[***]            Summary:            [***]

4 new OPEN, 39 new PRO (4 + 35).  Trickbot, Darkstealer, GORGON, Various Phish, Various Suri 5 updates.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030698 - ET TROJAN Trickbot/Anchor ICMP Request (trojan.rules)
  2030699 - ET TROJAN Echelon/DarkStealer Variant CnC Exfil M2
(trojan.rules)
  2030700 - ET TROJAN Observed Malicious SSL Cert (GRIFFON CnC)
(trojan.rules)
  2030701 - ET TROJAN GORGON APT Download Activity (trojan.rules)

Pro:

  2844038 - ETPRO TROJAN Win32/Unk.Wacatac.ml! CnC Activity (trojan.rules)
  2844039 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Grabber_Log.txt) M2 (trojan.rules)
  2844040 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (InfoHERE.html) M2 (trojan.rules)
  2844041 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Processes.txt) M2 (info.rules)
  2844042 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Programs.txt) M2 (info.rules)
  2844043 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(System_Information.txt) M2 (info.rules)
  2844044 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(DomainDetect.txt) M2 (info.rules)
  2844045 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Browsers/Autofills/) M2 (info.rules)
  2844046 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Autofills_Google.txt) M2 (info.rules)
  2844047 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Cards_Google.txt) M2 (trojan.rules)
  2844048 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Downloads_Google.txt) M2 (info.rules)
  2844049 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(History_Google.txt) M2 (info.rules)
  2844050 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(ChromiumV2.txt) M2 (info.rules)
  2844051 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Browsers/Passwords/) M2 (trojan.rules)
  2844052 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Browsers/History/) M2 (info.rules)
  2844053 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Browsers/Downloads/) M2 (info.rules)
  2844054 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST
Request (Browsers/Cards/) M2 (malware.rules)
  2844055 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Browsers/Autofills/) M2 (info.rules)
  2844056 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Browsers/Cookies/) M2 (info.rules)
  2844057 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (Passwords_Mozilla.txt) M2 (trojan.rules)
  2844058 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(EmailClients/Outlook/) M2 (info.rules)
  2844059 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Outlook.txt) M2 (info.rules)
  2844060 - ETPRO ACTIVEX Suspicious Zipped Filename in Outbound POST
Request (Recursive_Wallets/) M2 (activex.rules)
  2844061 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-18 1) (trojan.rules)
  2844062 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-18 2) (trojan.rules)
  2844063 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-18 3) (trojan.rules)
  2844064 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-18 4) (trojan.rules)
  2844065 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-18 5) (trojan.rules)
  2844066 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-08-18 (current_events.rules)
  2844067 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2020-08-18 (*.club) (current_events.rules)
  2844068 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-08-18 (current_events.rules)
  2844069 - ETPRO CURRENT_EVENTS Possible Successful Facebook/Instagram
Phish 2020-08-18 (current_events.rules)
  2844070 - ETPRO CURRENT_EVENTS Deutsche Bank Credential Phish 2020-08-18
(current_events.rules)
  2844071 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844072 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)

[///]     Modified active rules:     [///]

  2001562 - ET INFO Suspected PUP/PUA User-Agent (OSSProxy) (info.rules)
  2003657 - ET USER_AGENTS Suspicious User-Agent (MSIE) (user_agents.rules)
  2005320 - ET USER_AGENTS Suspicious User-Agent (MyAgent)
(user_agents.rules)
  2008020 - ET WORM Win32.Socks.s HTTP Post Checkin (worm.rules)
  2008073 - ET USER_AGENTS Suspicious User-Agent (App4) (user_agents.rules)
  2008186 - ET SCAN DirBuster Web App Scan in Progress (scan.rules)
  2008944 - ET TROJAN TDSServ or Tidserv variant Checkin (trojan.rules)
  2009486 - ET TROJAN APT1 WEBC2-UGX Related Pingbed/Downbot User-Agent
(Windows+NT+5.x) (trojan.rules)
  2010150 - ET TROJAN Koobface HTTP Request (2) (trojan.rules)
  2010165 - ET TROJAN Tibs/Harnig Downloader Activity (trojan.rules)
  2010220 - ET MALWARE Suspicious User-Agent (ClickAdsByIE) (malware.rules)
  2011365 - ET TROJAN Sinowal/sinonet/mebroot/Torpig infected host checkin
(trojan.rules)
  2011520 - ET TROJAN Knock.php Shiz or Rohimafo CnC Server Contact URL
(trojan.rules)
  2011540 - ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
(policy.rules)
  2011699 - ET P2P Bittorrent P2P Client User-Agent (Transmission/1.x)
(p2p.rules)
  2011704 - ET P2P Bittorrent P2P Client User-Agent (Deluge 1.x.x)
(p2p.rules)
  2011894 - ET TROJAN TDSS/TDL/Alureon MBR rootkit Checkin (trojan.rules)
  2012170 - ET GAMES Blizzard Web Downloader Install Detected (games.rules)
  2012222 - ET TROJAN Winsoft.E Checkin 1 (trojan.rules)
  2012278 - ET USER_AGENTS Suspicious User-Agent (Our_Agent)
(user_agents.rules)
  2012491 - ET USER_AGENTS Suspicious User-Agent (Presto)
(user_agents.rules)
  2012726 - ET SCAN OpenVAS User-Agent Inbound (scan.rules)
  2012758 - ET INFO DYNAMIC_DNS Query to *.dyndns. Domain (info.rules)
  2013076 - ET TROJAN Zeus Bot GET to Google checking Internet connectivity
(trojan.rules)
  2013096 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain
(info.rules)
  2013097 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns.* domain
(info.rules)
  2013138 - ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile
Equipment Identity (mobile_malware.rules)
  2013170 - ET POLICY HTTP Request to a *.cu.cc domain (policy.rules)
  2013178 - ET USER_AGENTS Long Fake wget 3.0 User-Agent Detected
(user_agents.rules)
  2013202 - ET TROJAN Win32/Fosniw MacTryCnt CnC Style Checkin
(trojan.rules)
  2013372 - ET TROJAN Win32/Oliga Fake User Agent (trojan.rules)
  2013391 - ET USER_AGENTS Ufasoft bitcoin Related User-Agent
(user_agents.rules)
  2013685 - ET TROJAN ZeroAccess/Max++ Rootkit C&C Activity 1 (trojan.rules)
  2013721 - ET TROJAN Suspicious User-Agent (WindowsNT) With No Separating
Space (trojan.rules)
  2013737 - ET TROJAN Suspicious User-Agent (GenericHttp/VER_STR_COMMA)
(trojan.rules)
  2013743 - ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
(info.rules)
  2013744 - ET INFO DYNAMIC_DNS HTTP Request to a no-ip Domain (info.rules)
  2013807 - ET TROJAN Jorik FakeAV GET (trojan.rules)
  2013907 - ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin
(trojan.rules)
  2014090 - ET TROJAN Suspicious user agent (V32) (trojan.rules)
  2014091 - ET POLICY Dyndns Client IP Check (policy.rules)
  2014092 - ET POLICY Dyndns Client User-Agent (policy.rules)
  2014112 - ET TROJAN Dooptroop CnC Beacon (trojan.rules)
  2014123 - ET POLICY Softango.com Installer Checking For Update
(policy.rules)
  2014218 - ET TROJAN Zeus POST Request to CnC sk1 and bn1 post parameters
(trojan.rules)
  2014302 - ET TROJAN Suspicious HTTP Referer C Drive Path (trojan.rules)
  2014304 - ET POLICY External IP Lookup Attempt To Wipmania (policy.rules)
  2014370 - ET TROJAN W32/GamesForum.InfoStealer Reporting to CnC
(trojan.rules)
  2015560 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL
certificate detected (Likely Shylock/URLzone/Gootkit/Zeus Panda C2)
(trojan.rules)
  2015808 - ET TROJAN Taidoor Checkin (trojan.rules)
  2015820 - ET INFO Suspicious Windows NT version 7 User-Agent (info.rules)
  2015878 - ET POLICY Maxmind geoip check to /app/geoip.js (policy.rules)
  2015969 - ET TROJAN WORM_VOBFUS Requesting exe (trojan.rules)
  2015976 - ET TROJAN WORM_VOBFUS Checkin Generic (trojan.rules)
  2016089 - ET TROJAN FakeAV checkin (trojan.rules)
  2016139 - ET TROJAN Sakula/Mivast RAT CnC Beacon 1 (trojan.rules)
  2016172 - ET TROJAN Generic -POST To file.php w/Extended ASCII Characters
(trojan.rules)
  2016173 - ET TROJAN Generic -POST To gate.php w/Extended ASCII Characters
(Likely Zeus Derivative) (trojan.rules)
  2016251 - ET TROJAN Win32/Emold.C Checkin (trojan.rules)
  2016858 - ET TROJAN Generic - POST To .php w/Extended ASCII Characters
(Likely Zeus Derivative) (trojan.rules)
  2016867 - ET TROJAN Backdoor.Win32.Pushdo.s Checkin (trojan.rules)
  2017066 - ET TROJAN Win32/Comisproc Checkin (trojan.rules)
  2017365 - ET TROJAN SUSPICIOUS UA (iexplore) (trojan.rules)
  2017584 - ET TROJAN Chthonic Checkin (trojan.rules)
  2017656 - ET TROJAN W32/InstallMonster.Downloader Checkin (trojan.rules)
  2017701 - ET ATTACK_RESPONSE webr00t WebShell Access
(attack_response.rules)
  2017726 - ET TROJAN Downloader (P2P Zeus dropper UA) (trojan.rules)
  2017742 - ET TROJAN Solarbot Check-in (trojan.rules)
  2017854 - ET ATTACK_RESPONSE PHP script in OptimizePress Upload Directory
Possible WebShell Access (attack_response.rules)
  2017930 - ET TROJAN Trojan Generic - POST To gate.php with no referer
(trojan.rules)
  2017946 - ET TROJAN Agent.BAAB Checkin (trojan.rules)
  2017969 - ET EXPLOIT Netgear passwordrecovered.cgi attempt (exploit.rules)
  2018010 - ET TROJAN Suspicious UA (^IE[\d\s]) (trojan.rules)
  2018096 - ET TROJAN W32/Asprox.ClickFraudBot CnC Beacon (trojan.rules)
  2018098 - ET TROJAN W32/Asprox.ClickFraudBot POST CnC Beacon
(trojan.rules)
  2018131 - ET WORM TheMoon.linksys.router 1 (worm.rules)
  2018169 - ET TROJAN Gulpix/PlugX Client Request (trojan.rules)
  2018170 - ET POLICY Application Crash Report Sent to Microsoft
(policy.rules)
  2018232 - ET EXPLOIT Possible ZyXELs ZynOS Configuration Download Attempt
(Contains Passwords) (exploit.rules)
  2018254 - ET TROJAN Possible Graftor EXE Download Common Header Order
(trojan.rules)
  2018340 - ET TROJAN Win32.Sality-GR Checkin (trojan.rules)
  2018379 - ET TROJAN Ixeshe/Mecklow Checkin (trojan.rules)
  2018380 - ET TROJAN Ixeshe/Mecklow Checkin 2 (trojan.rules)
  2018541 - ET TROJAN PlugX/Destory HTTP traffic (trojan.rules)
  2018581 - ET TROJAN Single char EXE direct download likely trojan
(multiple families) (trojan.rules)
  2018643 - ET TROJAN Win32/Zemot Checkin (trojan.rules)
  2018773 - ET TROJAN Win32/Pykspa.C Public IP Check (trojan.rules)
  2018784 - ET TROJAN Win32/Neurevt.A/Betabot Check-in 4 (trojan.rules)
  2019625 - ET TROJAN Cohhoc RAT CnC Request (trojan.rules)
  2019756 - ET TROJAN Bamital Checkin (trojan.rules)
  2019760 - ET TROJAN Rerdom/Asprox CnC Beacon (trojan.rules)
  2019847 - ET TROJAN Upatre Common URI Struct Dec 01 2014 (trojan.rules)
  2020031 - ET TROJAN Trojan.Nurjax Retrieving Domains via JS (trojan.rules)
  2020034 - ET TROJAN Trojan.Nurjax Checkin (trojan.rules)
  2020235 - ET TROJAN Mazilla Suspicious User-Agent Jan 15 2015
(trojan.rules)
  2020295 - ET TROJAN Common Upatre Header Structure 3 (trojan.rules)
  2020296 - ET TROJAN Scieron Retrieving Information (trojan.rules)
  2020747 - ET TROJAN Win32.Chroject.B Requesting ClickFraud Commands from
CnC (trojan.rules)
  2020822 - ET TROJAN HTTP POST to WP Theme Directory Without Referer
(trojan.rules)
  2021200 - ET TROJAN Sakula/Mivast RAT CnC Beacon 2 (trojan.rules)
  2021201 - ET TROJAN Sakula/Mivast RAT CnC Beacon 3 (trojan.rules)
  2021227 - ET TROJAN Poweliks Clickfraud CnC M2 (trojan.rules)
  2021268 - ET TROJAN Gatak CnC (trojan.rules)
  2021384 - ET USER_AGENTS WildTangent User-Agent (WT Games App)
(user_agents.rules)
  2021438 - ET POLICY External IP Lookup sina.com.cn (policy.rules)
  2021569 - ET TROJAN Sakula/Mivast RAT CnC Beacon 6 (trojan.rules)
  2021685 - ET TROJAN BandarChor Ransomware Checkin (trojan.rules)
  2021997 - ET POLICY External IP Lookup api.ipify.org (policy.rules)
  2022048 - ET TROJAN Cryptowall .onion Proxy Domain (trojan.rules)
  2022082 - ET POLICY External IP Lookup ip-api.com (policy.rules)
  2022284 - ET TROJAN AlphaCrypt CnC Beacon 5 (trojan.rules)
  2022300 - ET TROJAN AlphaCrypt CnC Beacon 6 (trojan.rules)
  2022483 - ET TROJAN JS/Nemucod requesting EXE payload 2016-01-28
(trojan.rules)
  2022615 - ET CURRENT_EVENTS Possible Chase Phishing Domain Mar 14 2016
(current_events.rules)
  2022616 - ET CURRENT_EVENTS Possible Apple Phishing Domain Mar 14 2016
(current_events.rules)
  2022617 - ET CURRENT_EVENTS Possible USAA Phishing Domain Mar 14 2016
(current_events.rules)
  2022618 - ET CURRENT_EVENTS Possible Paypal Phishing Domain Mar 14 2016
(current_events.rules)
  2022692 - ET TROJAN JS/Nemucod requesting EXE payload 2016-03-31
(trojan.rules)
  2022818 - ET TROJAN Generic gate[.].php GET with minimal headers
(trojan.rules)
  2022834 - ET TROJAN Possible Malicious Macro DL BIN May 2016 (No UA)
(trojan.rules)
  2022896 - ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no
Referer June 13 2016 (current_events.rules)
  2022918 - ET INFO DYNAMIC_DNS Query to *.duckdns. Domain (info.rules)
  2023066 - ET CURRENT_EVENTS Possible Bank of America Phishing Domain Aug
15 2016 (current_events.rules)
  2023092 - ET CURRENT_EVENTS Possible Google Drive Phishing Domain Aug 25
2016 (current_events.rules)
  2023495 - ET CURRENT_EVENTS Possible Cartasi Phishing Domain Nov 08 2016
(current_events.rules)
  2023596 - ET CURRENT_EVENTS Possible Linkedin Phishing Domain Dec 09 2016
(current_events.rules)
  2023671 - ET TROJAN JS/WSF Downloader Dec 08 2016 M3 (trojan.rules)
  2023672 - ET TROJAN JS/WSF Downloader Dec 08 2016 M4 (trojan.rules)
  2023775 - ET CURRENT_EVENTS Possible Ebay Phishing Domain Jan 30 2017
(current_events.rules)
  2023776 - ET CURRENT_EVENTS Possible Successful Ebay Phish Jan 30 2017
(current_events.rules)
  2023819 - ET CURRENT_EVENTS Possible Discover Phishing Domain Feb 02 2017
(current_events.rules)
  2023820 - ET CURRENT_EVENTS Possible Successful Chase Phish Feb 02 2017
(current_events.rules)
  2023821 - ET CURRENT_EVENTS Possible Successful Apple Phishing Domain Feb
02 2017 (current_events.rules)
  2023822 - ET CURRENT_EVENTS Possible Successful USAA Phishing Domain Feb
02 2017 (current_events.rules)
  2023823 - ET CURRENT_EVENTS Possible Successful Paypal Phishing Domain
Feb 02 2017 (current_events.rules)
  2023824 - ET CURRENT_EVENTS Possible Successful Bank of America Phishing
Domain Feb 02 2017 (current_events.rules)
  2023825 - ET CURRENT_EVENTS Possible Successful Google Drive Phishing
Domain Feb 02 2017 (current_events.rules)
  2023826 - ET CURRENT_EVENTS Possible Successful Cartasi Phishing Domain
Feb 02 2017 (current_events.rules)
  2023827 - ET CURRENT_EVENTS Possible Successful Linkedin Phishing Domain
Feb 02 2017 (current_events.rules)
  2023828 - ET CURRENT_EVENTS Possible Successful Ebay Phishing Domain Feb
02 2017 (current_events.rules)
  2023829 - ET CURRENT_EVENTS Possible Successful Discover Phish Feb 02
2017 (current_events.rules)
  2023880 - ET CURRENT_EVENTS Possible Successful Craigslist Phishing
Domain Feb 07 2017 (current_events.rules)
  2024035 - ET TROJAN WS/JS Downloader Mar 07 2017 M1 (trojan.rules)
  2024513 - ET TROJAN [PTsecurity] Win32/TinyNuke Payload ACF40 Inbound
(trojan.rules)
  2024834 - ET CURRENT_EVENTS Possible Paypal Phishing Domain (IT) Oct 10
2017 (current_events.rules)
  2024835 - ET CURRENT_EVENTS Possible Successful Paypal Phishing Domain
(IT) Oct 10 2017 (current_events.rules)
  2024981 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024982 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024983 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
  2024984 - ET TROJAN Win32/RCAP CnC Checkin (trojan.rules)
  2024998 - ET CURRENT_EVENTS Successful Generic AES Phish M2 Oct 24 2017
(current_events.rules)
  2025000 - ET CURRENT_EVENTS Possible Successful Phish to Hostinger
Domains Apr 4 M4 (current_events.rules)
  2025020 - ET TROJAN Win32/Nivdort Checkin (trojan.rules)
  2025034 - ET CURRENT_EVENTS Possible Successful Generic Phish Nov 09 2017
(set) (current_events.rules)
  2025060 - ET WEB_CLIENT Google Chrome Credential Stealing via SCF file
Reflected Request (web_client.rules)
  2025075 - ET TROJAN Brazilian Banker SSL Cert (trojan.rules)
  2800946 - ETPRO USER_AGENTS Suspicious User-Agent Malware related Windows
wget (user_agents.rules)
  2801292 - ETPRO TROJAN Yoyo-DDoS Bot UA Detected Outbound (trojan.rules)
  2801301 - ETPRO MALWARE Select Rebates Spyware UA Detected (malware.rules)
  2802085 - ETPRO TROJAN Win32.VBKrypt.xiz Checkin (trojan.rules)
  2802841 - ETPRO USER_AGENTS Suspicious User-Agent Setup Agent - Likely
Malware (user_agents.rules)
  2802974 - ETPRO TROJAN Yahlover Checkin Request (setting.xls)
(trojan.rules)
  2803267 - ETPRO TROJAN Win32.Pasta.IK Checkin (trojan.rules)
  2803437 - ETPRO TROJAN Backdoor.Win32.Shiz.ivr Checkin (trojan.rules)
  2803553 - ETPRO TROJAN Win32/Expiro Checkin (trojan.rules)
  2804325 - ETPRO TROJAN TrojanDownloader.Win32/Karagany.H checkin
(trojan.rules)
  2804391 - ETPRO TROJAN TrojanDownloader.Win32/Karagany.H checkin 2
(trojan.rules)
  2804408 - ETPRO TROJAN Mal/Simda-C Install (trojan.rules)
  2804813 - ETPRO TROJAN PWS.Win32/Simda.gen!B checkin (trojan.rules)
  2804830 - ETPRO TROJAN Win32.Sality.bh Checkin 2 (trojan.rules)
  2804852 - ETPRO TROJAN Backdoor.Win32/Simda.gen!A Checkin (trojan.rules)
  2805089 - ETPRO TROJAN Backdoor.Win32.Hupigon.dpgy Checkin (trojan.rules)
  2805138 - ETPRO TROJAN Win32/SpyVoltar.A Checkin (trojan.rules)
  2805139 - ETPRO TROJAN Win32/SpyVoltar.A Checkin 2 (trojan.rules)
  2805218 - ETPRO TROJAN Rogue.Win32/Winwebsec Install 3 (trojan.rules)
  2805481 - ETPRO TROJAN Suspicious User-Agent (Testing) (trojan.rules)
  2805599 - ETPRO TROJAN Virus.Win32.Lamer.bd checkin (trojan.rules)
  2805803 - ETPRO TROJAN Taidoor Checkin 2 (trojan.rules)
  2805880 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.A Checkin
(mobile_malware.rules)
  2805986 - ETPRO TROJAN Kelihos Fake UA (trojan.rules)
  2806023 - ETPRO TROJAN WinNT/Systex.A Checkin (trojan.rules)
  2806057 - ETPRO POLICY 4shared SSL Certificate detected (policy.rules)
  2806143 - ETPRO TROJAN Worm.Win32.Vobfus Checkin 1 (trojan.rules)
  2806209 - ETPRO MOBILE_MALWARE SMSBoxer Checkin (mobile_malware.rules)
  2806235 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.avsx Checkin
(trojan.rules)
  2806369 - ETPRO TROJAN W32.Wapomi.B Download 1 (trojan.rules)
  2806760 - ETPRO TROJAN Virus.Win32.Kate.a GET .txt Request (trojan.rules)
  2806777 - ETPRO TROJAN Win32/Ghodow.NAS Checkin (trojan.rules)
  2806788 - ETPRO TROJAN Tool.InstallToolbar.96 (trojan.rules)
  2806791 - ETPRO TROJAN Win32.Jorik.ServStart.vn (trojan.rules)
  2806839 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.KR Checkin
(mobile_malware.rules)
  2806863 - ETPRO TROJAN Win32/Puzlice.A Checkin (trojan.rules)
  2807167 - ETPRO POLICY Baidu Spider Crawler User-Agent (baiduspider)
(policy.rules)
  2807323 - ETPRO TROJAN Win32/Esfury.T Checkin (trojan.rules)
  2807364 - ETPRO TROJAN Zeroaccess Variant 2 (trojan.rules)
  2807481 - ETPRO TROJAN Win32.Viking.j Checkin (trojan.rules)
  2807506 - ETPRO TROJAN Win32.Foreign.jowy 1 (trojan.rules)
  2808356 - ETPRO TROJAN Win32/Vflooder.B vtapi DOS (trojan.rules)
  2808421 - ETPRO MOBILE_MALWARE Android Dowgin/SMSreg IMSI Leak
(mobile_malware.rules)
  2808464 - ETPRO TROJAN Win32/Viknok.D Checkin 2 (trojan.rules)
  2808511 - ETPRO TROJAN W32/Zbot.PM.gen Checkin 2 (trojan.rules)
  2808549 - ETPRO TROJAN Win32/Rovnix Variant Config Download (trojan.rules)
  2808715 - ETPRO TROJAN Win32/Sality.AM GET Request (trojan.rules)
  2808793 - ETPRO TROJAN Win32.Androm.cxb Requesting PE (trojan.rules)
  2808944 - ETPRO TROJAN Win32/Comame Checkin (trojan.rules)
  2808970 - ETPRO MOBILE_MALWARE Android/Spy.Kasandra.B Checkin
(mobile_malware.rules)
  2809448 - ETPRO MOBILE_MALWARE Adware.AndroidOS.AirPush.a Checkin 2
(mobile_malware.rules)
  2809513 - ETPRO MOBILE_MALWARE Android.Trojan.Koler.D HTTP Checkin
(mobile_malware.rules)
  2809559 - ETPRO MOBILE_MALWARE Android.Adware.NoiconAds.A Checkin
(mobile_malware.rules)
  2809579 - ETPRO TROJAN Win32/Sality.AT Checkin (trojan.rules)
  2809671 - ETPRO TROJAN Backdoor.Win32.Vawtrak Connectivity Check
(trojan.rules)
  2810606 - ETPRO TROJAN Upatre Retrieving encoded payload (Mazilla)
(trojan.rules)
  2810959 - ETPRO MOBILE_MALWARE Riskware Android/SMSreg.OC Checkin
(mobile_malware.rules)
  2811157 - ETPRO MOBILE_MALWARE Trojan.Android.Clicker.J Checkin 2
(mobile_malware.rules)
  2811170 - ETPRO TROJAN BACKDOOR.WAKETAGAT Checkin (trojan.rules)
  2811246 - ETPRO TROJAN Win32/Nivdort Empty Checkin (trojan.rules)
  2811838 - ETPRO INFO Suspicious Terse HTTP Request to Pastebin
(info.rules)
  2812028 - ETPRO POLICY Python Requests Suspicious User Agent
(policy.rules)
  2812116 - ETPRO POLICY External IP Address/Location Disclosure -
geoplugin.net (policy.rules)
  2812130 - ETPRO POLICY SpyHunter Spyware Removal Tool PUP User-Agent
(SpyHunter) (policy.rules)
  2812536 - ETPRO CURRENT_EVENTS Successful Commonwealth Bank Phish Aug 19
2015 (current_events.rules)
  2812559 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish M1 Aug 20
2015 (current_events.rules)
  2812600 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish M2 Aug 20
2015 (current_events.rules)
  2812601 - ETPRO CURRENT_EVENTS Successful OWA Account Phish Aug 20 2015
(current_events.rules)
  2812688 - ETPRO CURRENT_EVENTS Successful Navy Credit Union Account Phish
Aug 25 2015 (current_events.rules)
  2812722 - ETPRO TROJAN Bedep Downloading Config (trojan.rules)
  2812759 - ETPRO CURRENT_EVENTS Successful Facebook Phish Aug 27 2015
(current_events.rules)
  2812858 - ETPRO TROJAN Win32/HitPop.AH Activity (trojan.rules)
  2812900 - ETPRO CURRENT_EVENTS Successful Telstra Phish M1 Sept 04 2015
(current_events.rules)
  2814268 - ETPRO TROJAN Nemucod Downloading Payload (trojan.rules)
  2814489 - ETPRO POLICY External IP Lookup - ip.taobao.com (policy.rules)
  2814736 - ETPRO TROJAN Pirpi CnC Beacon (trojan.rules)
  2814903 - ETPRO MOBILE_MALWARE Android.Trojan.HiddenApp.AH Checkin
(mobile_malware.rules)
  2815365 - ETPRO POLICY External IP Address Check - (speedtest.net)
(policy.rules)
  2815801 - ETPRO CURRENT_EVENTS Successful Formbuddy Credential Phish
Submission Jan 15 (current_events.rules)
  2816039 - ETPRO CURRENT_EVENTS Phishing Landing via Weebly.com (set) Feb
2 (current_events.rules)
  2816669 - ETPRO TROJAN W32/Nymaim Checkin 7 (trojan.rules)
  2816883 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger
Domains M1 Apr 4 2016 (current_events.rules)
  2816884 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger
Domains M2 Apr 4 2016 (current_events.rules)
  2816885 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger
Domains M3 Apr 4 2016 (current_events.rules)
  2816887 - ETPRO CURRENT_EVENTS Possible Successful Phish to Hostinger
Domains M5 Apr 4 2016 (current_events.rules)
  2819999 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.V Checkin
(mobile_malware.rules)
  2820534 - ETPRO CURRENT_EVENTS Possible HMRC Phishing Domain Jun 08 2016
(current_events.rules)
  2820614 - ETPRO CURRENT_EVENTS Possible Apple Phishing Domain Jun 14 2016
(current_events.rules)
  2820683 - ETPRO CURRENT_EVENTS Successful Chase Phish Jun 15 2016
(current_events.rules)
  2820684 - ETPRO CURRENT_EVENTS Successful Apple Phish Jun 15 2016
(current_events.rules)
  2820685 - ETPRO CURRENT_EVENTS Successful USAA Phish Jun 15
(current_events.rules)
  2820686 - ETPRO CURRENT_EVENTS Successful Paypal Phish Jun 15 2016
(current_events.rules)
  2820877 - ETPRO CURRENT_EVENTS Successful Amazon.com Phish M1 Jun 27 2016
(current_events.rules)
  2820920 - ETPRO INFO Data Submitted to ukit domain - Possible Phishing M1
Jun 29 2016 (info.rules)
  2820921 - ETPRO INFO Data Submitted to ukit domain - Possible Phishing M2
Jun 29 2016 (info.rules)
  2822901 - ETPRO CURRENT_EVENTS Successful Generic Phish - Observed in
Apple/Bank of America/Amazon Oct 26 2016 (current_events.rules)
  2824047 - ETPRO CURRENT_EVENTS Successful Poste Italiane Phish Dec 23
2016 (current_events.rules)
  2824353 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish Jan 11 2017
(current_events.rules)
  2824578 - ETPRO TROJAN Sage Ransomware Onion Domain (trojan.rules)
  2826534 - ETPRO TROJAN Win32/Ibashade CnC Beacon (trojan.rules)
  2826655 - ETPRO CURRENT_EVENTS Successful Webhostapp Hosted Generic Phish
Jun 07 2017 (current_events.rules)
  2826662 - ETPRO CURRENT_EVENTS Blockchain Phishing Landing Jun 07 2017
(current_events.rules)
  2827143 - ETPRO TROJAN Monsoon APT Fake Doc DL (trojan.rules)
  2827169 - ETPRO TROJAN Alina IP Check (whatismyipaddress .com)
(trojan.rules)
  2827187 - ETPRO TROJAN MSIL/ClipBanker.BX CnC Checkin M2 (trojan.rules)
  2827507 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Aug 14 2017
(current_events.rules)
  2827690 - ETPRO MOBILE_MALWARE PUP Android/Igexin.B Checkin 2
(mobile_malware.rules)
  2827919 - ETPRO TROJAN Win32/Aenjaris!rfn Activity (trojan.rules)
  2827950 - ETPRO TROJAN CVE-2017-8570 Related SSL Cert (trojan.rules)
  2828110 - ETPRO MOBILE_MALWARE Android/BinaryBanc CnC Beacon
(mobile_malware.rules)
  2828111 - ETPRO MOBILE_MALWARE Android/BinaryBanc CnC Checkin
(mobile_malware.rules)
  2828582 - ETPRO TROJAN Fake Ransomware CnC Checkin (trojan.rules)
  2828583 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
244 (mobile_malware.rules)
  2828589 - ETPRO CURRENT_EVENTS Successful ABN-AMRO Bank Phish M1 Nov 09
2017 (current_events.rules)
  2828590 - ETPRO CURRENT_EVENTS Successful ABN-AMRO Bank Phish M2 Nov 09
2017 (current_events.rules)
  2828591 - ETPRO CURRENT_EVENTS Successful 163.com Phish Nov 09 2017
(current_events.rules)
  2828592 - ETPRO CURRENT_EVENTS Successful HM Revenue & Customs Phish Nov
09 2017 (current_events.rules)
  2828603 - ETPRO CURRENT_EVENTS Successful Telstra Phish Nov 10 2017
(current_events.rules)
  2828604 - ETPRO CURRENT_EVENTS Successful Impots.gouv.fr Phish Nov 10
2017 (current_events.rules)
  2828605 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Nov 10 2017
(current_events.rules)
  2828606 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Nov 10 2017
(current_events.rules)
  2828607 - ETPRO CURRENT_EVENTS Successful Amazon Phish Nov 10 2017
(current_events.rules)
  2828608 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Nov 10
2017 (current_events.rules)
  2828617 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
245 (mobile_malware.rules)
  2828627 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
246 (mobile_malware.rules)
  2828628 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
247 (mobile_malware.rules)
  2828646 - ETPRO TROJAN Chthonic CnC Beacon 12 (trojan.rules)
  2828655 - ETPRO CURRENT_EVENTS Successful Paypal Phish Nov 20 2017
(current_events.rules)
  2828657 - ETPRO CURRENT_EVENTS Successful Netflix Phish Nov 20 2017
(current_events.rules)
  2828688 - ETPRO USER_AGENTS IoT FamilyHub UA (Tizen) (user_agents.rules)
  2828711 - ETPRO TROJAN Win32/DarkNeuron POST Request to CnC (trojan.rules)
  2828712 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.ck Checkin
(mobile_malware.rules)
  2828723 - ETPRO TROJAN Ars Stealer CnC Checkin (trojan.rules)
  2837280 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-07-05
(current_events.rules)

[///]    Modified inactive rules:    [///]

  2828108 - ETPRO TROJAN Win32/Agent.SUP CnC Checkin (trojan.rules)

Date:
Summary title:
4 new OPEN, 39 new PRO (4 + 35). Trickbot, Darkstealer, GORGON, Various Phish, Various Suri 5 updates.