 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(about.log) M2 (info.rules)
  2843987 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-08-12
(current_events.rules)
  2843988 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-08-12
(current_events.rules)
  2843989 - ETPRO CURRENT_EVENTS Successful Generic Phish to .app Domain
2020-08-12 (current_events.rules)
  2843990 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2020-08-12
(current_events.rules)
  2843991 - ETPRO INFO Incorrect Spacing of UA Variable M1 (info.rules)
  2843992 - ETPRO INFO Incorrect Spacing of UA Variable M2 (info.rules)
  2843993 - ETPRO TROJAN Win32/PredatorTheThief Variant CnC Activity M2
(trojan.rules)
  2843994 - ETPRO TROJAN Win32/PredatorTheThief Variant CnC Exfil M2
(trojan.rules)
  2843995 - ETPRO TROJAN Win32/PredatorTheThief Variant CnC Activity M3
(trojan.rules)
  2843996 - ETPRO TROJAN Win32/PredatorTheThief Variant CnC Exfil M3
(trojan.rules)
  2843997 - ETPRO TROJAN Observed Decr1pt Ransomware CnC Domain in TLS SNI
(trojan.rules)
  2843998 - ETPRO TROJAN Decr1pt Ransomware CnC (trojan.rules)

[///]     Modified active rules:     [///]

  2012849 - ET POLICY Possible Mobile Malware POST of IMSI International
Mobile Subscriber Identity in URI (policy.rules)
  2017836 - ET TROJAN Possible Zbot Activity Common Download Struct
(trojan.rules)
  2020027 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin 1
(trojan.rules)
  2021890 - ET CURRENT_EVENTS Successful Phish Outlook Credentials Oct 01
2015 (current_events.rules)
  2022217 - ET CURRENT_EVENTS Successful Google Drive Phish Dec 4 2015 M1
(current_events.rules)
  2022497 - ET CURRENT_EVENTS Successful Apple Phish M1 Feb 06 2016
(current_events.rules)
  2022967 - ET CURRENT_EVENTS Successful Google Drive/Dropbox Phish Nov 20
2016 (current_events.rules)
  2022978 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish M1 Jul 21
2016 (current_events.rules)
  2022979 - ET CURRENT_EVENTS Successful Bank of Oklahoma Phish M2 Jul 21
2016 (current_events.rules)
  2022992 - ET WEB_CLIENT Tech Support Phone Scam Landing M2 Jul 29 2016
(web_client.rules)
  2023043 - ET CURRENT_EVENTS Successful Apple Suspended Account Phish M2
Aug 09 2016 (current_events.rules)
  2024531 - ET TROJAN MSIL/CoalaBot CnC Activity (trojan.rules)
  2024625 - ET TROJAN Win32/ASPC Bot CnC Checkin M3 (trojan.rules)
  2024638 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug
31 2017 (current_events.rules)
  2024640 - ET CURRENT_EVENTS Successful LocalBitcoins Cryptocurrency
Exchange Phish Aug 30 2017 (current_events.rules)
  2024663 - ET EXPLOIT Apache Struts 2 REST Plugin XStream RCE
(ProcessBuilder) (exploit.rules)
  2024664 - ET EXPLOIT Apache Struts 2 REST Plugin XStream RCE
(Runtime.Exec) (exploit.rules)
  2024666 - ET TROJAN ApolloLocker Ransomware CnC Checkin (trojan.rules)
  2024667 - ET TROJAN ApolloLocker Ransomware CnC Checkin 2 (trojan.rules)
  2024668 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 1
(exploit.rules)
  2024669 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 2
(exploit.rules)
  2024670 - ET EXPLOIT Apache Struts 2 REST Plugin ysoserial Usage (B64) 3
(exploit.rules)
  2024671 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 4 (exploit.rules)
  2024672 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 5 (exploit.rules)
  2024673 - ET EXPLOIT Apache Struts 2 REST Plugin (B64) 6 (exploit.rules)
  2024674 - ET EXPLOIT Apache Struts 2 REST Plugin (Runtime.Exec)
(exploit.rules)
  2024675 - ET EXPLOIT Apache Struts 2 REST Plugin (ProcessBuilder)
(exploit.rules)
  2024677 - ET CURRENT_EVENTS CVE-2016-0189 Exploit HFS Actor
(current_events.rules)
  2024692 - ET TROJAN Win32/Kryptik.FVVZ Variant CnC Checkin 2
(trojan.rules)
  2024701 - ET TROJAN [PTsecurity] JS.Trojan-Downloader.Nemucod.yo HTTP
POST (:Exec:) (trojan.rules)
  2024703 - ET CURRENT_EVENTS Apple Phishing Landing M1 Sep 14 2017
(current_events.rules)
  2024704 - ET CURRENT_EVENTS Apple Phishing Landing M2 Sep 14 2017
(current_events.rules)
  2024760 - ET WEB_SERVER OptionsBleed (CVE-2017-9798) (web_server.rules)
  2024780 - ET TROJAN [PTsecurity] TR/Spy.Banker.agdtw Checkin
(trojan.rules)
  2024781 - ET TROJAN Win32/Formgrabber Data Exfil (trojan.rules)
  2024782 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M1 Sep 29
2017 (current_events.rules)
  2024783 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M2 Sep 29
2017 (current_events.rules)
  2024784 - ET CURRENT_EVENTS Successful Banco do Brasil Phish M3 Sep 29
2017 (current_events.rules)
  2024800 - ET CURRENT_EVENTS Successful Santander Phish M1 Oct 04 2017
(current_events.rules)
  2024802 - ET CURRENT_EVENTS Successful Santander Phish M2 Oct 04 2017
(current_events.rules)
  2024894 - ET TROJAN Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1
(trojan.rules)
  2025028 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Sep
19 2017 (current_events.rules)
  2025029 - ET CURRENT_EVENTS Successful Generic Phish (set) Sep 28 2017
(current_events.rules)
  2025031 - ET CURRENT_EVENTS Successful Office 365 Phish Oct 10 2017 (set)
(current_events.rules)
  2025694 - ET CURRENT_EVENTS Adobe Online Document Phishing Landing M1 Mar
25 2017 (current_events.rules)
  2803262 - ETPRO USER_AGENTS Windows Live Messenger User-Agent
(user_agents.rules)
  2804477 - ETPRO USER_AGENTS HTTP Request with Random User-Agent
(user_agents.rules)
  2812325 - ETPRO CURRENT_EVENTS Possible Successful AirCanada Phish M1 Aug
5 2015 (current_events.rules)
  2812468 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug
14 2015 (current_events.rules)
  2812469 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug
14 2015 (current_events.rules)
  2812687 - ETPRO CURRENT_EVENTS Successful Carribean International Bank
Account Phish Aug 25 2015 (current_events.rules)
  2814083 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Sept 24 2015
(current_events.rules)
  2814152 - ETPRO CURRENT_EVENTS Successful Adobe Online Phish Sept 29 2015
(current_events.rules)
  2814311 - ETPRO CURRENT_EVENTS Successful AOL Phish Oct 9 2015
(current_events.rules)
  2815437 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 21 2015 M1
(current_events.rules)
  2815849 - ETPRO TROJAN MegalodonHTTP Traffic to Panel (trojan.rules)
  2816019 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing M1 Feb 01 2016
(current_events.rules)
  2816020 - ETPRO CURRENT_EVENTS Successful UK Tax Phishing M2 Feb 01 2016
(current_events.rules)
  2816111 - ETPRO WEB_CLIENT Common /mpp/ Phishing URI Structure Feb 08
2016 (web_client.rules)
  2816451 - ETPRO CURRENT_EVENTS Successful Apple Phishing M1 Mar 1 2016
(current_events.rules)
  2820237 - ETPRO CURRENT_EVENTS Successful Dropbox Phish May 16 2016
(current_events.rules)
  2820833 - ETPRO CURRENT_EVENTS Successful Webmail Phish M2 Jun 22 2016
(current_events.rules)
  2820834 - ETPRO CURRENT_EVENTS Successful Webmail Phish M3 Jun 22 2016
(current_events.rules)
  2821137 - ETPRO CURRENT_EVENTS Successful Outlook Phish Jul 14 2016
(current_events.rules)
  2821916 - ETPRO CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug
30 2016 (current_events.rules)
  2822316 - ETPRO CURRENT_EVENTS Possible Successful Banking Phish (BR)
Sept 28 2017 (current_events.rules)
  2822593 - ETPRO CURRENT_EVENTS Successful CenturyLink Phish Oct 12 2016
(current_events.rules)
  2822669 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Oct 17 2016
(current_events.rules)
  2822670 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 17 2016
(current_events.rules)
  2823393 - ETPRO TROJAN Possible CobaltStrike CnC Beacon (HTTP POST)
(trojan.rules)
  2823641 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Dec 05
2016 (current_events.rules)
  2823670 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 07 2016 M2
(current_events.rules)
  2823932 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 16 2016
(current_events.rules)
  2823949 - ETPRO TROJAN Malicious Miner Downloading CoinMiner Binary M1
(trojan.rules)
  2823950 - ETPRO TROJAN Malicious Miner Downloading CoinMiner
Configuration M1 (trojan.rules)
  2825039 - ETPRO CURRENT_EVENTS Successful Credential Phish JS RePOST Feb
17 2017 (current_events.rules)
  2825584 - ETPRO TROJAN Ehdoor CnC Beacon (trojan.rules)
  2825632 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Mar 27 2017
(current_events.rules)
  2826866 - ETPRO TROJAN W32.Yakes Variant Checkin (trojan.rules)
  2826920 - ETPRO MOBILE_MALWARE Android.Trojan.Agent.LN / RedAlert Checkin
(mobile_malware.rules)
  2826991 - ETPRO TROJAN Win32/Agent.SCO Variant CnC Activity (trojan.rules)
  2827036 - ETPRO TROJAN PowSpritz CnC Heartbeat (trojan.rules)
  2827167 - ETPRO TROJAN Alina Checkin 1 (trojan.rules)
  2827168 - ETPRO TROJAN Alina Checkin 2 (trojan.rules)
  2827291 - ETPRO MOBILE_MALWARE Android/Skygofree.A CnC Beacon
(mobile_malware.rules)
  2827363 - ETPRO CURRENT_EVENTS Generic Downloader EXE DL
(current_events.rules)
  2827753 - ETPRO CURRENT_EVENTS Successful AKBank Direkt (TR) Phish Aug 30
2017 (current_events.rules)
  2827761 - ETPRO TROJAN MSIL/Omnibus PWS Data Exfil (trojan.rules)
  2827769 - ETPRO CURRENT_EVENTS Successful Paypal (DE) Phish M2 Aug 31
2017 (current_events.rules)
  2827797 - ETPRO TROJAN MSIL/Queequeg Loader Checkin (trojan.rules)
  2827798 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
196 (mobile_malware.rules)
  2827806 - ETPRO TROJAN Observed Inbound Pye2Exe/LaZange Executable
(trojan.rules)
  2827807 - ETPRO TROJAN W32/DOTHETUK CNC Checkin (trojan.rules)
  2827814 - ETPRO TROJAN Win32/Banload variant CnC (trojan.rules)
  2827815 - ETPRO TROJAN MSIL/Zaepk Bot CnC Checkin (trojan.rules)
  2827816 - ETPRO TROJAN MSIL/Zaepk Bot CMD Request (trojan.rules)
  2827817 - ETPRO TROJAN MSIL/Zaepk Bot CMD Report (trojan.rules)
  2827881 - ETPRO TROJAN MSIL/Agent.SCR Variant HTTP Bot CnC Activity
(trojan.rules)
  2827883 - ETPRO TROJAN Win32/Filecoder.NHN POST with System Info
(trojan.rules)
  2827885 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 11 2017
(current_events.rules)
  2827886 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Sep 11
2017 (current_events.rules)
  2827887 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish Sep 11
2017 (current_events.rules)
  2827893 - ETPRO TROJAN Win32/Unknown.2 CnC Checkin (trojan.rules)
  2827899 - ETPRO TROJAN MSIL/PC Monitor RAT Checkin/Config Request
(trojan.rules)
  2827900 - ETPRO TROJAN MSIL/PC Monitor RAT Sending Screenshot
(trojan.rules)
  2827902 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
197 (mobile_malware.rules)
  2827903 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
198 (mobile_malware.rules)
  2827904 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
199 (mobile_malware.rules)
  2827905 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
200 (mobile_malware.rules)
  2827906 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
201 (mobile_malware.rules)
  2827907 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
202 (mobile_malware.rules)
  2827908 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
203 (mobile_malware.rules)
  2827911 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Activity (trojan.rules)
  2827914 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 12 2017
(current_events.rules)
  2827915 - ETPRO TROJAN Win32/Ramnit.AM Variant UA (trojan.rules)
  2827916 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
204 (mobile_malware.rules)
  2827917 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
205 (mobile_malware.rules)
  2827922 - ETPRO CURRENT_EVENTS Successful ICS Phish Sep 13 2017
(current_events.rules)
  2827923 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
206 (mobile_malware.rules)
  2827929 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
207 (mobile_malware.rules)
  2827930 - ETPRO POLICY CoinMiner Config Inbound (policy.rules)
  2827944 - ETPRO TROJAN APT.Cmstar Requesting Payload (trojan.rules)
  2827946 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
208 (mobile_malware.rules)
  2827948 - ETPRO CURRENT_EVENTS Successful Alibaba Phish Sep 14 2017
(current_events.rules)
  2827949 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Sep 14 2017
(current_events.rules)
  2827951 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 14 2017
(current_events.rules)
  2827952 - ETPRO CURRENT_EVENTS Successful CIBC Phish Sep 14 2017
(current_events.rules)
  2827953 - ETPRO CURRENT_EVENTS Successful Chase Phish Sep 14 2017
(current_events.rules)
  2827954 - ETPRO CURRENT_EVENTS Successful Square Phish Sep 14 2017
(current_events.rules)
  2827960 - ETPRO CURRENT_EVENTS Successful Vodafone Phish Sep 15 2017
(current_events.rules)
  2827967 - ETPRO TROJAN SFG/Furtim Client Information POST 2 (trojan.rules)
  2827968 - ETPRO CURRENT_EVENTS Successful Sparkasse Bank Phish Sep 15
2017 (current_events.rules)
  2827969 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Sep 15 2017
(current_events.rules)
  2827970 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Sep 15 2017
(current_events.rules)
  2827971 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Sep 15 2017
(current_events.rules)
  2827972 - ETPRO CURRENT_EVENTS Successful Ebay Phish Sep 15 2017
(current_events.rules)
  2827975 - ETPRO CURRENT_EVENTS Successful Docusign Phish Sep 18 2017
(current_events.rules)
  2827976 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
209 (mobile_malware.rules)
  2827977 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
210 (mobile_malware.rules)
  2827979 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
211 (mobile_malware.rules)
  2827981 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
212 (mobile_malware.rules)
  2827982 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
213 (mobile_malware.rules)
  2827984 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
214 (mobile_malware.rules)
  2827987 - ETPRO TROJAN MSIL.GuFran EXE DL (trojan.rules)
  2827988 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
215 (mobile_malware.rules)
  2827992 - ETPRO TROJAN TrickBot IP Check (trojan.rules)
  2827993 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
216 (mobile_malware.rules)
  2827995 - ETPRO CURRENT_EVENTS Successful NAB Phish M1 Sep 19 2017
(current_events.rules)
  2827996 - ETPRO CURRENT_EVENTS Successful NAB Phish M2 Sep 19 2017
(current_events.rules)
  2827998 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Sep 19 2017
(current_events.rules)
  2827999 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Sep 19 2017
(current_events.rules)
  2828021 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
217 (mobile_malware.rules)
  2828022 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
218 (mobile_malware.rules)
  2828023 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
219 (mobile_malware.rules)
  2828025 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
220 (mobile_malware.rules)
  2828026 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
221 (mobile_malware.rules)
  2828027 - ETPRO CURRENT_EVENTS GrandSoft EK Exploit Usage Sep 22 2017
(current_events.rules)
  2828028 - ETPRO CURRENT_EVENTS Grandsoft EK Exploit Request Sep 22 2017
(current_events.rules)
  2828029 - ETPRO CURRENT_EVENTS GrandSoft EK Possible CVE-2016-0198
Exploit Usage Sep 22 2017 (current_events.rules)
  2828030 - ETPRO CURRENT_EVENTS GrandSoft EK Exploit Usage M2 Sep 22 2017
(current_events.rules)
  2828036 - ETPRO TROJAN Mangled PNG Header Inbound - Potential PNG
Downloader (trojan.rules)
  2828037 - ETPRO CURRENT_EVENTS Grandsoft EK Payload Request Sep 22 2017
(current_events.rules)
  2828038 - ETPRO CURRENT_EVENTS Successful US Bank Phish Sep 22 2017
(current_events.rules)
  2828039 - ETPRO CURRENT_EVENTS Successful Orange (FR) Phish Sep 22 2017
(current_events.rules)
  2828040 - ETPRO CURRENT_EVENTS Successful TD Bank Phish Sep 22 2017
(current_events.rules)
  2828041 - ETPRO CURRENT_EVENTS Successful Charles Schwab Phish Sep 22
2017 (current_events.rules)
  2828042 - ETPRO CURRENT_EVENTS Successful Citibank Phish Sep 23 2017
(current_events.rules)
  2828043 - ETPRO CURRENT_EVENTS Successful BBVA Continental Phish Sep 23
2017 (current_events.rules)
  2828045 - ETPRO CURRENT_EVENTS Successful iTunes Connect Phish Sep 23
2017 (current_events.rules)
  2828046 - ETPRO CURRENT_EVENTS Successful Paypal Phish Sep 23 2017
(current_events.rules)
  2828057 - ETPRO TROJAN Win32/Delf.BVP CnC Beacon M2 (trojan.rules)
  2828063 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
222 (mobile_malware.rules)
  2828064 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Sep 26
2017 (current_events.rules)
  2828065 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Sep 26
2017 (current_events.rules)
  2828066 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
223 (mobile_malware.rules)
  2828067 - ETPRO CURRENT_EVENTS Successful BCP Bank M1 Phish Sep 26 2017
(current_events.rules)
  2828071 - ETPRO CURRENT_EVENTS Successful IDBI Bank Phish Sep 27 2017
(current_events.rules)
  2828072 - ETPRO CURRENT_EVENTS Successful Chase Phish Sep 27 2017
(current_events.rules)
  2828074 - ETPRO TROJAN Malicious Raiffeisen Bank Android App Download via
Phish Sep 27 2017 (trojan.rules)
  2828075 - ETPRO CURRENT_EVENTS Successful Swiss Post Phish Sep 27 2017
(current_events.rules)
  2828076 - ETPRO CURRENT_EVENTS Successful Commerzbank Phish M1 Sep 27
2017 (current_events.rules)
  2828077 - ETPRO CURRENT_EVENTS Successful Commerzbank Phish M2 Sep 27
2017 (current_events.rules)
  2828080 - ETPRO CURRENT_EVENTS Successful Office 365 Phish Sep 28 2017
(current_events.rules)
  2828082 - ETPRO CURRENT_EVENTS Successful Chase Phish Sept 28 2017
(current_events.rules)
  2828085 - ETPRO CURRENT_EVENTS Successful Netflix Phish (BR) Sep 28 2017
(current_events.rules)
  2828093 - ETPRO TROJAN Win32/CoinMiner CnC Check-in POST Request
(trojan.rules)
  2828112 - ETPRO TROJAN MSIL/AnimusBot CnC Checkin (trojan.rules)
  2828114 - ETPRO TROJAN MSIL/MLSN Bot CnC Checkin (trojan.rules)
  2828118 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish M2
Oct 02 2017 (current_events.rules)
  2828119 - ETPRO CURRENT_EVENTS Successful Facebook Phish Oct 02 2017
(current_events.rules)
  2828120 - ETPRO TROJAN MSIL/ClipBanker.DH CnC Checkin (trojan.rules)
  2828121 - ETPRO TROJAN MSIL/Unk.Agent.AES CnC Checkin (trojan.rules)
  2828127 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 03 2017
(current_events.rules)
  2828131 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
224 (mobile_malware.rules)
  2828132 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
225 (mobile_malware.rules)
  2828133 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
226 (mobile_malware.rules)
  2828134 - ETPRO TROJAN MSIL/Generik.LVSOCW (Keylogger) CnC Checkin
(trojan.rules)
  2828136 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
227 (mobile_malware.rules)
  2828137 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
228 (mobile_malware.rules)
  2828138 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
229 (mobile_malware.rules)
  2828139 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
230 (mobile_malware.rules)
  2828140 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
231 (mobile_malware.rules)
  2828141 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
232 (mobile_malware.rules)
  2828142 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
233 (mobile_malware.rules)
  2828146 - ETPRO CURRENT_EVENTS Successful Bank Username/Account Number
Phish Oct 04 2017 (current_events.rules)
  2828148 - ETPRO CURRENT_EVENTS Successful Bank Password/Credit Card
Number Phish Oct 04 2017 (current_events.rules)
  2828149 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
234 (mobile_malware.rules)
  2828150 - ETPRO TROJAN Banker.Win32.Capper/Tepoyx.A Checkin (trojan.rules)
  2828151 - ETPRO TROJAN Xwdoor Variant HTTP CnC Beacon (trojan.rules)
  2828160 - ETPRO TROJAN MSIL/Spy.Agent.UM CnC Checkin (trojan.rules)
  2828165 - ETPRO TROJAN Evil TeamViewer Controller CnC Activity 1
(trojan.rules)
  2828167 - ETPRO TROJAN Evil TeamViewer Controller CnC Checkin
(trojan.rules)
  2828168 - ETPRO TROJAN APT.Cmstar Requesting Payload M2 (trojan.rules)
  2828169 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 05 2017
(current_events.rules)
  2828171 - ETPRO CURRENT_EVENTS Successful Mcafee Support Phish Oct 06
2017 (current_events.rules)
  2828183 - ETPRO TROJAN Possible FreeMilk Beacon to CnC 1 (trojan.rules)
  2828188 - ETPRO CURRENT_EVENTS Successful Google Account/Adwords Phish
Oct 06 2017 (current_events.rules)
  2828192 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Oct 09
2017 (current_events.rules)
  2828193 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Oct 09
2017 (current_events.rules)
  2828194 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
235 (mobile_malware.rules)
  2828195 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
236 (mobile_malware.rules)
  2828196 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
237 (mobile_malware.rules)
  2828198 - ETPRO TROJAN Unknown.BR Banker Checkin (trojan.rules)
  2828201 - ETPRO TROJAN W32.Gafanhoto.BR Checkin (trojan.rules)
  2828203 - ETPRO CURRENT_EVENTS Successful Adobe Phish Aug 22 2017
(current_events.rules)
  2828214 - ETPRO CURRENT_EVENTS Successful Isbank (TK) Phish Oct 10 2017
(current_events.rules)
  2828217 - ETPRO CURRENT_EVENTS Successful Personalized Phish Oct 10 2017
(current_events.rules)
  2828227 - ETPRO CURRENT_EVENTS Successful Paypal (IT) Phish Oct 10 2017
(current_events.rules)
  2828228 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish Oct 10
2017 (current_events.rules)
  2828229 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 10
2017 (current_events.rules)
  2836224 - ETPRO CURRENT_EVENTS Successful Square Phish 2019-05-03
(current_events.rules)

[///]    Modified inactive rules:    [///]

  2024441 - ET TROJAN Tinba CnC Checkin (trojan.rules)
  2024485 - ET TROJAN Observed Malicious Domain SSL Cert in SNI
(RansomBlocker CnC) (trojan.rules)
  2827819 - ETPRO TROJAN Win32/Agent.CMHT Sending Screenshot to CnC
(trojan.rules)

[---]         Disabled rules:        [---]

  2812821 - ETPRO TROJAN Backdoor.Telnneru CnC Beacon (INBOUND) 6
(trojan.rules)

[---]         Removed rules:         [---]

  2840341 - ETPRO CURRENT_EVENTS Successful Square Phish 2020-01-09
(current_events.rules)

Date:
Summary title:
4 new OPEN, 26 new PRO (4 + 22). CobaltStrike, Mirai, AveMaria RAT, Various Phish, Others.