[***] Summary: [***]
5 new OPEN, 14 new PRO (5 + 9). Nusumu, Broide, GORGON APT, Various Suri 5 formatting updates.
Tks: @travisbgreen
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030702 - ET POLICY [401TRG] DropBox Access via API (SNI) (policy.rules)
2030703 - ET POLICY [401TRG] DropBox Access via API (Certificate)
(policy.rules)
2030704 - ET WEB_CLIENT Tech Support Scam Landing 2020-08-19
(web_client.rules)
2030705 - ET WEB_CLIENT Tech Support Scam Landing 2020-08-19
(web_client.rules)
2030706 - ET TROJAN GORGON APT Download Activity M2 (trojan.rules)
Pro:
2843929 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(desktop.) M2 (info.rules)
2844073 - ETPRO TROJAN Win32/Nusumu Stealer CnC Activity (trojan.rules)
2844074 - ETPRO TROJAN Observed Nusumu CnC Domain in TLS SNI
(trojan.rules)
2844075 - ETPRO TROJAN MSIL/Unk.Broide.gen CnC Checkin (trojan.rules)
2844076 - ETPRO TROJAN MSIL/Unk.Broide.gen CnC Keep-Alive (trojan.rules)
2844077 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2844078 - ETPRO TROJAN Win32/Agentb.jzps CnC Host Checkin (trojan.rules)
2844079 - ETPRO CURRENT_EVENTS Successful PDF Online Phish 2020-08-19
(current_events.rules)
2844080 - ETPRO CURRENT_EVENTS Successful Zapto.org Hosted Generic Phish
2020-08-19 (current_events.rules)
[---] Disabled rules: [---]
2844036 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
[---] Removed rules: [---]
2843929 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST
Request (desktop.) M2 (trojan.rules)