[***]            Summary:            [***]

15 new OPEN, 32 new PRO (15 + 17).  Mekotio, Sidewinder, JollyRAT, AsyncRAT, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030708 - ET INFO HTTP POST to .php on Appspot Hosting - Possible
Phishing (info.rules)
  2030709 - ET CURRENT_EVENTS GET Request to Appspot Hosting (set)
(current_events.rules)
  2030710 - ET CURRENT_EVENTS Microsoft Account Phishing Landing on Appspot
Hosting (current_events.rules)
  2030711 - ET CURRENT_EVENTS Outlook Web App Phishing Landing on Appspot
Hosting (current_events.rules)
  2030712 - ET CURRENT_EVENTS Microsoft Account Phishing Landing on Appspot
Hosting (current_events.rules)
  2030713 - ET CURRENT_EVENTS Outlook Webapp Phishing Landing on Appspot
Hosting (current_events.rules)
  2030714 - ET CURRENT_EVENTS Linkedin Phishing Landing on Appspot Hosting
(current_events.rules)
  2030715 - ET CURRENT_EVENTS OneDrive Phishing Landing on Appspot Hosting
(current_events.rules)
  2030716 - ET CURRENT_EVENTS Outlook Web App Phishing Landing on Appspot
Hosting (current_events.rules)
  2030717 - ET CURRENT_EVENTS Microsoft Account Phishing Landing on Appspot
Hosting (current_events.rules)
  2030718 - ET CURRENT_EVENTS Adobe Shared Document Phishing Landing on
Appspot Hosting (current_events.rules)
  2030719 - ET MALWARE Mekotio HTTP Method (111SA) (malware.rules)
  2030720 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC)
(trojan.rules)
  2030721 - ET USER_AGENTS Suspected Mekotio User-Agent (MyCustomUser)
(user_agents.rules)
  2030722 - ET USER_AGENTS Suspected Mekotio User-Agent
(4M5yC6u4stom5U8se3r) (user_agents.rules)

Pro:

  2844101 - ETPRO POLICY Master Remote DeskService Suite Activity
(policy.rules)
  2844102 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
  2844103 - ETPRO TROJAN Win32/JollyRAT CnC Activity (trojan.rules)
  2844104 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-08-21
(current_events.rules)
  2844105 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-08-21 (current_events.rules)
  2844106 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-08-21 (current_events.rules)
  2844107 - ETPRO CURRENT_EVENTS Successful Telekom/Tmobile Phish
2020-08-21 (current_events.rules)
  2844108 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-08-21 (current_events.rules)
  2844109 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-08-21
(current_events.rules)
  2844110 - ETPRO CURRENT_EVENTS Successful Assurance Maladie Phish
2020-08-21 (current_events.rules)
  2844111 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-21 1) (trojan.rules)
  2844112 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-08-21 2) (trojan.rules)
  2844113 - ETPRO CURRENT_EVENTS Observed Suspicious SSL Cert (Adtraffic
Related) (current_events.rules)
  2844114 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (OneDrive
Phish) (current_events.rules)
  2844115 - ETPRO TROJAN Win32/Dropper.Agent.IL CnC Checkin (trojan.rules)
  2844116 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844117 - ETPRO TROJAN Malicious SSL Certificate detected (AZORult CnC)
(trojan.rules)

Date:
Summary title:
15 new OPEN, 32 new PRO (15 + 17). Mekotio, Sidewinder, JollyRAT, AsyncRAT, Various Phishing.