[***]            Summary:            [***]

8 new OPEN, 17 new PRO (8 + 9).  Drovorub, Remcos, Qudox, Various Phish, Others.

Thanks: @ViriBack.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030680 - ET CURRENT_EVENTS Possible Generic Microsoft Hosted Phishing
Landing M1 (current_events.rules)
  2030681 - ET CURRENT_EVENTS Possible Generic Microsoft Hosted Phishing
Landing M2 (current_events.rules)
  2030682 - ET TROJAN Qudox CnC Actiivty (trojan.rules)
  2030683 - ET TROJAN Drovorub cloud.auth Module Server Response
(trojan.rules)
  2030684 - ET TROJAN Drovorub file Module Server Response (trojan.rules)
  2030685 - ET TROJAN Drovorub monitor Module Server Response (trojan.rules)
  2030686 - ET TROJAN Drovorub shell Module Server Response (trojan.rules)
  2030687 - ET TROJAN Drovorub tunnel Module Server Response (trojan.rules)

Pro:

  2843999 - ETPRO CURRENT_EVENTS Successful Dynamic DNS Hosted Generic
Phish 2020-08-13 (duckdns.org) (current_events.rules)
  2844000 - ETPRO CURRENT_EVENTS Generic Microsoft Hosted Proofpoint
Phishing Landing (current_events.rules)
  2844001 - ETPRO CURRENT_EVENTS Possible Generic Microsoft Hosted
Successful Phish 2020-08-13 (current_events.rules)
  2844002 - ETPRO CURRENT_EVENTS Successful Proofpoint Phish 2020-08-13
(current_events.rules)
  2844003 - ETPRO TROJAN W32/Banload Variant CnC Host Checkin (trojan.rules)
  2844004 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-12 1) (trojan.rules)
  2844005 - ETPRO POLICY Inbound Charcode Obfuscated PowerShell
(policy.rules)
  2844006 - ETPRO TROJAN Win32/Remcos RAT Checkin 522 (trojan.rules)
  2844007 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)

[///]     Modified active rules:     [///]

  2001564 - ET INFO PUP/PUA OSSProxy HTTP Header (info.rules)
  2003380 - ET TROJAN Suspicious User-Agent - Possible Trojan Downloader
(ver18/ver19 etc) (trojan.rules)
  2004442 - ET TROJAN Banker.Delf User-Agent (hhh) (trojan.rules)
  2006999 - ET TROJAN Brontok User-Agent Detected (Brontok.A3 Browser)
(trojan.rules)
  2007778 - ET USER_AGENTS User-agent DownloadNetFile Win32.small.hsh
downloader (user_agents.rules)
  2007824 - ET TROJAN Banker.anv Generally Suspicious User-Agent
(CustomExchangeBrowser) (trojan.rules)
  2008253 - ET USER_AGENTS Suspicious User-Agent (chek) (user_agents.rules)
  2008259 - ET USER_AGENTS Suspicious User-Agent (AutoHotkey)
(user_agents.rules)
  2008276 - ET USER_AGENTS Suspicious User-Agent (contains loader)
(user_agents.rules)
  2008378 - ET USER_AGENTS Suspicious User-Agent (ErrCode)
(user_agents.rules)
  2008765 - ET TROJAN Brontok/Joseray User-Agent Detected (Joseray.A3
Browser) (trojan.rules)
  2009081 - ET TROJAN Password Stealer - User-Agent (Ucheck) (trojan.rules)
  2009537 - ET USER_AGENTS Suspicious User-Agent (Loands) - Possible Trojan
Downloader GET Request (user_agents.rules)
  2009538 - ET USER_AGENTS Suspicious User-Agent (ms_ie) - Crypt.ZPACK Gen
Trojan Downloader GET Request (user_agents.rules)
  2009547 - ET USER_AGENTS Suspicious User-Agent (Forthgoner) - Possible
Trojan Downloader GET Request (user_agents.rules)
  2009805 - ET TROJAN Luder.B User-Agent (Mozilla/4.0 (SPGK)) - GET
(trojan.rules)
  2009810 - ET TROJAN Swizzor-based Downloader - Invalid User-Agent
(Mozilla/4.0 (compatible MSIE 7.0 na .NET CLR 2.0.50727 .NET CLR
3.0.4506.2152 .NET CLR 3.5.30729)) (trojan.rules)
  2009825 - ET TROJAN Win32.VB.tdq - Fake User-Agent (trojan.rules)
  2010490 - ET TROJAN Vundo User-Agent Check-in (trojan.rules)
  2011482 - ET TROJAN IMDDOS Botnet User-Agent kav (trojan.rules)
  2012310 - ET USER_AGENTS Si25f_302 User-Agent (user_agents.rules)
  2012312 - ET TROJAN Generic Trojan with /? and Indy Library User-Agent
(trojan.rules)
  2012322 - ET TROJAN Possible TDSS User-Agent CMD (trojan.rules)
  2012586 - ET USER_AGENTS Suspicious User-Agent Im Luo (user_agents.rules)
  2012959 - ET USER_AGENTS MacShield User-Agent Likely Malware
(user_agents.rules)
  2013374 - ET TROJAN FakeAV User-Agent XML (trojan.rules)
  2013394 - ET MALWARE W32/SpeedRunner User-Agent SRRemove (malware.rules)
  2013395 - ET USER_AGENTS Suspicious User-Agent _updater_agent
(user_agents.rules)
  2013444 - ET MALWARE Win32/Onescan FraudWare User-Agent (malware.rules)
  2013507 - ET TROJAN Win32/Dynamer Trojan Dropper User-Agent VB Http
(trojan.rules)
  2013512 - ET USER_AGENTS Suspicious User-Agent (MadeByLc)
(user_agents.rules)
  2013724 - ET USER_AGENTS W32/OnlineGames User-Agent (LockXLS)
(user_agents.rules)
  2013880 - ET USER_AGENTS Suspicious User-Agent (FULLSTUFF)
(user_agents.rules)
  2013889 - ET MALWARE Suspicious User-Agent (MediaLabsSiteInstaller)
(malware.rules)
  2015909 - ET CURRENT_EVENTS Successful Bank of America Phish M1 Oct 01
2012 (current_events.rules)
  2015938 - ET CURRENT_EVENTS Chase/Bank of America Phishing Landing Uri
Structure Nov 27 2012  (current_events.rules)
  2015972 - ET CURRENT_EVENTS Successful PayPal Phish Nov 30 2012
(current_events.rules)
  2015980 - ET CURRENT_EVENTS Successful Google Account Phish Dec 04 2012
(current_events.rules)
  2016063 - ET CURRENT_EVENTS Successful PayPal Phish Dec 19 2012
(current_events.rules)
  2016327 - ET CURRENT_EVENTS Possible Successful Phish - Generic POST to
myform.php Feb 01 2013 (current_events.rules)
  2016530 - ET TROJAN W32/Asprox.FakeAV Affiliate Second Stage Download
Location Request (trojan.rules)
  2018304 - ET CURRENT_EVENTS Successful iTunes Phish Mar 21 2014
(current_events.rules)
  2018305 - ET CURRENT_EVENTS Successful iTunes Phish Mar 21 2014
(current_events.rules)
  2018608 - ET USER_AGENTS Suspicious User-Agent (HardCore Software For)
(user_agents.rules)
  2019781 - ET CURRENT_EVENTS Successful AOL/PayPal Phish Nov 24 2014
(current_events.rules)
  2022086 - ET CURRENT_EVENTS Revalidation Phish Landing Nov 13 2015
(current_events.rules)
  2022498 - ET CURRENT_EVENTS Successful Apple Phish M2 Feb 06 2016
(current_events.rules)
  2022499 - ET CURRENT_EVENTS Successful Apple Phish M3 Feb 06 2016
(current_events.rules)
  2022597 - ET CURRENT_EVENTS Possible Phishing Landing - Data URI Inline
Javascript Mar 07 2016 (current_events.rules)
  2023044 - ET CURRENT_EVENTS Apple Suspended Account Phishing Landing Aug
09 2016 (current_events.rules)
  2023045 - ET CURRENT_EVENTS Excel Online Phishing Landing Aug 09 2016
(current_events.rules)
  2023760 - ET CURRENT_EVENTS Successful Paypal Phish Jan 23 2017
(current_events.rules)
  2024098 - ET CURRENT_EVENTS Windows Settings Phishing Landing Jul 22 2016
(current_events.rules)
  2024554 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb
26 2016 (current_events.rules)
  2024556 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb
26 2016 (current_events.rules)
  2024557 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8
2016 (current_events.rules)
  2024558 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul
13 2016 (current_events.rules)
  2024561 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Sept
02 2016 (current_events.rules)
  2024562 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct
13 2016 (current_events.rules)
  2024563 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct
25 2016 (current_events.rules)
  2024564 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct
26 2016 (current_events.rules)
  2024836 - ET CURRENT_EVENTS SUSPICIOUS DOC Download from commonly abused
file share site (current_events.rules)
  2024838 - ET CURRENT_EVENTS Successful Ziraat Bankasi (TK) Phish M1 Oct
12 2017 (current_events.rules)
  2024839 - ET CURRENT_EVENTS Successful Ziraat Bankasi (TK) Phish M2 Oct
12 2017 (current_events.rules)
  2024843 - ET SCAN struts-pwn User-Agent (scan.rules)
  2024847 - ET CURRENT_EVENTS Successful Paypal (FR) Phish Oct 16 2017
(current_events.rules)
  2024848 - ET TROJAN Trojan.JS.Agent.dwz Checkin (trojan.rules)
  2024849 - ET TROJAN [PTsecurity] Trojan.JS.Agent.dwz Checkin 1
(trojan.rules)
  2024851 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024853 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024855 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024857 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024859 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024861 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024863 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024866 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024875 - ET TROJAN Possible Winnti-related Destination (google-searching
.com) (trojan.rules)
  2024876 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024877 - ET TROJAN Possible Winnti-related Destination (trojan.rules)
  2024884 - ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP
POST) (exploit.rules)
  2024885 - ET EXPLOIT Possible CVE-2017-12629 XXE Exploit Attempt (URI)
(exploit.rules)
  2024886 - ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP
GET 1) (exploit.rules)
  2024887 - ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP
GET 2) (exploit.rules)
  2024897 - ET USER_AGENTS Go HTTP Client User-Agent (user_agents.rules)
  2024900 - ET TROJAN Locky Intermediate Downloader (trojan.rules)
  2024905 - ET TROJAN BadRabbit Ransomware Activity Via WebDAV (cscc)
(trojan.rules)
  2024906 - ET TROJAN BadRabbit Ransomware Activity Via WebDAV (infpub)
(trojan.rules)
  2024910 - ET TROJAN BadRabbit Ransomware Payment Onion Domain
(trojan.rules)
  2024913 - ET EXPLOIT D-Link 850L Password Extract Attempt (exploit.rules)
  2024915 - ET EXPLOIT Possible Vacron NVR Remote Command Execution
(exploit.rules)
  2024916 - ET EXPLOIT Netgear DGN Remote Command Execution (exploit.rules)
  2024917 - ET EXPLOIT AVTECH Unauthenticated Command Injection in DVR
Devices (exploit.rules)
  2024918 - ET EXPLOIT AVTECH Authenticated Command Injection in
CloudSetup.cgi (exploit.rules)
  2024919 - ET EXPLOIT AVTECH Authenticated Command Injection in
adcommand.cgi (exploit.rules)
  2024920 - ET EXPLOIT AVTECH Authenticated Command Injection in PwdGrp.cgi
(exploit.rules)
  2024924 - ET TROJAN Possible IoT_reaper ELF Binary Request M1 (set)
(trojan.rules)
  2024925 - ET TROJAN Possible IoT_reaper ELF Binary Request M2 (set)
(trojan.rules)
  2024926 - ET TROJAN Possible IoT_reaper ELF Binary Request M3 (set)
(trojan.rules)
  2024927 - ET TROJAN Possible IoT_reaper ELF Binary Request M4 (set)
(trojan.rules)
  2024930 - ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget
in body (web_server.rules)
  2024932 - ET CURRENT_EVENTS Possible BACKSWING JS Framework POST Observed
(current_events.rules)
  2024937 - ET TROJAN Downeks/Quasar DNS Lookup (cloudns .club)
(trojan.rules)
  2024938 - ET TROJAN Downeks/Quasar DNS Lookup (topsite .life)
(trojan.rules)
  2024939 - ET TROJAN Downeks/Quasar DNS Lookup (updatesforme .club)
(trojan.rules)
  2024940 - ET TROJAN Downeks/Quasar DNS Lookup (moreoffer .life)
(trojan.rules)
  2025030 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish Oct 10 2017 (current_events.rules)
  2025031 - ET CURRENT_EVENTS Successful Office 365 Phish Oct 10 2017 (set)
(current_events.rules)
  2025032 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct
26 2017 (current_events.rules)
  2025033 - ET CURRENT_EVENTS Successful Generic Phish (set) Oct 30 2017
(current_events.rules)
  2029663 - ET CURRENT_EVENTS Successful OX App Suite Phish 2017-10-12
(current_events.rules)
  2806215 - ETPRO EXPLOIT DLink DIR 645 Password Extract attempt
(exploit.rules)
  2810628 - ETPRO TROJAN NanHaiShu JavaScript backdoor CnC Beacon M2 (b64
3) (trojan.rules)
  2812168 - ETPRO CURRENT_EVENTS Possible Successful Docusign Phish M1 July
24 2015 (current_events.rules)
  2812169 - ETPRO CURRENT_EVENTS Successful Phish Fake Document Loading
Error Jul 27 2015 (current_events.rules)
  2812243 - ETPRO CURRENT_EVENTS Possible Successful Apple Phish Jul 28
2015 (current_events.rules)
  2812282 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jul 29
2015 (current_events.rules)
  2812352 - ETPRO CURRENT_EVENTS Successful Email Credential Phish Aug 11
2015 (current_events.rules)
  2812401 - ETPRO CURRENT_EVENTS Successful Mailbox Renew Phish Aug 13 2015
(current_events.rules)
  2812493 - ETPRO CURRENT_EVENTS Successful Apple ID Phish Aug 17 2015
(current_events.rules)
  2812494 - ETPRO CURRENT_EVENTS Successful Wells Fargo Account Phish Aug
17 2015 (current_events.rules)
  2812548 - ETPRO CURRENT_EVENTS Successful Amazon Account Phish M3 Aug 20
2015 (current_events.rules)
  2812606 - ETPRO CURRENT_EVENTS Successful Horde Webmail Phish Aug 21 2015
(current_events.rules)
  2812797 - ETPRO CURRENT_EVENTS Successful Woodforest Bank Phish M1 Aug 28
2015 (current_events.rules)
  2813042 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 16 2015
(current_events.rules)
  2814082 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Sept 24 2015
(current_events.rules)
  2814083 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Sept 24 2015
(current_events.rules)
  2814085 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 Sept 24 2015
(current_events.rules)
  2814151 - ETPRO CURRENT_EVENTS Successful DHL Phish Sept 29 2015
(current_events.rules)
  2814783 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Nov 6
2015 (current_events.rules)
  2814917 - ETPRO CURRENT_EVENTS Successful DHL Phish Nov 13 2015
(current_events.rules)
  2815030 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phishing
Nov 19 2015 (current_events.rules)
  2815150 - ETPRO WEB_CLIENT Anonisma Phishing CSS M1 Nov 30 2015
(web_client.rules)
  2815496 - ETPRO WEB_CLIENT Anonisma Phishing CSS Dec 28 2015
(web_client.rules)
  2815601 - ETPRO CURRENT_EVENTS DHL Phishing Landing Jan 05 2016
(current_events.rules)
  2816346 - ETPRO CURRENT_EVENTS Am3Refh Obfuscated Phishing Landing Feb 22
2016 (current_events.rules)
  2816601 - ETPRO CURRENT_EVENTS Adobe Phishing Landing March 08 2016
(current_events.rules)
  2816609 - ETPRO CURRENT_EVENTS Successful Free.fr Phish Mar 10 2016
(current_events.rules)
  2819978 - ETPRO TROJAN Tordal/Hancitor/Chanitor Checkin (trojan.rules)
  2820001 - ETPRO CURRENT_EVENTS Adobe Online Document Phishing Landing May
02 2016 (current_events.rules)
  2820241 - ETPRO CURRENT_EVENTS Successful Mailbox Shutdown Phish M1 May
16 2016 (current_events.rules)
  2820242 - ETPRO CURRENT_EVENTS Successful Mailbox Shutdown Phish M2 May
16 2016 (current_events.rules)
  2820243 - ETPRO CURRENT_EVENTS Successful Mailbox Shutdown Phish M3 May
16 2016 (current_events.rules)
  2820371 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish May 26 2016
(current_events.rules)
  2820453 - ETPRO CURRENT_EVENTS Adobe Cloud Phishing Landing Jun 02 2016
(current_events.rules)
  2820843 - ETPRO CURRENT_EVENTS Shipping Document Phishing Landing Jun 23
2016 (current_events.rules)
  2821041 - ETPRO CURRENT_EVENTS Successful DHL Phish Jul 11 2016
(current_events.rules)
  2821043 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Jul 11 2016
(current_events.rules)
  2821311 - ETPRO CURRENT_EVENTS Successful Intuit Phish Jul 21 2016
(current_events.rules)
  2823078 - ETPRO TROJAN APT28 DealersChoice CnC Beacon M1 (trojan.rules)
  2823311 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Nov 16 2016
(current_events.rules)
  2825368 - ETPRO CURRENT_EVENTS Successful Instagram Phish Mar 13 2017
(current_events.rules)
  2825964 - ETPRO CURRENT_EVENTS Successful Fedex Phish Apr 14 2017
(current_events.rules)
  2826030 - ETPRO TROJAN GOBLIN PANDA Looc CnC Beacon (trojan.rules)
  2826037 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Apr 19 2017
(current_events.rules)
  2828083 - ETPRO CURRENT_EVENTS Possible Successful Chase Phish Sept 28
2017 (current_events.rules)
  2828195 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
236 (mobile_malware.rules)
  2828196 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
237 (mobile_malware.rules)
  2828198 - ETPRO TROJAN Unknown.BR Banker Checkin (trojan.rules)
  2828201 - ETPRO TROJAN W32.Gafanhoto.BR Checkin (trojan.rules)
  2828203 - ETPRO CURRENT_EVENTS Successful Adobe Phish Aug 22 2017
(current_events.rules)
  2828214 - ETPRO CURRENT_EVENTS Successful Isbank (TK) Phish Oct 10 2017
(current_events.rules)
  2828217 - ETPRO CURRENT_EVENTS Successful Personalized Phish Oct 10 2017
(current_events.rules)
  2828227 - ETPRO CURRENT_EVENTS Successful Paypal (IT) Phish Oct 10 2017
(current_events.rules)
  2828228 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish Oct 10
2017 (current_events.rules)
  2828229 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Oct 10
2017 (current_events.rules)
  2828231 - ETPRO POLICY IP Lookup l2 . io (policy.rules)
  2828232 - ETPRO POLICY IP Lookup formyip . com (policy.rules)
  2828240 - ETPRO CURRENT_EVENTS Successful Personalized Google Account
Phish Oct 11 2017 (current_events.rules)
  2828242 - ETPRO CURRENT_EVENTS Successful DHL Phish Oct 11 2017
(current_events.rules)
  2828243 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 11 2017
(current_events.rules)
  2828245 - ETPRO CURRENT_EVENTS Successful CartaSi Phish Oct 11 2017
(current_events.rules)
  2828246 - ETPRO TROJAN Powersource/DNSMessenger Process List CnC Checkin
via HTTP (trojan.rules)
  2828247 - ETPRO CURRENT_EVENTS Successful Microsoft Secure Your Account
Phish Oct 11 2017 (current_events.rules)
  2828249 - ETPRO CURRENT_EVENTS Successful Hotmail Phish Oct 11 2017
(current_events.rules)
  2828255 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish Oct 12
2017 (current_events.rules)
  2828263 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 7
(mobile_malware.rules)
  2828267 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish M2 Oct
12 2017 (current_events.rules)
  2828271 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 12 2017
(current_events.rules)
  2828273 - ETPRO WEB_CLIENT Anonisma Phishing CSS M1 Oct 12 2017
(web_client.rules)
  2828274 - ETPRO WEB_CLIENT Anonisma Phishing CSS M2 Oct 12 2017
(web_client.rules)
  2828276 - ETPRO WEB_CLIENT Anonisma Phishing CSS M4 Oct 12 2017
(web_client.rules)
  2828277 - ETPRO WEB_CLIENT Anonisma Phishing CSS M5 Oct 12 2017
(web_client.rules)
  2828278 - ETPRO WEB_CLIENT z118 Phishing CSS M1 Oct 12 2017
(web_client.rules)
  2828279 - ETPRO WEB_CLIENT z118 Phishing CSS M2 Oct 12 2017
(web_client.rules)
  2828280 - ETPRO WEB_CLIENT z118 Phishing CSS M3 Oct 12 2017
(web_client.rules)
  2828282 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 12 2017
(current_events.rules)
  2828283 - ETPRO TROJAN VJworm Checkin (trojan.rules)
  2828285 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 13 2017
(current_events.rules)
  2828286 - ETPRO TROJAN Sage Ransomware Variant Checkin (trojan.rules)
  2828299 - ETPRO CURRENT_EVENTS Successful SFR Phish M1 Oct 13 2017
(current_events.rules)
  2828300 - ETPRO CURRENT_EVENTS Successful SFR Phish M2 Oct 13 2017
(current_events.rules)
  2828304 - ETPRO WEB_CLIENT Generic JS Phishing Redirect Oct 13 2017
(web_client.rules)
  2828305 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish Oct 13 2017
(current_events.rules)
  2828318 - ETPRO CURRENT_EVENTS Successful Apple GSX Phish Oct 16 2017
(current_events.rules)
  2828323 - ETPRO CURRENT_EVENTS Successful Societe Generale Banque Phish
M1 Oct 17 2017 (current_events.rules)
  2828325 - ETPRO CURRENT_EVENTS Successful Societe Generale Banque Phish
M2 Oct 17 2017 (current_events.rules)
  2828328 - ETPRO USER_AGENTS NoBo User-Agent (user_agents.rules)
  2828329 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o CnC
Beacon (mobile_malware.rules)
  2828330 - ETPRO TROJAN Possible Magnitude/Magnigate EK Server HTTP
Response Header (trojan.rules)
  2828336 - ETPRO TROJAN Win32/Agent.SVE Failed CnC Checkin (trojan.rules)
  2828337 - ETPRO TROJAN MSIL/PSW.CoinStealer.AZ Sending Base64 Encoded
System Info to CnC (trojan.rules)
  2828339 - ETPRO CURRENT_EVENTS Successful Delta Phish Oct 18 2017
(current_events.rules)
  2828340 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 18 2017
(current_events.rules)
  2828351 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
238 (mobile_malware.rules)
  2828387 - ETPRO CURRENT_EVENTS Successful Vodafone Phish Oct 23 2017
(current_events.rules)
  2828390 - ETPRO CURRENT_EVENTS Successful Craigslist Phish Oct 23 2017
(current_events.rules)
  2828391 - ETPRO CURRENT_EVENTS Successful National Australian Bank Phish
M1 Oct 23 2017 (current_events.rules)
  2828392 - ETPRO CURRENT_EVENTS Successful NAB Phish M2 Oct 23 2017
(current_events.rules)
  2828393 - ETPRO CURRENT_EVENTS Successful Xapo Cryptocurrency Wallet
Phish Oct 24 2017 (current_events.rules)
  2828394 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M1 Oct 24
2017 (current_events.rules)
  2828395 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish M2 Oct 24
2017 (current_events.rules)
  2828401 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Oct 24 2017
(current_events.rules)
  2828402 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Oct 24 2017
(current_events.rules)
  2828403 - ETPRO CURRENT_EVENTS Successful Chase Phish M3 Oct 24 2017
(current_events.rules)
  2828404 - ETPRO CURRENT_EVENTS Successful Chase Phish M4 Oct 24 2017
(current_events.rules)
  2828405 - ETPRO CURRENT_EVENTS Successful Chase Phish M5 Oct 24 2017
(current_events.rules)
  2828407 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Oct 24
2017 (current_events.rules)
  2828409 - ETPRO CURRENT_EVENTS Successful Netflix Phish Oct 24 2017
(current_events.rules)
  2828410 - ETPRO CURRENT_EVENTS Successful ANZ Bank Phish Oct 24 2017
(current_events.rules)
  2828411 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Oct 24 2017
(current_events.rules)
  2828413 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Oct 24 2017
(current_events.rules)
  2828416 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Oct 25
2017 (current_events.rules)
  2828417 - ETPRO CURRENT_EVENTS Successful Stripe Phish Oct 25 2017
(current_events.rules)
  2828419 - ETPRO CURRENT_EVENTS Successful Mercado Livre Phish Oct 25 2017
(current_events.rules)
  2828420 - ETPRO CURRENT_EVENTS Successful Netease Phish Oct 25 2017
(current_events.rules)
  2828421 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 25 2017
(current_events.rules)
  2828422 - ETPRO CURRENT_EVENTS Successful Docusign Phish Oct 25 2017
(current_events.rules)
  2828424 - ETPRO CURRENT_EVENTS Successful Santander Phish M2 Oct 25 2017
(current_events.rules)
  2828442 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Oct 26 2017
(current_events.rules)
  2828453 - ETPRO CURRENT_EVENTS Successful Hipercard (BR) Phish Oct 27
2017 (current_events.rules)
  2828457 - ETPRO CURRENT_EVENTS Successful DHL Phish M1 Oct 27 2017
(current_events.rules)
  2828460 - ETPRO CURRENT_EVENTS Successful Orange Phish Oct 27 2017
(current_events.rules)
  2828461 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
239 (mobile_malware.rules)
  2828462 - ETPRO TROJAN MSIL/CryptoService Coin Stealer Exfil
(trojan.rules)
  2828470 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
240 (mobile_malware.rules)
  2828472 - ETPRO CURRENT_EVENTS Successful Fedex Phish Oct 30 2017
(current_events.rules)
  2828474 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 30 2017
(current_events.rules)
  2828476 - ETPRO TROJAN Chthonic CnC Beacon 11 (trojan.rules)
  2828478 - ETPRO TROJAN VB.BadPatch Checkin (trojan.rules)
  2828479 - ETPRO TROJAN AU3.BadPatch Malware CnC 1 (trojan.rules)
  2828480 - ETPRO TROJAN AU3.BadPatch Malware CnC 2 (trojan.rules)
  2828481 - ETPRO TROJAN MSIL/Game.Browser Stealer CnC Checkin
(trojan.rules)
  2828483 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
241 (mobile_malware.rules)
  2828485 - ETPRO CURRENT_EVENTS Successful Spotify Phish M2 Nov 01 2017
(current_events.rules)
  2828491 - ETPRO TROJAN Bahamut/InPageCampaign MSIL.Mxiupdate Checkin
(trojan.rules)
  2828507 - ETPRO TROJAN Fake Gif Response - Powershell Leading to Trojan
(trojan.rules)
  2828509 - ETPRO TROJAN Koadic Backdoor CnC Beacon (trojan.rules)
  2828511 - ETPRO TROJAN Win32/SniperTgr Requesting Payload (trojan.rules)
  2828512 - ETPRO TROJAN Reuqst.JS Sending System Information (trojan.rules)
  2843524 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-14 (current_events.rules)

Date:
Summary title:
8 new OPEN, 17 new PRO (8 + 9). Drovorub, Remcos, Qudox, Various Phish, Others.