[***] Summary: [***]
2 new OPEN, 24 new PRO (2 + 22). Exorcist 2.0, PS/SunCrypt, Android/XinaBat, VARIOUS PHISH, Cobalt Strike, Glupteba, IcedID, Remcos.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030906 - ET TROJAN Exorcist 2.0 Ransomware CnC Activity (trojan.rules)
2030907 - ET TROJAN PS/SunCrypt Ransomware CnC Activity (trojan.rules)
Pro:
2844615 - ETPRO MOBILE_MALWARE Android/Agent.DBR CnC Beacon
(mobile_malware.rules)
2844616 - ETPRO MOBILE_MALWARE Android/XinaBat Checkin
(mobile_malware.rules)
2844617 - ETPRO MOBILE_MALWARE Trojan.Android.GinMaster.cudpcj Checkin
(mobile_malware.rules)
2844618 - ETPRO TROJAN Cobalt Strike Malleable C2 (Unknown/Custom
Profile) (trojan.rules)
2844619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-24 1) (trojan.rules)
2844620 - ETPRO CURRENT_EVENTS Successful Gov UK Refund Phish 2020-09-24
(current_events.rules)
2844621 - ETPRO CURRENT_EVENTS Successful Banco BCI Phish 2020-09-24
(current_events.rules)
2844622 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2020-09-24 (current_events.rules)
2844623 - ETPRO CURRENT_EVENTS Successful EDevlet Phish 2020-09-24
(current_events.rules)
2844624 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-09-24
(current_events.rules)
2844625 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
2844626 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
2844627 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
2844628 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
2844629 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
2844630 - ETPRO TROJAN Observed Glupteba CnC Domain in TLS SNI
(trojan.rules)
2844631 - ETPRO TROJAN Win32/Remcos RAT Checkin 544 (trojan.rules)
2844632 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
2844633 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
2844634 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
2844635 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
2844636 - ETPRO TROJAN Observed IcedID Domain in TLS SNI (trojan.rules)
[///] Modified active rules: [///]
2008567 - ET TROJAN Win32.Crypt.nc Checkin (trojan.rules)
2009299 - ET TROJAN General Trojan Downloader (trojan.rules)
2010288 - ET TROJAN W32/Scar Downloader Request (trojan.rules)
2010756 - ET TROJAN Sasfis Botnet Client Reporting Back to Controller
After Command Execution (trojan.rules)
2013694 - ET MOBILE_MALWARE Android/Netisend.A Posting Information to CnC
(mobile_malware.rules)
2018326 - ET WEB_SPECIFIC_APPS JCE Joomla Extension
(web_specific_apps.rules)
2018412 - ET TROJAN Trojan-Spy.Win32.Zbot.qgxi Checkin (trojan.rules)
2018420 - ET TROJAN hacker87 checkin (trojan.rules)
2018425 - ET TROJAN Vawtrak/NeverQuest - Post Data Form 01 (trojan.rules)
2018435 - ET TROJAN W32/Hicrazyk.A Downloader Install CnC Beacon
(trojan.rules)
2018448 - ET TROJAN Sefnit Checkin (trojan.rules)
2018474 - ET TROJAN W32/HelloBridge.Backdoor Register CnC Beacon
(trojan.rules)
2018475 - ET TROJAN W32/HelloBridge.Backdoor Login CnC Beacon
(trojan.rules)
2018507 - ET TROJAN Trojan-Dropper.Win32.Agent.ksja (trojan.rules)
2018520 - ET MOBILE_MALWARE AndroidOS/Lotoor.Q (mobile_malware.rules)
2018530 - ET TROJAN Win32.Trojan.Agent.U3D7V0 Checkin (trojan.rules)
2018532 - ET P2P zzima_loader (p2p.rules)
2018552 - ET TROJAN Backdoor.Win32/Etumbot.B Requesting RC4 Key
(trojan.rules)
2018556 - ET CURRENT_EVENTS SUSPICIOUS EXE Download from Google Common
Data Storage with no Referer (current_events.rules)
2018582 - ET TROJAN Miuref/Boaxxe Checkin (trojan.rules)
2018584 - ET MOBILE_MALWARE Andr/com.sdwiurse (mobile_malware.rules)
2018585 - ET EXPLOIT Supermicro BMC Password Disclosure 1 (exploit.rules)
2018586 - ET EXPLOIT Supermicro BMC Password Disclosure 2 (exploit.rules)
2018601 - ET WEB_SERVER c99 Shell Backdoor Var Override URI
(web_server.rules)
2018603 - ET WEB_SERVER c99 Shell Backdoor Var Override Client Body
(web_server.rules)
2018605 - ET WEB_SPECIFIC_APPS TimThumb Remote Command Execution
(web_specific_apps.rules)
2805819 - ETPRO TROJAN W32/Daws.AKWI!tr Checkin (trojan.rules)
2805858 - ETPRO MOBILE_MALWARE Android/Adware.Wooboo.A Checkin
(mobile_malware.rules)
2806049 - ETPRO TROJAN Trojan-Downloader.Win32.Small.fg Checkin
(trojan.rules)
2806086 - ETPRO TROJAN QLowZones-6 Checkin (trojan.rules)
2806120 - ETPRO TROJAN Variant.Strictor Trojan Selfupdate (exe.zip)
(trojan.rules)
2806294 - ETPRO TROJAN Win32.Banload Trojan Checkin (trojan.rules)
2806313 - ETPRO TROJAN Win32/Injector.AEDM Checkin (trojan.rules)
2806474 - ETPRO TROJAN TR/Dldr.Delphi.Gen Checkin (trojan.rules)
2806849 - ETPRO TROJAN Win32.Agent Trojan Checkin (trojan.rules)
2807071 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.PS Checkin
(mobile_malware.rules)
2807188 - ETPRO TROJAN Trojan.BHO Checkin (trojan.rules)
2807343 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Cova.b Checkin 2
(mobile_malware.rules)
2807358 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.bk Checkin
(mobile_malware.rules)
2807425 - ETPRO TROJAN Win32.LockScreen Ransomware checkin (trojan.rules)
2807476 - ETPRO TROJAN Win32/TrojanDownloader.Onkods.V Download
(trojan.rules)
2807599 - ETPRO TROJAN Trojan.Downloader.gen.h Checkin (trojan.rules)
2807629 - ETPRO TROJAN IRCBot.nih Trojan Checkin (trojan.rules)
2807740 - ETPRO MOBILE_MALWARE Android.Trojan.SecretSpy.A Checkin
(mobile_malware.rules)
2807784 - ETPRO TROJAN Win32/Kryptik.BVCB/Neutrino Bot (trojan.rules)
2807937 - ETPRO TROJAN Trojan-Downloader.Win32.Genome.fxjh Checkin
(trojan.rules)
2807940 - ETPRO TROJAN Backdoor.Win32.Agent.bg Checkin (trojan.rules)
2807942 - ETPRO TROJAN Win32/Tearspear.A Checkin (trojan.rules)
2807944 - ETPRO TROJAN Win32.StartPage.aqin Checkin (trojan.rules)
2807945 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Moavt.c Checkin
(mobile_malware.rules)
2807946 - ETPRO TROJAN Backdoor.Win32.Rukap Checkin 2 (trojan.rules)
2807949 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.ft Checkin 2
(mobile_malware.rules)
2807956 - ETPRO TROJAN Win32/AntiAV.NIN Download (trojan.rules)
2807959 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.az Checkin
(mobile_malware.rules)
2807960 - ETPRO TROJAN AutoIt/Clodow.gen!A (trojan.rules)
2807962 - ETPRO TROJAN Trojan-PSW.Win32.Tepfer.tlha Checkin (trojan.rules)
2807963 - ETPRO TROJAN Win32.Induc.O Checkin (trojan.rules)
2807964 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ig Checkin
(mobile_malware.rules)
2807965 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.ABQ Checkin
(mobile_malware.rules)
2807974 - ETPRO TROJAN Unknown Trojan Checkin (trojan.rules)
2807976 - ETPRO TROJAN Trojan.Win32.Swisyn.dcit Checkin (trojan.rules)
2807986 - ETPRO TROJAN Win32.Inject.mrep Checkin (trojan.rules)
2807991 - ETPRO TROJAN Worm.Win32.VBNA.b Checkin 2 (trojan.rules)
2807994 - ETPRO TROJAN Trojan-Downloader.Win32.Zlob.aep Checkin
(trojan.rules)
2807997 - ETPRO TROJAN Worm.Win32.VBNA.b Checkin 5 (trojan.rules)
2808006 - ETPRO MOBILE_MALWARE Android/MobileSpy.C!mfb Checkin
(mobile_malware.rules)
2808009 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.SmBox.a Checkin
(mobile_malware.rules)
2808011 - ETPRO EXPLOIT Apache Struts ClassLoader Remote Code Execution
(exploit.rules)
2808012 - ETPRO TROJAN Win32/Tofsee.AX google.com connectivity check
(trojan.rules)
2808013 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.o Checkin 3
(mobile_malware.rules)
2808015 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.o Checkin 5
(mobile_malware.rules)
2808016 - ETPRO TROJAN Win32/FakeInit.A Checkin (trojan.rules)
2808019 - ETPRO TROJAN Win32.Ransomlock Checkin (trojan.rules)
2808022 - ETPRO WEB_SERVER PHP Open Flash Charts File Upload Attempt
(web_server.rules)
2808023 - ETPRO WEB_SERVER PHP Possible Open Flash Direct Access to File
Upload Directory (web_server.rules)
2808026 - ETPRO TROJAN Trojan.Win32.Reconyc variant Checkin (trojan.rules)
2808027 - ETPRO TROJAN Win32/Zbot.C Checkin (trojan.rules)
2808033 - ETPRO TROJAN Win32.Banker.KMJ Checkin (trojan.rules)
2808036 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.QO Checkin
(mobile_malware.rules)
2808037 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.cw Checkin 2
(mobile_malware.rules)
2808039 - ETPRO WEB_SERVER Microsoft SharePoint ThemeOverride reflected
XSS attempt (2014-1754) (web_server.rules)
2808042 - ETPRO TROJAN MSIL/PSW.Agent.NUM Checkin (trojan.rules)
2808046 - ETPRO MOBILE_MALWARE Android/AdDisplay.BatteryDoctor.A Checkin
2 (mobile_malware.rules)
2808047 - ETPRO TROJAN Trojan.Win32.Agent.afaxi Checkin (trojan.rules)
2808049 - ETPRO TROJAN Trojan.Win32.Reconyc.bicp Checkin (trojan.rules)
2808059 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.de Checkin 3
(mobile_malware.rules)
2808063 - ETPRO TROJAN Win32/Spy.Banker.AAVM Checkin (trojan.rules)
2808066 - ETPRO MOBILE_MALWARE Android/SMSreg.GQ Checkin
(mobile_malware.rules)
2808067 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Koler.a Checkin
(mobile_malware.rules)
2808068 - ETPRO TROJAN Win32/Nadeomi.A Checkin (trojan.rules)
2808073 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.bo Checkin 4
(mobile_malware.rules)
2808075 - ETPRO MOBILE_MALWARE Android.Adware.KyView.A Checkin
(mobile_malware.rules)
2808087 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Cynos.b Checkin
(mobile_malware.rules)
2808088 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Cynos.b Checkin 2
(mobile_malware.rules)
2808093 - ETPRO TROJAN Trojan-Downloader.Win32.Genome.gxkt Checkin
(trojan.rules)
2808098 - ETPRO TROJAN Trojan-Downloader.Win32.Small.ago Checkin
(trojan.rules)
2808099 - ETPRO TROJAN qq.com C2 - SET (trojan.rules)
2808104 - ETPRO TROJAN Win32/HiddenStart.B Checkin (trojan.rules)
2808117 - ETPRO TROJAN Win32.Reconyc.bqcf Checkin (trojan.rules)
2808118 - ETPRO TROJAN Win32.LockScreen Checkin (trojan.rules)
2808120 - ETPRO TROJAN Trojan-PSW.Win32.Tepfer.tlha Checkin (trojan.rules)
2808121 - ETPRO TROJAN Trojan.DownLoader9.62529 Checkin (trojan.rules)
2808123 - ETPRO MOBILE_MALWARE Android/SmsSend.AL Checkin
(mobile_malware.rules)
2808124 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.J Checkin
(mobile_malware.rules)
2808125 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gy Checkin
(mobile_malware.rules)
2808127 - ETPRO MOBILE_MALWARE Android/AndroBack.A Checkin
(mobile_malware.rules)
2808128 - ETPRO MOBILE_MALWARE Android/AndroBack.A Checkin 2
(mobile_malware.rules)
2808130 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gl Checkin 2
(mobile_malware.rules)
2808131 - ETPRO MOBILE_MALWARE Android.Trojan.FakeBank.K Checkin
(mobile_malware.rules)
2808133 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fv Checkin
(mobile_malware.rules)
2808135 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.kh Checkin
(mobile_malware.rules)
2808139 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Tramp.a Checkin
(mobile_malware.rules)
2808140 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Tramp.a Checkin 2
(mobile_malware.rules)
2808157 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ep Checkin
(mobile_malware.rules)
2808158 - ETPRO MOBILE_MALWARE RemoteAdmin.AndroidOS.Unfawa.a Checkin
(mobile_malware.rules)
2808160 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 8
(mobile_malware.rules)
2808162 - ETPRO TROJAN Trojan-Downloader.JS.Small.ps Checkin
(trojan.rules)
2808163 - ETPRO TROJAN Trojan-Downloader.JS.Small.ps Checkin 2
(trojan.rules)
2808164 - ETPRO TROJAN Win32/Meredrop Checkin (trojan.rules)
2808165 - ETPRO TROJAN Win32/Injector.BCEU Checkin (trojan.rules)
2808166 - ETPRO TROJAN TrojWare.Win32.Amtar.KNB Checkin 3 (trojan.rules)
2808167 - ETPRO TROJAN Variant.Zusy.95263 Checkin (trojan.rules)
2808171 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fidall.a Checkin
(mobile_malware.rules)
2808172 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Acnetdoor.a Checkin
(mobile_malware.rules)
2808180 - ETPRO MOBILE_MALWARE Android/Spy.Zitmo.B Checkin 4
(mobile_malware.rules)
2808181 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.CF Checkin
(mobile_malware.rules)
2808182 - ETPRO MOBILE_MALWARE Andr/SMSSend-J Checkin
(mobile_malware.rules)
2808191 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakeFlash.c Checkin
(mobile_malware.rules)
2808192 - ETPRO TROJAN Win32/Boda Checkin (trojan.rules)
2808195 - ETPRO TROJAN Strictor (trojan.rules)
2808196 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.EQ Checkin
(mobile_malware.rules)
2808198 - ETPRO MOBILE_MALWARE Android/SMSreg.GB Checkin
(mobile_malware.rules)
2808203 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Boqx.a Checkin
(mobile_malware.rules)
2808204 - ETPRO MOBILE_MALWARE AndroidOS.FakeInst.NX Checkin
(mobile_malware.rules)
2808205 - ETPRO MOBILE_MALWARE AndroidOS.FakeInst.NX Checkin 2
(mobile_malware.rules)
2808206 - ETPRO MOBILE_MALWARE AndroidOS/MobileSpy.O Checkin
(mobile_malware.rules)
2808210 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.WV Checkin
(mobile_malware.rules)
2808214 - ETPRO MOBILE_MALWARE Android.Riskware.Agent.XAB Checkin
(mobile_malware.rules)
2808215 - ETPRO MOBILE_MALWARE Andr/SMSReg (mobile_malware.rules)
2808217 - ETPRO MOBILE_MALWARE Teap.A Checkin (mobile_malware.rules)
2808218 - ETPRO TROJAN Win32/Necurs Checkin 1 (trojan.rules)
2808221 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AO Checkin
(mobile_malware.rules)
2808222 - ETPRO MOBILE_MALWARE Android Spyoo-J Checkin
(mobile_malware.rules)
2808224 - ETPRO MOBILE_MALWARE Android Spyoo-J Checkin 3
(mobile_malware.rules)
2808225 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin
(mobile_malware.rules)
2808227 - ETPRO TROJAN Trojan-Dropper.Win32.Daws.cgrk Checkin
(trojan.rules)
2808228 - ETPRO TROJAN Backdoor.Win32.Mokes Checkin (trojan.rules)
2808229 - ETPRO TROJAN Win32/Miracovecz Download Request (trojan.rules)
2808235 - ETPRO TROJAN Trojan-Downloader.VBS.Agent.aim Retrieving .exe
(trojan.rules)
2808238 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a Checkin
(mobile_malware.rules)
2808239 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a Checkin 2
(mobile_malware.rules)
2808240 - ETPRO MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Mazig.a Checkin 3
(mobile_malware.rules)
2808241 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.A Checkin 2
(mobile_malware.rules)
2808242 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.BY Checkin
(mobile_malware.rules)
2808243 - ETPRO TROJAN Win32.Agent.agpdx Executable location retrieval
(trojan.rules)
2808246 - ETPRO MOBILE_MALWARE SMSReg.CW Checkin (mobile_malware.rules)
2808250 - ETPRO TROJAN Win32.Dorgam.qze Checkin 3 (trojan.rules)
2808253 - ETPRO TROJAN Win32.Dorgam.qze Checkin 1 (trojan.rules)
2808254 - ETPRO TROJAN Win32.Dorgam.qze Checkin 2 (trojan.rules)
2808256 - ETPRO TROJAN Win32/Blacked Checkin (trojan.rules)
2808258 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a Checkin 2
(mobile_malware.rules)
2808266 - ETPRO TROJAN Win32/ProxyChanger.EO Checkin (trojan.rules)
2808267 - ETPRO TROJAN Win32.Pandemiya Checkin (trojan.rules)
2808269 - ETPRO TROJAN Trojan-Banker.Win32.ChePro Checkin (trojan.rules)
2843993 - ETPRO TROJAN Taurus Stealer CnC Activity (trojan.rules)
2843994 - ETPRO TROJAN Taurus Stealer CnC Exfil M2 (trojan.rules)
2844606 - ETPRO INFO Suspicious User-Agent IE and Windows Versions With
No Separating Space (info.rules)
[---] Disabled and modified rules: [---]
2808032 - ETPRO TROJAN Win32/Zbot.BX Checkin (trojan.rules)