Daily Ruleset Update Summary 2020/08/13

[***] Summary: [***]

8 new OPEN, 17 new PRO (8 + 9). Drovorub, Remcos, Qudox, Various Phish, Others.

Thanks: @ViriBack.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2030680 - ET CURRENT_EVENTS Possible Generic Microsoft Hosted Phishing
Landing M1 (current_events.rules)
2030681 - ET CURRENT_EVENTS Possible Generic Microsoft Hosted Phishing
Landing M2 (current_events.rules)
2030682 - ET TROJAN Qudox CnC Actiivty (trojan.rules)
2030683 - ET TROJAN Drovorub cloud.auth Module Server Response
(trojan.rules)
2030684 - ET TROJAN Drovorub file Module Server Response (trojan.rules)
2030685 - ET TROJAN Drovorub monitor Module Server Response (trojan.rules)
2030686 - ET TROJAN Drovorub shell Module Server Response (trojan.rules)
2030687 - ET TROJAN Drovorub tunnel Module Server Response (trojan.rules)

Pro:

2843999 - ETPRO CURRENT_EVENTS Successful Dynamic DNS Hosted Generic
Phish 2020-08-13 (duckdns.org) (current_events.rules)
2844000 - ETPRO CURRENT_EVENTS Generic Microsoft Hosted Proofpoint
Phishing Landing (current_events.rules)
2844001 - ETPRO CURRENT_EVENTS Possible Generic Microsoft Hosted
Successful Phish 2020-08-13 (current_events.rules)
2844002 - ETPRO CURRENT_EVENTS Successful Proofpoint Phish 2020-08-13
(current_events.rules)
2844003 - ETPRO TROJAN W32/Banload Variant CnC Host Checkin (trojan.rules)
2844004 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-12 1) (trojan.rules)
2844005 - ETPRO POLICY Inbound Charcode Obfuscated PowerShell
(policy.rules)
2844006 - ETPRO TROJAN Win32/Remcos RAT Checkin 522 (trojan.rules)
2844007 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)

[///] Modified active rules: [///]

2001564 - ET INFO PUP/PUA OSSProxy HTTP Header (info.rules)
2003380 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader
(ver18/ver19 etc) (trojan.rules)
2004442 - ET TROJAN Banker.Delf User-Agent (hhh) (trojan.rules)
2006999 - ET TROJAN Brontok User-Agent Detected (Brontok.A3 Browser)
(trojan.rules)
2007778 - ET USER_AGENTS User-agent DownloadNetFile Win32.small.hsh
downloader (user_agents.rules)
2007824 - ET TROJAN Banker.anv Generally Suspicious User-Agent
(CustomExchangeBrowser) (trojan.rules)
2008253 - ET USER_AGENTS Suspicious User-Agent (chek) (user_agents.rules)
2008259 - ET USER_AGENTS Suspicious User-Agent (AutoHotkey)
(user_agents.rules)
2008276 - ET USER_AGENTS Suspicious User-Agent (contains loader)
(user_agents.rules)
2008378 - ET USER_AGENTS Suspicious User-Agent (ErrCode)
(user_agents.rules)
2008765 - ET TROJAN Brontok/Joseray User-Agent Detected (Joseray.A3
Browser) (trojan.rules)
2009081 - ET TROJAN Password Stealer - User-Agent (Ucheck) (trojan.rules)
2009537 - ET USER_AGENTS Suspicious User-Agent (Loands) - Possible Trojan
Downloader GET Request (user_agents.rules)
2009538 - ET USER_AGENTS Suspicious User-Agent (ms_ie) - Crypt.ZPACK Gen
Trojan Downloader GET Request (user_agents.rules)
2009547 - ET USER_AGENTS Suspicious User-Agent (Forthgoner) - Possible
Trojan Downloader GET Request (user_agents.rules)
2009805 - ET TROJAN Luder.B User-Agent (Mozilla/4.0 (SPGK)) - GET
(trojan.rules)
2009810 - ET TROJAN Swizzor-based Downloader - Invalid User-Agent
(Mozilla/4.0 (compatible MSIE 7.0 na .NET CLR 2.0.50727 .NET CLR
3.0.4506.2152 .NET CLR 3.5.30729)) (trojan.rules)
2009825 - ET TROJAN Win32.VB.tdq - Fake User-Agent (trojan.rules)
2010490 - ET TROJAN Vundo User-Agent Check-in (trojan.rules)
2011482 - ET TROJAN IMDDOS Botnet User-Agent kav (trojan.rules)
2012310 - ET USER_AGENTS Si25f_302 User-Agent (user_agents.rules)
2012312 - ET TROJAN Generic Trojan with /? and Indy Library User-Agent
(trojan.rules)
2012322 - ET TROJAN Possible TDSS User-Agent CMD (trojan.rules)
2012586 - ET USER_AGENTS Suspicious User-Agent Im Luo (user_agents.rules)
2012959 - ET USER_AGENTS MacShield User-Agent Likely Malware
(user_agents.rules)
2013374 - ET TROJAN FakeAV User-Agent XML (trojan.rules)
2013394 - ET MALWARE W32/SpeedRunner User-Agent SRRemove (malware.rules)
2013395 - ET USER_AGENTS Suspicious User-Agent _updater_agent
(user_agents.rules)
2013444 - ET MALWARE Win32/Onescan FraudWare User-Agent (malware.rules)
2013507 - ET TROJAN Win32/Dynamer Trojan Dropper User-Agent VB Http
(trojan.rules)
2013512 - ET USER_AGENTS Suspicious User-Agent (MadeByLc)
(user_agents.rules)
2013724 - ET USER_AGENTS W32/OnlineGames User-Agent (LockXLS)
(user_agents.rules)
2013880 - ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
(user_agents.rules)
2013889 - ET MALWARE Suspicious User-Agent (MediaLabsSiteInstaller)
(malware.rules)
2015909 - ET CURRENT_EVENTS Successful Bank of America Phish M1 Oct 01
2012 (current_events.rules)
2015938 - ET CURRENT_EVENTS Chase/Bank of America Phishing Landing Uri
Structure Nov 27 2012 (current_events.rules)
2015972 - ET CURRENT_EVENTS Successful PayPal Phish Nov 30 2012
(current_events.rules)
2015980 - ET CURRENT_EVENTS Successful Google Account Phish Dec 04 2012
(current_events.rules)
2016063 - ET CURRENT_EVENTS Successful PayPal Phish Dec 19 2012
(current_events.rules)
2016327 - ET CURRENT_EVENTS Possible Successful Phish - Generic POST to
myform.php Feb 01 2013 (current_events.rules)
2016530 - ET TROJAN W32/Asprox.FakeAV Affiliate Second Stage Download
Location Request (trojan.rules)
2018304 - ET CURRENT_EVENTS Successful iTunes Phish Mar 21 2014
(current_events.rules)
2018305 - ET CURRENT_EVENTS Successful iTunes Phish Mar 21 2014
(current_events.rules)
2018608 - ET USER_AGENTS Suspicious User-Agent (HardCore Software For)
(user_agents.rules)
2019781 - ET CURRENT_EVENTS Successful AOL/PayPal Phish Nov 24 2014
(current_events.rules)
2022086 - ET CURRENT_EVENTS Revalidation Phish Landing Nov 13 2015
(current_events.rules)
2022498 - ET CURRENT_EVENTS Successful Apple Phish M2 Feb 06 2016
(current_events.rules)
2022499 - ET CURRENT_EVENTS Successful Apple Phish M3 Feb 06 2016
(current_events.rules)
2022597 - ET CURRENT_EVENTS Possible Phishing Landing - Data URI Inline
Javascript Mar 07 2016 (current_events.rules)
2023044 - ET CURRENT_EVENTS Apple Suspended Account Phishing Landing Aug
09 2016 (current_events.rules)
2023045 - ET CURRENT_EVENTS Excel Online Phishing Landing Aug 09 2016
(current_events.rules)
2023760 - ET CURRENT_EVENTS Successful Paypal Phish Jan 23 2017
(current_events.rules)
2024098 - ET CURRENT_EVENTS Windows Settings Phishing Landing Jul 22 2016
(current_events.rules)
2024554 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb
26 2016 (current_events.rules)
2024556 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb
26 2016 (current_events.rules)
2024557 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8
2016 (current_events.rules)
2024558 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul
13 2016 (current_events.rules)
2024561 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Sept
02 2016 (current_events.rules)
2024562 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct
13 2016 (current_events.rules)
2024563 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct
25 2016 (current_events.rules)
2024564 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct
26 2016 (current_events.rules)
2024836 - ET CURRENT_EVENTS SUSPICIOUS DOC Download from commonly abused
file share site (current_events.rules)
2024838 - ET CURRENT_EVENTS Successful Ziraat Bankasi (TK) Phish M1 Oct
12 2017 (current_events.rules)
2024839 - ET CURRENT_EVENTS Successful Ziraat Bankasi (TK) Phish M2 Oct
12 2017 (current_events.rules)
2024843 - ET SCAN struts-pwn User-Agent (scan.rules)
2024847 - ET CURRENT_EVENTS Successful Paypal (FR) Phish Oct 16 2017
(current_events.rules)
2024848 - ET TROJAN Trojan.JS.Agent.dwz Checkin (trojan.rules)
2024849 - ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 1
(trojan.rules)
2024851 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024853 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024855 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024857 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024859 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024861 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024863 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024866 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024875 - ET TROJAN Possible Winnti-related Destination (google-searching
.com) (trojan.rules)
2024876 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024877 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
2024884 - ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP
POST) (exploit.rules)
2024885 - ET EXPLOIT Possible CVE-2017-12629 XXE Exploit Attempt (URI)
(exploit.rules)
2024886 - ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP
GET 1) (exploit.rules)
2024887 - ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP
GET 2) (exploit.rules)
2024897 - ET USER_AGENTS Go HTTP Client User-Agent (user_agents.rules)
2024900 - ET TROJAN Locky Intermediate Downloader (trojan.rules)
2024905 - ET TROJAN BadRabbit Ransomware Activity Via WebDAV (cscc)
(trojan.rules)
2024906 - ET TROJAN BadRabbit Ransomware Activity Via WebDAV (infpub)
(trojan.rules)
2024910 - ET TROJAN BadRabbit Ransomware Payment Onion Domain
(trojan.rules)
2024913 - ET EXPLOIT D-Link 850L Password Extract Attempt (exploit.rules)
2024915 - ET EXPLOIT Possible Vacron NVR Remote Command Execution
(exploit.rules)
2024916 - ET EXPLOIT Netgear DGN Remote Command Execution (exploit.rules)
2024917 - ET EXPLOIT AVTECH Unauthenticated Command Injection in DVR
Devices (exploit.rules)
2024918 - ET EXPLOIT AVTECH Authenticated Command Injection in
CloudSetup.cgi (exploit.rules)
2024919 - ET EXPLOIT AVTECH Authenticated Command Injection in
adcommand.cgi (exploit.rules)
2024920 - ET EXPLOIT AVTECH Authenticated Command Injection in PwdGrp.cgi
(exploit.rules)
2024924 - ET TROJAN Possible IoT_reaper ELF Binary Request M1 (set)
(trojan.rules)
2024925 - ET TROJAN Possible IoT_reaper ELF Binary Request M2 (set)
(trojan.rules)
2024926 - ET TROJAN Possible IoT_reaper ELF Binary Request M3 (set)
(trojan.rules)
2024927 - ET TROJAN Possible IoT_reaper ELF Binary Request M4 (set)
(trojan.rules)
2024930 - ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget
in body (web_server.rules)
2024932 - ET CURRENT_EVENTS Possible BACKSWING JS Framework POST Observed
(current_events.rules)
2024937 - ET TROJAN Downeks/Quasar DNS Lookup (cloudns .club)
(trojan.rules)
2024938 - ET TROJAN Downeks/Quasar DNS Lookup (topsite .life)
(trojan.rules)
2024939 - ET TROJAN Downeks/Quasar DNS Lookup (updatesforme .club)
(trojan.rules)
2024940 - ET TROJAN Downeks/Quasar DNS Lookup (moreoffer .life)
(trojan.rules)
2025030 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish Oct 10 2017 (current_events.rules)
2025031 - ET CURRENT_EVENTS Successful Office 365 Phish Oct 10 2017 (set)
(current_events.rules)
2025032 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct
26 2017 (current_events.rules)
2025033 - ET CURRENT_EVENTS Successful Generic Phish (set) Oct 30 2017
(current_events.rules)
2029663 - ET CURRENT_EVENTS Successful OX App Suite Phish 2017-10-12
(current_events.rules)
2806215 - ETPRO EXPLOIT DLink DIR 645 Password Extract attempt
(exploit.rules)
2810628 - ETPRO TROJAN NanHaiShu JavaScript backdoor CnC Beacon M2 (b64
3) (trojan.rules)
2812168 - ETPRO CURRENT_EVENTS Possible Successful Docusign Phish M1 July
24 2015 (current_events.rules)
2812169 - ETPRO CURRENT_EVENTS Successful Phish Fake Document Loading
Error Jul 27 2015 (current_events.rules)
2812243 - ETPRO CURRENT_EVENTS Possible Successful Apple Phish Jul 28
2015 (current_events.rules)
2812282 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jul 29
2015 (current_events.rules)
2812352 - ETPRO CURRENT_EVENTS Successful Email Credential Phish Aug 11
2015 (current_events.rules)
2812401 - ETPRO CURRENT_EVENTS Successful Mailbox Renew Phish Aug 13 2015
(current_events.rules)
2812493 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Aug 17 2015
(current_events.rules)
2812494 - ETPRO CURRENT_EVENTS Successful Wells Fargo Account Phish Aug
17 2015 (current_events.rules)
2812548 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M3 Aug 20
2015 (current_events.rules)
2812606 - ETPRO CURRENT_EVENTS Successful Horde Webmail Phish Aug 21 2015
(current_events.rules)
2812797 - ETPRO CURRENT_EVENTS Successful Woodforest Bank Phish M1 Aug 28
2015 (current_events.rules)
2813042 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 16 2015
(current_events.rules)
2814082 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Sept 24 2015
(current_events.rules)
2814083 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Sept 24 2015
(current_events.rules)
2814085 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 Sept 24 2015
(current_events.rules)
2814151 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 29 2015
(current_events.rules)
2814783 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Nov 6
2015 (current_events.rules)
2814917 - ETPRO CURRENT_EVENTS Successful DHL Phish Nov 13 2015
(current_events.rules)
2815030 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phishing
Nov 19 2015 (current_events.rules)
2815150 - ETPRO WEB_CLIENT Anonisma Phishing CSS M1 Nov 30 2015
(web_client.rules)
2815496 - ETPRO WEB_CLIENT Anonisma Phishing CSS Dec 28 2015
(web_client.rules)
2815601 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jan 05 2016
(current_events.rules)
2816346 - ETPRO CURRENT_EVENTS Am3Refh Obfuscated Phishing Landing Feb 22
2016 (current_events.rules)
2816601 - ETPRO CURRENT_EVENTS Adobe Phishing Landing March 08 2016
(current_events.rules)
2816609 - ETPRO CURRENT_EVENTS Successful Free.fr Phish Mar 10 2016
(current_events.rules)
2819978 - ETPRO TROJAN Tordal/Hancitor/Chanitor Checkin (trojan.rules)
2820001 - ETPRO CURRENT_EVENTS Adobe Online Document Phishing Landing May
02 2016 (current_events.rules)
2820241 - ETPRO CURRENT_EVENTS Successful Mailbox Shutdown Phish M1 May
16 2016 (current_events.rules)
2820242 - ETPRO CURRENT_EVENTS Successful Mailbox Shutdown Phish M2 May
16 2016 (current_events.rules)
2820243 - ETPRO CURRENT_EVENTS Successful Mailbox Shutdown Phish M3 May
16 2016 (current_events.rules)
2820371 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish May 26 2016
(current_events.rules)
2820453 - ETPRO CURRENT_EVENTS Adobe Cloud Phishing Landing Jun 02 2016
(current_events.rules)
2820843 - ETPRO CURRENT_EVENTS Shipping Document Phishing Landing Jun 23
2016 (current_events.rules)
2821041 - ETPRO CURRENT_EVENTS Successful DHL Phish Jul 11 2016
(current_events.rules)
2821043 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Jul 11 2016
(current_events.rules)
2821311 - ETPRO CURRENT_EVENTS Successful Intuit Phish Jul 21 2016
(current_events.rules)
2823078 - ETPRO TROJAN APT28 DealersChoice CnC Beacon M1 (trojan.rules)
2823311 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Nov 16 2016
(current_events.rules)
2825368 - ETPRO CURRENT_EVENTS Successful Instagram Phish Mar 13 2017
(current_events.rules)
2825964 - ETPRO CURRENT_EVENTS Successful Fedex Phish Apr 14 2017
(current_events.rules)
2826030 - ETPRO TROJAN GOBLIN PANDA Looc CnC Beacon (trojan.rules)
2826037 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Apr 19 2017
(current_events.rules)
2828083 - ETPRO CURRENT_EVENTS Possible Successful Chase Phish Sept 28
2017 (current_events.rules)
2828195 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
236 (mobile_malware.rules)
2828196 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
237 (mobile_malware.rules)
2828198 - ETPRO TROJAN Unknown.BR Banker Checkin (trojan.rules)
2828201 - ETPRO TROJAN W32.Gafanhoto.BR Checkin (trojan.rules)
2828203 - ETPRO CURRENT_EVENTS Successful Adobe Phish Aug 22 2017
(current_events.rules)
2828214 - ETPRO CURRENT_EVENTS Successful Isbank (TK) Phish Oct 10 2017
(current_events.rules)
2828217 - ETPRO CURRENT_EVENTS Successful Personalized Phish Oct 10 2017
(current_events.rules)
2828227 - ETPRO CURRENT_EVENTS Successful Paypal (IT) Phish Oct 10 2017
(current_events.rules)
2828228 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish Oct 10
2017 (current_events.rules)
2828229 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 10
2017 (current_events.rules)
2828231 - ETPRO POLICY IP Lookup l2 . io (policy.rules)
2828232 - ETPRO POLICY IP Lookup formyip . com (policy.rules)
2828240 - ETPRO CURRENT_EVENTS Successful Personalized Google Account
Phish Oct 11 2017 (current_events.rules)
2828242 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 11 2017
(current_events.rules)
2828243 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 11 2017
(current_events.rules)
2828245 - ETPRO CURRENT_EVENTS Successful CartaSi Phish Oct 11 2017
(current_events.rules)
2828246 - ETPRO TROJAN Powersource/DNSMessenger Process List CnC Checkin
via HTTP (trojan.rules)
2828247 - ETPRO CURRENT_EVENTS Successful Microsoft Secure Your Account
Phish Oct 11 2017 (current_events.rules)
2828249 - ETPRO CURRENT_EVENTS Successful Hotmail Phish Oct 11 2017
(current_events.rules)
2828255 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish Oct 12
2017 (current_events.rules)
2828263 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 7
(mobile_malware.rules)
2828267 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish M2 Oct
12 2017 (current_events.rules)
2828271 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 12 2017
(current_events.rules)
2828273 - ETPRO WEB_CLIENT Anonisma Phishing CSS M1 Oct 12 2017
(web_client.rules)
2828274 - ETPRO WEB_CLIENT Anonisma Phishing CSS M2 Oct 12 2017
(web_client.rules)
2828276 - ETPRO WEB_CLIENT Anonisma Phishing CSS M4 Oct 12 2017
(web_client.rules)
2828277 - ETPRO WEB_CLIENT Anonisma Phishing CSS M5 Oct 12 2017
(web_client.rules)
2828278 - ETPRO WEB_CLIENT z118 Phishing CSS M1 Oct 12 2017
(web_client.rules)
2828279 - ETPRO WEB_CLIENT z118 Phishing CSS M2 Oct 12 2017
(web_client.rules)
2828280 - ETPRO WEB_CLIENT z118 Phishing CSS M3 Oct 12 2017
(web_client.rules)
2828282 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 12 2017
(current_events.rules)
2828283 - ETPRO TROJAN VJworm Checkin (trojan.rules)
2828285 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 13 2017
(current_events.rules)
2828286 - ETPRO TROJAN Sage Ransomware Variant Checkin (trojan.rules)
2828299 - ETPRO CURRENT_EVENTS Successful SFR Phish M1 Oct 13 2017
(current_events.rules)
2828300 - ETPRO CURRENT_EVENTS Successful SFR Phish M2 Oct 13 2017
(current_events.rules)
2828304 - ETPRO WEB_CLIENT Generic JS Phishing Redirect Oct 13 2017
(web_client.rules)
2828305 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 13 2017
(current_events.rules)
2828318 - ETPRO CURRENT_EVENTS Successful Apple GSX Phish Oct 16 2017
(current_events.rules)
2828323 - ETPRO CURRENT_EVENTS Successful Societe Generale Banque Phish
M1 Oct 17 2017 (current_events.rules)
2828325 - ETPRO CURRENT_EVENTS Successful Societe Generale Banque Phish
M2 Oct 17 2017 (current_events.rules)
2828328 - ETPRO USER_AGENTS NoBo User-Agent (user_agents.rules)
2828329 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o CnC
Beacon (mobile_malware.rules)
2828330 - ETPRO TROJAN Possible Magnitude/Magnigate EK Server HTTP
Response Header (trojan.rules)
2828336 - ETPRO TROJAN Win32/Agent.SVE Failed CnC Checkin (trojan.rules)
2828337 - ETPRO TROJAN MSIL/PSW.CoinStealer.AZ Sending Base64 Encoded
System Info to CnC (trojan.rules)
2828339 - ETPRO CURRENT_EVENTS Successful Delta Phish Oct 18 2017
(current_events.rules)
2828340 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 18 2017
(current_events.rules)
2828351 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
238 (mobile_malware.rules)
2828387 - ETPRO CURRENT_EVENTS Successful Vodafone Phish Oct 23 2017
(current_events.rules)
2828390 - ETPRO CURRENT_EVENTS Successful Craigslist Phish Oct 23 2017
(current_events.rules)
2828391 - ETPRO CURRENT_EVENTS Successful National Australian Bank Phish
M1 Oct 23 2017 (current_events.rules)
2828392 - ETPRO CURRENT_EVENTS Successful NAB Phish M2 Oct 23 2017
(current_events.rules)
2828393 - ETPRO CURRENT_EVENTS Successful Xapo Cryptocurrency Wallet
Phish Oct 24 2017 (current_events.rules)
2828394 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Oct 24
2017 (current_events.rules)
2828395 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Oct 24
2017 (current_events.rules)
2828401 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Oct 24 2017
(current_events.rules)
2828402 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 24 2017
(current_events.rules)
2828403 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 Oct 24 2017
(current_events.rules)
2828404 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 Oct 24 2017
(current_events.rules)
2828405 - ETPRO CURRENT_EVENTS Successful Chase Phish M5 Oct 24 2017
(current_events.rules)
2828407 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 24
2017 (current_events.rules)
2828409 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 24 2017
(current_events.rules)
2828410 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish Oct 24 2017
(current_events.rules)
2828411 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 24 2017
(current_events.rules)
2828413 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 24 2017
(current_events.rules)
2828416 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Oct 25
2017 (current_events.rules)
2828417 - ETPRO CURRENT_EVENTS Successful Stripe Phish Oct 25 2017
(current_events.rules)
2828419 - ETPRO CURRENT_EVENTS Successful Mercado Livre Phish Oct 25 2017
(current_events.rules)
2828420 - ETPRO CURRENT_EVENTS Successful Netease Phish Oct 25 2017
(current_events.rules)
2828421 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 25 2017
(current_events.rules)
2828422 - ETPRO CURRENT_EVENTS Successful Docusign Phish Oct 25 2017
(current_events.rules)
2828424 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Oct 25 2017
(current_events.rules)
2828442 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Oct 26 2017
(current_events.rules)
2828453 - ETPRO CURRENT_EVENTS Successful Hipercard (BR) Phish Oct 27
2017 (current_events.rules)
2828457 - ETPRO CURRENT_EVENTS Successful DHL Phish M1 Oct 27 2017
(current_events.rules)
2828460 - ETPRO CURRENT_EVENTS Successful Orange Phish Oct 27 2017
(current_events.rules)
2828461 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
239 (mobile_malware.rules)
2828462 - ETPRO TROJAN MSIL/CryptoService Coin Stealer Exfil
(trojan.rules)
2828470 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
240 (mobile_malware.rules)
2828472 - ETPRO CURRENT_EVENTS Successful Fedex Phish Oct 30 2017
(current_events.rules)
2828474 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 30 2017
(current_events.rules)
2828476 - ETPRO TROJAN Chthonic CnC Beacon 11 (trojan.rules)
2828478 - ETPRO TROJAN VB.BadPatch Checkin (trojan.rules)
2828479 - ETPRO TROJAN AU3.BadPatch Malware CnC 1 (trojan.rules)
2828480 - ETPRO TROJAN AU3.BadPatch Malware CnC 2 (trojan.rules)
2828481 - ETPRO TROJAN MSIL/Game.Browser Stealer CnC Checkin
(trojan.rules)
2828483 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
241 (mobile_malware.rules)
2828485 - ETPRO CURRENT_EVENTS Successful Spotify Phish M2 Nov 01 2017
(current_events.rules)
2828491 - ETPRO TROJAN Bahamut/InPageCampaign MSIL.Mxiupdate Checkin
(trojan.rules)
2828507 - ETPRO TROJAN Fake Gif Response - Powershell Leading to Trojan
(trojan.rules)
2828509 - ETPRO TROJAN Koadic Backdoor CnC Beacon (trojan.rules)
2828511 - ETPRO TROJAN Win32/SniperTgr Requesting Payload (trojan.rules)
2828512 - ETPRO TROJAN Reuqst.JS Sending System Information (trojan.rules)
2843524 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-14 (current_events.rules)

Date:

Thursday, August 13, 2020

Summary title:

8 new OPEN, 17 new PRO (8 + 9). Drovorub, Remcos, Qudox, Various Phish, Others.