[***] Summary: [***]
9 new OPEN, 39 new PRO (9 + 30). KONNI, REDCURL, DarkStealer, Various Phish
Thanks: @3xp0rtblog
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030688 - ET TROJAN Echelon/DarkStealer Variant CnC Exfil (trojan.rules)
2030689 - ET TROJAN Suspected REDCURL CnC Activity M2 (trojan.rules)
2030690 - ET TROJAN Possible KONNI URI Path Observed (trojan.rules)
2030691 - ET TROJAN Possible KONNI CnC Activity (trojan.rules)
2030692 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
2030693 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
2030694 - ET INFO BitNinja IO Security Check (info.rules)
2030695 - ET CURRENT_EVENTS Successful Paxful Cryptocurrency Wallet Phish
2020-08-17 (current_events.rules)
2030697 - ET TROJAN Suspected REDCURL CnC Activity M1 (trojan.rules)
Pro:
2844008 - ETPRO POLICY Observed Java Web Client/JNLP Requesting jar/jnlp
(policy.rules)
2844009 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-14 1) (trojan.rules)
2844010 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-14 2) (trojan.rules)
2844011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-14 3) (trojan.rules)
2844012 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-17 (current_events.rules)
2844013 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-08-17
(current_events.rules)
2844014 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-08-17
(current_events.rules)
2844015 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-08-17
(current_events.rules)
2844016 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-17 (current_events.rules)
2844017 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-17 (current_events.rules)
2844018 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-08-17
(current_events.rules)
2844019 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-08-17
(current_events.rules)
2844020 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-17 (current_events.rules)
2844021 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-08-17 (current_events.rules)
2844022 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-08-17
(current_events.rules)
2844023 - ETPRO TROJAN Banload Variant CnC Host Checkin (trojan.rules)
2844024 - ETPRO INFO VBS extension in DNS TXT Response (info.rules)
2844025 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (8d7a4)
(web_client.rules)
2844026 - ETPRO TROJAN MalDoc Retrieving powershell Commands via DNS TXT
(trojan.rules)
2844027 - ETPRO INFO Nslookup in DNS TXT Response (info.rules)
2844028 - ETPRO TROJAN Wscript Object Creation in DNS TXT Response
(trojan.rules)
2844029 - ETPRO TROJAN Powershell Run Command Structure in DNS TXT
Response (trojan.rules)
2844030 - ETPRO TROJAN Schedule Tasks Create Command Structure in DNS TXT
Response (trojan.rules)
2844032 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844033 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844034 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844035 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844036 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
2844037 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
[///] Modified active rules: [///]
2010515 - ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source)
(web_server.rules)
2023545 - ET TROJAN Win32/TrojanDownloader.Delf.BVP Win32/BioData CnC
Beacon (trojan.rules)
2024943 - ET CURRENT_EVENTS Raiffeisen Phishing Domain Nov 03 2017
(current_events.rules)
2024944 - ET CURRENT_EVENTS Sparkasse Phishing Domain Nov 03 2017
(current_events.rules)
2024947 - ET CURRENT_EVENTS Successful Raiffeisen Phish Nov 03 2017
(current_events.rules)
2024948 - ET CURRENT_EVENTS Successful Sparkasse Phish Nov 03 2017
(current_events.rules)
2024950 - ET MOBILE_MALWARE Android Marcher Trojan Download - Raiffeisen
Bank Targeting (set) (mobile_malware.rules)
2024951 - ET MOBILE_MALWARE Android Marcher Trojan Download - Sparkasse
Bank Targeting (set) (mobile_malware.rules)
2024952 - ET MOBILE_MALWARE Android Marcher Trojan Download - BankAustria
Targeting (set) (mobile_malware.rules)
2024953 - ET MOBILE_MALWARE Android Marcher Trojan Download - Austrian
Bank Targeting (mobile_malware.rules)
2024954 - ET TROJAN SAD Ransomware CnC Activity (trojan.rules)
2024955 - ET TROJAN [PTsecurity] Win32/Randrew!rfn CnC Activity
(trojan.rules)
2024966 - ET TROJAN Volex - OceanLotus JavaScript Load (connect.js)
(trojan.rules)
2024978 - ET INFO Browser Plugin Detect - Observed in Apple Phishing
(info.rules)
2025006 - ET WEB_CLIENT Possible Phishing Redirect Feb 09 2016
(web_client.rules)
2029672 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-12
(current_events.rules)
2812100 - ETPRO TROJAN Win32/TrojanDownloader.Banload.TXV Receiving
compressed PE set (ZIP) (trojan.rules)
2822136 - ETPRO TROJAN Win32/Philadelphia Ransomware CnC Checkin
(trojan.rules)
2822596 - ETPRO TROJAN Win32/Philadelphia Ransomware Encryption Activity
(trojan.rules)
2824150 - ETPRO CURRENT_EVENTS Successful Generic Hamza Banking Phish Dec
30 2016 (current_events.rules)
2824864 - ETPRO TROJAN Ratankba Recon Backdoor/Module CnC Beacon 1
(trojan.rules)
2824865 - ETPRO TROJAN Ratankba Recon Backdoor/Module CnC Beacon 2
(trojan.rules)
2827049 - ETPRO CURRENT_EVENTS Successful Generic Hamza Banking Phish M2
Jul 07 2017 (current_events.rules)
2827893 - ETPRO TROJAN Win32/Vagger!rfn CnC Checkin (trojan.rules)
2828058 - ETPRO TROJAN Win32/Delf.BVP Win32/BioData CnC Keep-Alive Beacon
(trojan.rules)
2828536 - ETPRO TROJAN Lena/BKDR_ANEL HTTP GET CnC Beacon 1 (trojan.rules)
2828537 - ETPRO TROJAN Lena/BKDR_ANEL HTTP GET CnC Beacon 2 (trojan.rules)
2828541 - ETPRO TROJAN Win32/Leviwa CnC Checkin (trojan.rules)
2828542 - ETPRO CURRENT_EVENTS Successful Apple Phish Nov 06 2017
(current_events.rules)
2828545 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 06 2017
(current_events.rules)
2828547 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Nov 06 2017
(current_events.rules)
2828549 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish M1 Nov
06 2017 (current_events.rules)
2828550 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish M2 Nov
06 2017 (current_events.rules)
2828554 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
242 (mobile_malware.rules)
2828556 - ETPRO TROJAN Win32/Scar CnC Checkin (trojan.rules)
2828558 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 07 2017
(current_events.rules)
2828560 - ETPRO CURRENT_EVENTS Successful Hello Bank (FR) Phish Nov 07
2017 (current_events.rules)
2828561 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Nov 07
2017 (current_events.rules)
2828566 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
243 (mobile_malware.rules)
2828579 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M1 Nov 08 2017
(current_events.rules)
2828580 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M2 Nov 08 2017
(current_events.rules)
2828581 - ETPRO CURRENT_EVENTS Successful Santander Phish Nov 08 2017
(current_events.rules)
2843908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish to XYZ
TLD 2020-08-07 (current_events.rules)