[***]            Summary:            [***]

9 new OPEN, 39 new PRO (9 + 30).  KONNI, REDCURL, DarkStealer, Various Phish

Thanks: @3xp0rtblog

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030688 - ET TROJAN Echelon/DarkStealer Variant CnC Exfil (trojan.rules)
  2030689 - ET TROJAN Suspected REDCURL CnC Activity M2 (trojan.rules)
  2030690 - ET TROJAN Possible KONNI URI Path Observed (trojan.rules)
  2030691 - ET TROJAN Possible KONNI CnC Activity (trojan.rules)
  2030692 - ET SCAN ELF/Mirai Variant User-Agent (Inbound) (scan.rules)
  2030693 - ET TROJAN ELF/Mirai Variant User-Agent (Outbound) (trojan.rules)
  2030694 - ET INFO BitNinja IO Security Check (info.rules)
  2030695 - ET CURRENT_EVENTS Successful Paxful Cryptocurrency Wallet Phish
2020-08-17 (current_events.rules)
  2030697 - ET TROJAN Suspected REDCURL CnC Activity M1 (trojan.rules)

Pro:

  2844008 - ETPRO POLICY Observed Java Web Client/JNLP Requesting jar/jnlp
(policy.rules)
  2844009 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-14 1) (trojan.rules)
  2844010 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-14 2) (trojan.rules)
  2844011 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-14 3) (trojan.rules)
  2844012 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-17 (current_events.rules)
  2844013 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-08-17
(current_events.rules)
  2844014 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-08-17
(current_events.rules)
  2844015 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-08-17
(current_events.rules)
  2844016 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-17 (current_events.rules)
  2844017 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-17 (current_events.rules)
  2844018 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-08-17
(current_events.rules)
  2844019 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-08-17
(current_events.rules)
  2844020 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-17 (current_events.rules)
  2844021 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-08-17 (current_events.rules)
  2844022 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2020-08-17
(current_events.rules)
  2844023 - ETPRO TROJAN Banload Variant CnC Host Checkin (trojan.rules)
  2844024 - ETPRO INFO VBS extension in DNS TXT Response (info.rules)
  2844025 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (8d7a4)
(web_client.rules)
  2844026 - ETPRO TROJAN MalDoc Retrieving powershell Commands via DNS TXT
(trojan.rules)
  2844027 - ETPRO INFO Nslookup in DNS TXT Response (info.rules)
  2844028 - ETPRO TROJAN Wscript Object Creation in DNS TXT Response
(trojan.rules)
  2844029 - ETPRO TROJAN Powershell Run Command Structure in DNS TXT
Response (trojan.rules)
  2844030 - ETPRO TROJAN Schedule Tasks Create Command Structure in DNS TXT
Response (trojan.rules)
  2844032 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844033 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844034 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844035 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844036 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844037 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)

[///]     Modified active rules:     [///]

  2010515 - ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source)
(web_server.rules)
  2023545 - ET TROJAN Win32/TrojanDownloader.Delf.BVP Win32/BioData CnC
Beacon (trojan.rules)
  2024943 - ET CURRENT_EVENTS Raiffeisen Phishing Domain Nov 03 2017
(current_events.rules)
  2024944 - ET CURRENT_EVENTS Sparkasse Phishing Domain Nov 03 2017
(current_events.rules)
  2024947 - ET CURRENT_EVENTS Successful Raiffeisen Phish Nov 03 2017
(current_events.rules)
  2024948 - ET CURRENT_EVENTS Successful Sparkasse Phish Nov 03 2017
(current_events.rules)
  2024950 - ET MOBILE_MALWARE Android Marcher Trojan Download - Raiffeisen
Bank Targeting (set) (mobile_malware.rules)
  2024951 - ET MOBILE_MALWARE Android Marcher Trojan Download - Sparkasse
Bank Targeting (set) (mobile_malware.rules)
  2024952 - ET MOBILE_MALWARE Android Marcher Trojan Download - BankAustria
Targeting (set) (mobile_malware.rules)
  2024953 - ET MOBILE_MALWARE Android Marcher Trojan Download - Austrian
Bank Targeting (mobile_malware.rules)
  2024954 - ET TROJAN SAD Ransomware CnC Activity (trojan.rules)
  2024955 - ET TROJAN [PTsecurity] Win32/Randrew!rfn CnC Activity
(trojan.rules)
  2024966 - ET TROJAN Volex - OceanLotus JavaScript Load (connect.js)
(trojan.rules)
  2024978 - ET INFO Browser Plugin Detect - Observed in Apple Phishing
(info.rules)
  2025006 - ET WEB_CLIENT Possible Phishing Redirect Feb 09 2016
(web_client.rules)
  2029672 - ET CURRENT_EVENTS Successful Facebook Phish 2019-04-12
(current_events.rules)
  2812100 - ETPRO TROJAN Win32/TrojanDownloader.Banload.TXV Receiving
compressed PE set (ZIP) (trojan.rules)
  2822136 - ETPRO TROJAN Win32/Philadelphia Ransomware CnC Checkin
(trojan.rules)
  2822596 - ETPRO TROJAN Win32/Philadelphia Ransomware Encryption Activity
(trojan.rules)
  2824150 - ETPRO CURRENT_EVENTS Successful Generic Hamza Banking Phish Dec
30 2016 (current_events.rules)
  2824864 - ETPRO TROJAN Ratankba Recon Backdoor/Module CnC Beacon 1
(trojan.rules)
  2824865 - ETPRO TROJAN Ratankba Recon Backdoor/Module CnC Beacon 2
(trojan.rules)
  2827049 - ETPRO CURRENT_EVENTS Successful Generic Hamza Banking Phish M2
Jul 07 2017 (current_events.rules)
  2827893 - ETPRO TROJAN Win32/Vagger!rfn CnC Checkin (trojan.rules)
  2828058 - ETPRO TROJAN Win32/Delf.BVP Win32/BioData CnC Keep-Alive Beacon
(trojan.rules)
  2828536 - ETPRO TROJAN Lena/BKDR_ANEL HTTP GET CnC Beacon 1 (trojan.rules)
  2828537 - ETPRO TROJAN Lena/BKDR_ANEL HTTP GET CnC Beacon 2 (trojan.rules)
  2828541 - ETPRO TROJAN Win32/Leviwa CnC Checkin (trojan.rules)
  2828542 - ETPRO CURRENT_EVENTS Successful Apple Phish Nov 06 2017
(current_events.rules)
  2828545 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 06 2017
(current_events.rules)
  2828547 - ETPRO CURRENT_EVENTS Successful Blockchain Phish Nov 06 2017
(current_events.rules)
  2828549 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish M1 Nov
06 2017 (current_events.rules)
  2828550 - ETPRO CURRENT_EVENTS Successful Generic Chalbhai Phish M2 Nov
06 2017 (current_events.rules)
  2828554 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
242 (mobile_malware.rules)
  2828556 - ETPRO TROJAN Win32/Scar CnC Checkin (trojan.rules)
  2828558 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 07 2017
(current_events.rules)
  2828560 - ETPRO CURRENT_EVENTS Successful Hello Bank (FR) Phish Nov 07
2017 (current_events.rules)
  2828561 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish Nov 07
2017 (current_events.rules)
  2828566 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
243 (mobile_malware.rules)
  2828579 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M1 Nov 08 2017
(current_events.rules)
  2828580 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M2 Nov 08 2017
(current_events.rules)
  2828581 - ETPRO CURRENT_EVENTS Successful Santander Phish Nov 08 2017
(current_events.rules)
  2843908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish to XYZ
TLD 2020-08-07 (current_events.rules)