[***]            Summary:            [***]

5 new OPEN, 14 new PRO (5 + 9).  Nusumu, Broide, GORGON APT, Various Suri 5 formatting updates.

Tks: @travisbgreen

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030702 - ET POLICY [401TRG] DropBox Access via API (SNI) (policy.rules)
  2030703 - ET POLICY [401TRG] DropBox Access via API (Certificate)
(policy.rules)
  2030704 - ET WEB_CLIENT Tech Support Scam Landing 2020-08-19
(web_client.rules)
  2030705 - ET WEB_CLIENT Tech Support Scam Landing 2020-08-19
(web_client.rules)
  2030706 - ET TROJAN GORGON APT Download Activity M2 (trojan.rules)

Pro:

  2843929 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(desktop.) M2 (info.rules)
  2844073 - ETPRO TROJAN Win32/Nusumu Stealer CnC Activity (trojan.rules)
  2844074 - ETPRO TROJAN Observed Nusumu CnC Domain in TLS SNI
(trojan.rules)
  2844075 - ETPRO TROJAN MSIL/Unk.Broide.gen CnC Checkin (trojan.rules)
  2844076 - ETPRO TROJAN MSIL/Unk.Broide.gen CnC Keep-Alive (trojan.rules)
  2844077 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2844078 - ETPRO TROJAN Win32/Agentb.jzps CnC Host Checkin (trojan.rules)
  2844079 - ETPRO CURRENT_EVENTS Successful PDF Online Phish 2020-08-19
(current_events.rules)
  2844080 - ETPRO CURRENT_EVENTS Successful Zapto.org Hosted Generic Phish
2020-08-19 (current_events.rules)

[---]         Disabled rules:        [---]

  2844036 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)

[---]         Removed rules:         [---]

  2843929 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (desktop.) M2 (trojan.rules)