[***]            Summary:            [***]

6 new OPEN, 42 new PRO (6 + 36).  MageCart, IcedID, Various Phish, Several Rule Updates, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030880 - ET USER_AGENTS Suspicious User-Agent (Installed OK)
(user_agents.rules)
  2030881 - ET TROJAN Observed MageCart CnC Domain (mcdnn .me in TLS SNI)
(trojan.rules)
  2030882 - ET TROJAN Observed MageCart CnC Domain (mcdnn .net in TLS SNI)
(trojan.rules)
  2030883 - ET TROJAN Observed Magecart Exfil Domain (imags .pw in TLS SNI)
(trojan.rules)
  2030884 - ET TROJAN MageCart JS Retrieval (trojan.rules)
  2030885 - ET TROJAN MageCart Exfil URI (trojan.rules)

Pro:

  2844432 - ETPRO MOBILE_MALWARE Android/GizzXineis Checkin
(mobile_malware.rules)
  2844433 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-09-15
(current_events.rules)
  2844434 - ETPRO CURRENT_EVENTS Successful South State Bank Phish
2020-09-15 (current_events.rules)
  2844435 - ETPRO CURRENT_EVENTS Successful Edevlet Phish 2020-09-15
(current_events.rules)
  2844436 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-15 (current_events.rules)
  2844437 - ETPRO CURRENT_EVENTS Successful Tefpay Phish 2020-09-15
(current_events.rules)
  2844438 - ETPRO CURRENT_EVENTS Successful Adobe PDF Viewer Phish
2020-09-15 (current_events.rules)
  2844439 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-15 (current_events.rules)
  2844440 - ETPRO CURRENT_EVENTS Successful HMRC Phish 2020-09-15
(current_events.rules)
  2844441 - ETPRO CURRENT_EVENTS Successful Credit Agricole Phish
2020-09-15 (current_events.rules)
  2844442 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-15 1) (trojan.rules)
  2844443 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-15 2) (trojan.rules)
  2844444 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-15 3) (trojan.rules)
  2844445 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-15 4) (trojan.rules)
  2844446 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-15 5) (trojan.rules)
  2844447 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-09-15 (current_events.rules)
  2844448 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2020-09-15
(current_events.rules)
  2844449 - ETPRO TROJAN Win64/Spy.Banker.AH Variant CnC Host Checkin
(trojan.rules)
  2844450 - ETPRO MALWARE Win32/BrowSecX Variant CnC Host Checkin
(malware.rules)
  2844451 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2020-09-15
(current_events.rules)
  2844452 - ETPRO TROJAN Observed CoinMiner CnC Domain in TLS SNI
(trojan.rules)
  2844453 - ETPRO TROJAN Win32/Remcos RAT Checkin 538 (trojan.rules)
  2844454 - ETPRO TROJAN Malicious SSL Certificate detected (AZORult CnC)
(trojan.rules)
  2844455 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844456 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844457 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844458 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844459 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844460 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844461 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844462 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844463 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844464 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844465 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844466 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2844467 - ETPRO MALWARE GKB Loader Config Download (malware.rules)

[///]     Modified active rules:     [///]

  2007767 - ET USER_AGENTS Win32/Feebs.kw Worm User-Agent Detected
(user_agents.rules)
  2007826 - ET TROJAN Suspicious User-Agent (API-Guide test program) Used
by Several trojans (trojan.rules)
  2008152 - ET TROJAN Win32/FakeXPA Checkin URL (trojan.rules)
  2008603 - ET USER_AGENTS Suspicious User-Agent Detected (RLMultySocket)
(user_agents.rules)
  2011374 - ET POLICY HTTP Request to a *.co.cc domain (policy.rules)
  2011410 - ET DNS DNS Query for Suspicious .cz.cc Domain (dns.rules)
  2011719 - ET POLICY Win32/Sogou User-Agent (SOGOU_UPDATER) (policy.rules)
  2011912 - ET TROJAN Possible Fake AV Checkin (trojan.rules)
  2012522 - ET POLICY DNS Query For XXX Adult Site Top Level Domain
(policy.rules)
  2012619 - ET USER_AGENTS Suspicious User-Agent Mozilla/3.0
(user_agents.rules)
  2012627 - ET TROJAN FakeAV Check-in purporting to be MSIE with invalid
terse HTTP headers (trojan.rules)
  2012645 - ET TROJAN GET to Google with specific HTTP lib likely
Cycbot/Bifrose/Kryptic checking Internet connection  (trojan.rules)
  2012694 - ET POLICY request to .xxx TLD (policy.rules)
  2012729 - ET TROJAN Known Hostile Domain .ntkrnlpa.info Lookup
(trojan.rules)
  2012738 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8866.org
(info.rules)
  2012810 - ET POLICY HTTP Request to a *.tk domain (policy.rules)
  2012827 - ET POLICY HTTP Request to a *.vv.cc domain (policy.rules)
  2012939 - ET TROJAN Kazy/Kryptor/Cycbot Trojan Checkin (trojan.rules)
  2012956 - ET DNS DNS Query for a Suspicious *.co.tv domain (dns.rules)
  2013172 - ET DNS DNS Query for a Suspicious *.cu.cc domain (dns.rules)
  2013213 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.org
(info.rules)
  2013508 - ET USER_AGENTS Downloader User-Agent HTTPGET (user_agents.rules)
  2013535 - ET INFO HTTP Request to a *.tc domain (info.rules)
  2013823 - ET INFO DYNAMIC_DNS Query to a Suspicious *.myftp.biz Domain
(info.rules)
  2014002 - ET TROJAN Fake Variation of Mozilla 4.0 - Likely Trojan
(trojan.rules)
  2014037 - ET INFO HTTP Request to a *.osa.pl domain (info.rules)
  2014234 - ET TROJAN Fareit/Pony Downloader Checkin 3 (trojan.rules)
  2014478 - ET INFO DYNAMIC_DNS Query to a *.3d-game.com Domain (info.rules)
  2014484 - ET INFO DYNAMIC_DNS Query to a *.bbsindex.com Domain
(info.rules)
  2014511 - ET INFO DYNAMIC_DNS HTTP Request to a *.suroot.com Domain
(info.rules)
  2014784 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8800.org
(info.rules)
  2014799 - ET POLICY OpenVPN Update Check (policy.rules)
  2015460 - ET TROJAN Win32/Pift DNS TXT CnC Lookup ppift.net (trojan.rules)
  2015576 - ET POLICY DNS Query to .onion proxy Domain (tor2web)
(policy.rules)
  2015633 - ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com
(info.rules)
  2015634 - ET INFO DYNAMIC_DNS HTTP Request to Abused Domain *.mooo.com
(info.rules)
  2016300 - ET TROJAN Simda.C Checkin (trojan.rules)
  2016550 - ET TROJAN Win32/Fareit Checkin 2 (trojan.rules)
  2016553 - ET TROJAN Win32/Urausy.C Checkin (trojan.rules)
  2016748 - ET TROJAN RansomCrypt Intial Check-in (trojan.rules)
  2016871 - ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4.
(policy.rules)
  2016950 - ET TROJAN Possible Win32/Hupigon ip.txt with a Non-Mozilla UA
(trojan.rules)
  2016967 - ET TROJAN W32/Symmi Remote File Injector Initial CnC Beacon
(trojan.rules)
  2017645 - ET INFO DNS Query Domain .bit (info.rules)
  2017926 - ET POLICY External IP Lookup / Tor Checker Domain
(check.torproject .org in DNS lookup) (policy.rules)
  2018046 - ET TROJAN Jadtree Downloader rar (trojan.rules)
  2018213 - ET INFO HTTP Connection To DDNS Domain Myvnc.com (info.rules)
  2018216 - ET INFO HTTP Connection To DDNS Domain Hopto.org (info.rules)
  2018219 - ET INFO DYNAMIC_DNS HTTP Request to a *.sytes.net Domain
(info.rules)
  2018231 - ET INFO SUSPICIOUS .scr file download (info.rules)
  2018395 - ET TROJAN  Possible Kelihos.F EXE Download Common Structure 2
(trojan.rules)
  2018518 - ET TROJAN Trojan.Win32.VBKrypt.cugq/Umbra Checkin (trojan.rules)
  2018644 - ET TROJAN Win32/Zemot Checkin (trojan.rules)
  2018752 - ET TROJAN Generic .bin download from Dotted Quad (trojan.rules)
  2018918 - ET POLICY possible Xiaomi phone data leakage DNS (policy.rules)
  2019694 - ET TROJAN Ponmocup Post Infection DNS Lookup intohave
(trojan.rules)
  2019695 - ET TROJAN Ponmocup Post Infection DNS Lookup fasternation
(trojan.rules)
  2019755 - ET TROJAN Bamital Headers - Likely CnC Beacon (trojan.rules)
  2019759 - ET TROJAN Win32/Zemot Requesting PE (trojan.rules)
  2019891 - ET TROJAN W32/Dridex POST CnC Beacon (trojan.rules)
  2020065 - ET TROJAN DNS query for known Anunak APT Domain (ddnservice11.ru)
(trojan.rules)
  2020116 - ET POLICY DNS Query to .onion proxy Domain (onion.to)
(policy.rules)
  2020565 - ET POLICY Dropbox DNS Lookup - Possible Offsite File Backup in
Use (policy.rules)
  2020716 - ET POLICY Possible External IP Lookup ipinfo.io (policy.rules)
  2020844 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (
7hwr34n18.com) (trojan.rules)
  2020869 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (
wh47f2as19.com) (trojan.rules)
  2021062 - ET WEB_SPECIFIC_APPS WP Jetpack/Twentyfifteen Possible XSS
Request (web_specific_apps.rules)
  2021528 - ET TROJAN KINS/ZeusVM Variant Retrieving Config (trojan.rules)
  2021600 - ET POLICY External IP Lookup - www.ip.cn (policy.rules)
  2021995 - ET TROJAN Win32/Necurs Common POST Header Structure
(trojan.rules)
  2022045 - ET POLICY DNS Query to .onion proxy Domain (forkinvestpay.com)
(policy.rules)
  2022225 - ET TROJAN Vawtrak HTTP CnC Beacon (trojan.rules)
  2022280 - ET TROJAN Win32/Nivdort Posting Data 1 (trojan.rules)
  2022351 - ET POLICY External IP Lookup - ipecho.net (policy.rules)
  2022452 - ET TROJAN Scarlet Mimic DNS Lookup 42 (trojan.rules)
  2022482 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01
(trojan.rules)
  2022504 - ET TROJAN Alphacrypt/TeslaCrypt Ransomware CnC Beacon
(trojan.rules)
  2022622 - ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 15 2016
(current_events.rules)
  2022769 - ET TROJAN Ransomware Locky CnC Beacon 2 (trojan.rules)
  2023472 - ET POLICY External IP Lookup Domain (myip.opendns .com in DNS
lookup) (policy.rules)
  2023516 - ET POLICY Android Adups Firmware DNS Query 2 (policy.rules)
  2023517 - ET POLICY Android Adups Firmware DNS Query 3 (policy.rules)
  2023518 - ET POLICY Android Adups Firmware DNS Query 4 (policy.rules)
  2023883 - ET DNS Query to a *.top domain - Likely Hostile (dns.rules)
  2024235 - ET INFO DNS Query to Free Hosting Domain (freevnn . com)
(info.rules)
  2024265 - ET WEB_SERVER Jorgee Scan (web_server.rules)
  2024527 - ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup)
(policy.rules)
  2024828 - ET CURRENT_EVENTS Observed DNS Query to Browser Coinminer
(crypto-loot[.]com) (current_events.rules)
  2024831 - ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup)
(policy.rules)
  2025072 - ET TROJAN Patchwork DNS Tunneling (nsn1.winodwsupdates .me)
(trojan.rules)
  2025073 - ET TROJAN Patchwork Domain (randreports .org in DNS Lookup)
(trojan.rules)
  2025078 - ET TROJAN Mirai Variant Domain (bigboatreps .pw in DNS Lookup)
(trojan.rules)
  2025079 - ET TROJAN Mirai Variant Domain (blacklister .nl in DNS Lookup)
(trojan.rules)
  2025081 - ET TROJAN Patchwork Domain (rannd .org in DNS Lookup)
(trojan.rules)
  2025092 - ET MALWARE Suspicious User-Agent (GeneralDownloadApplication)
(malware.rules)
  2025095 - ET POLICY .onion proxy Domain (onion .plus in DNS Lookup)
(policy.rules)
  2025096 - ET POLICY DNS Query to .onion proxy Domain (onion .casa in DNS
Lookup) (policy.rules)
  2029404 - ET TROJAN Win32/AZORult V3.3 Client Checkin M1 (trojan.rules)
  2029405 - ET TROJAN Win32/AZORult V3.3 Client Checkin M2 (trojan.rules)
  2029406 - ET TROJAN Win32/AZORult V3.3 Client Checkin M3 (trojan.rules)
  2029439 - ET TROJAN Win32/AZORult V3.3 Client Checkin M4 (trojan.rules)
  2029440 - ET TROJAN Win32/AZORult V3.3 Client Checkin M5 (trojan.rules)
  2029441 - ET TROJAN Win32/AZORult V3.3 Client Checkin M6 (trojan.rules)
  2029445 - ET TROJAN Win32/AZORult V3.3 Client Checkin M7 (trojan.rules)
  2029446 - ET TROJAN Win32/AZORult V3.3 Client Checkin M8 (trojan.rules)
  2029447 - ET TROJAN Win32/AZORult V3.3 Client Checkin M9 (trojan.rules)
  2029460 - ET TROJAN Win32/AZORult V3.3 Client Checkin M10 (trojan.rules)
  2029461 - ET TROJAN Win32/AZORult V3.3 Client Checkin M11 (trojan.rules)
  2029462 - ET TROJAN Win32/AZORult V3.3 Client Checkin M12 (trojan.rules)
  2029466 - ET TROJAN Win32/AZORult V3.3 Client Checkin M13 (trojan.rules)
  2029467 - ET TROJAN Win32/AZORult V3.3 Client Checkin M14 (trojan.rules)
  2029468 - ET TROJAN Win32/AZORult V3.3 Client Checkin M15 (trojan.rules)
  2029482 - ET TROJAN Win32/AZORult V3.3 Client Checkin M16 (trojan.rules)
  2029483 - ET TROJAN Win32/AZORult V3.3 Client Checkin M17 (trojan.rules)
  2029484 - ET TROJAN Win32/AZORult V3.3 Client Checkin M18 (trojan.rules)
  2029488 - ET TROJAN Win32/AZORult V3.3 Client Checkin M19 (trojan.rules)
  2029489 - ET TROJAN Win32/AZORult V3.3 Client Checkin M20 (trojan.rules)
  2029490 - ET TROJAN Win32/AZORult V3.3 Client Checkin M21 (trojan.rules)
  2030053 - ET TROJAN Win32/IcedID Requesting Encoded Binary M4
(trojan.rules)
  2801990 - ETPRO USER_AGENTS Suspicious User-Agent HTTP Client
(user_agents.rules)
  2802048 - ETPRO TROJAN Trojan.Win32.Managee.A Checkin (trojan.rules)
  2802859 - ETPRO TROJAN HTTP Request to a *-0-0.info domain (trojan.rules)
  2804233 - ETPRO POLICY dl.dropbox Download (policy.rules)
  2804326 - ETPRO TROJAN Variant.Zusy.572 Checkin (trojan.rules)
  2804336 - ETPRO INFO DYNAMIC_DNS Query to a *.1dumb.com Domain
(info.rules)
  2804382 - ETPRO INFO DYNAMIC_DNS Query to a *.freeTCP.com Domain
(info.rules)
  2804384 - ETPRO INFO DYNAMIC_DNS Query to a *.3-a.net Domain (info.rules)
  2804768 - ETPRO TROJAN Win32.AutoTsifiri.n Related 0-0-0.info Checkin 2
(trojan.rules)
  2804855 - ETPRO TROJAN Win32.Simda.Y/Win32.Shiz.awez DNS Query to
jecijyjudew.eu Domain (trojan.rules)
  2805228 - ETPRO TROJAN Win32/TrojanDownloader.FakeAlert.BP Variant
Checkin (trojan.rules)
  2805335 - ETPRO TROJAN Win32/Renos Checkin 3 (trojan.rules)
  2805564 - ETPRO TROJAN Trojan.Win32.Inject.etds Checkin (trojan.rules)
  2805776 - ETPRO POLICY PowerPack software bundle
Downloader.Win32.SwiftCleaner.bd (policy.rules)
  2805802 - ETPRO POLICY GEOIP info online service (freegeoip.net)
(policy.rules)
  2805956 - ETPRO TROJAN W32/Zbot.ANQ!tr Checkin (trojan.rules)
  2806659 - ETPRO TROJAN Worm.Win32/Esfury.X Checkin (trojan.rules)
  2807024 - ETPRO TROJAN Wauchos.la/Andromeda/Balbatun.9713 Checkin
(trojan.rules)
  2807145 - ETPRO TROJAN Backdoor.Win32.Simda.abpn Checkin (trojan.rules)
  2807284 - ETPRO TROJAN Suspicious User-Agent (Safari) (trojan.rules)
  2807690 - ETPRO TROJAN W32/VBCheMan.A!tr Checkin (trojan.rules)
  2808005 - ETPRO TROJAN Win32.Neshta.A checkin 2 (trojan.rules)
  2808030 - ETPRO TROJAN Win32.IRCBot Checkin (trojan.rules)
  2808050 - ETPRO TROJAN Trojan-Ransom.Win32.Blocker.jgb Checkin
(trojan.rules)
  2808711 - ETPRO TROJAN W32/VBCheMan.A Checkin 2 (trojan.rules)
  2809201 - ETPRO MALWARE Conduit Toolbar COMMLAYER User Agent
(malware.rules)
  2809358 - ETPRO TROJAN Win32/Injector.BRLE Checkin (trojan.rules)
  2809531 - ETPRO TROJAN Likely Win32/Agobot Large POST to Legit Website
(trojan.rules)
  2809683 - ETPRO POLICY IP Check freegeoip.net (policy.rules)
  2809781 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.iw Checkin
(mobile_malware.rules)
  2809945 - ETPRO TROJAN Phishbank.A DNS Lookup (cyberdrill.my)
(trojan.rules)
  2810756 - ETPRO TROJAN Win32/Rovnix.P Retrieving .dat (trojan.rules)
  2811079 - ETPRO TROJAN Win32/Virut.BN Dropper HTTP Request (trojan.rules)
  2811818 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.U Checkin
(mobile_malware.rules)
  2812064 - ETPRO TROJAN Win32/KillAV.PJ Updating (trojan.rules)
  2812234 - ETPRO POLICY IP lookup pv.sohu.com (policy.rules)
  2812465 - ETPRO USER_AGENTS Suspicious User-Agent (User-Agent)
(user_agents.rules)
  2812498 - ETPRO TROJAN Win32/Haperlock.A Connectivity Check (trojan.rules)
  2812834 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept 1 M2
(current_events.rules)
  2814410 - ETPRO TROJAN Win32/TrojanDownloader.Banload.WPF Retrieving
Payload (trojan.rules)
  2815325 - ETPRO TROJAN Andromeda CnC Beacon Fake UA 2 (trojan.rules)
  2815388 - ETPRO POLICY External IP Address Check - (ip-adress.com)
(policy.rules)
  2816007 - ETPRO TROJAN Win32/Sperolz.A Checkin (trojan.rules)
  2819828 - ETPRO TROJAN Redyms/Ramdo CnC DGA DNS Lookup (yw//.org)
(trojan.rules)
  2820270 - ETPRO TROJAN Win32.Floxif.A Checkin (trojan.rules)
  2820273 - ETPRO TROJAN W32/Bayrob Attempted Checkin (trojan.rules)
  2820680 - ETPRO TROJAN W32/Bayrob Attempted Checkin 2 (trojan.rules)
  2820706 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Shedun.V Checkin 2
(mobile_malware.rules)
  2825352 - ETPRO POLICY External IP Lookup Domain (freegeiop .net in DNS
lookup) (policy.rules)
  2826184 - ETPRO TROJAN APT10 Redleaves/PlugX/ChChes DNS Lookup
(app.lehigtapp .com) (trojan.rules)
  2826588 - ETPRO CURRENT_EVENTS Possible Ransom Payment Page Request
(local .hta Referer) (current_events.rules)
  2826825 - ETPRO TROJAN DNS Query for known malicious URL thisaintpc .com
(trojan.rules)
  2826889 - ETPRO TROJAN Win32.Cybergate RAT SQLite DL (trojan.rules)
  2827579 - ETPRO INFO .moe Domain in TLS SNI (info.rules)
  2828117 - ETPRO TROJAN ZBot.BW/Injector.KA CnC Activity (trojan.rules)
  2828162 - ETPRO MOBILE_MALWARE Android/HiddenApp.CE Checkin
(mobile_malware.rules)
  2828587 - ETPRO TROJAN APT19 Downloader SSL Cert (trojan.rules)
  2828703 - ETPRO POLICY IP Check Domain (iplogger .co in DNS Lookup)
(policy.rules)
  2828704 - ETPRO POLICY IP Check Domain (iplogger .co in TLS SNI)
(policy.rules)
  2828705 - ETPRO POLICY IP Check Domain (iplogger .org in DNS Lookup)
(policy.rules)
  2828706 - ETPRO POLICY IP Check Domain (iplogger .org in TLS SNI)
(policy.rules)
  2828707 - ETPRO POLICY IP Check Domain (iplogger .info in DNS Lookup)
(policy.rules)
  2828708 - ETPRO POLICY IP Check Domain (iplogger .info in TLS SNI)
(policy.rules)
  2828709 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (a
.pomfe .co in DNS Lookup) (info.rules)
  2828710 - ETPRO INFO Commonly Abused File Sharing Site Domain Observed (a
.pomfe .co in TLS SNI) (info.rules)
  2828721 - ETPRO TROJAN MSIL.ThorCrypt Coinminer Retrieving Module
(trojan.rules)
  2828742 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
248 (mobile_malware.rules)
  2844416 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-09-14
(current_events.rules)

[///]    Modified inactive rules:    [///]

  2008277 - ET TROJAN Win32/Kryptik.AR Variant Winifixer.com Related
Checkin URL (trojan.rules)

[---]  Disabled and modified rules:  [---]

  2007768 - ET TROJAN Pakes Update Detected (trojan.rules)
  2015547 - ET TROJAN Pakes2 - EXE Download Request (trojan.rules)

[---]         Disabled rules:        [---]

  2015523 - ET TROJAN Pakes2 - Checkin - /test.php (trojan.rules)

Date:
Summary title:
6 new OPEN, 42 new PRO (6 + 36). MageCart, IcedID, Various Phish, Several Rule Updates, Others.