Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/09/29

[***]            Summary:            [***]

8 new OPEN, 26 new PRO (8 + 18). APT39/Chafer, Vicious Panda, ELF/Corsotk, and VARIOUS Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030915 - ET TROJAN APT39/Chafer Payload - CnC Checkin M1 (trojan.rules)
  2030916 - ET MALWARE APT39/Chafer Payload - CnC Checkin M2 (malware.rules)
  2030917 - ET POLICY Outbound HTTP Request with BITS_POST Method
(policy.rules)
  2030918 - ET TROJAN Trojan.Win32.Codenox.gyezu CnC Activity (trojan.rules)
  2030919 - ET TROJAN Mozi Botnet DHT Config Sent (trojan.rules)
  2030920 - ET TROJAN Vicious Panda Checkin (trojan.rules)
  2030921 - ET TROJAN Vicious Panda CnC Activity (trojan.rules)
  2030922 - ET POLICY Monitoring Software Domain (sneek .io) in TLS SNI
(policy.rules)

Pro:

  2844679 - ETPRO TROJAN ELF/Corsotk CnC Checkin (trojan.rules)
  2844680 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 1) (trojan.rules)
  2844681 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 2) (trojan.rules)
  2844682 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 3) (trojan.rules)
  2844683 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 4) (trojan.rules)
  2844684 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 5) (trojan.rules)
  2844685 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-09-29 6) (trojan.rules)
  2844686 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-09-29
(current_events.rules)
  2844687 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-29 (current_events.rules)
  2844688 - ETPRO CURRENT_EVENTS Successful Societe Generale Phish
2020-09-29 (current_events.rules)
  2844689 - ETPRO CURRENT_EVENTS Successful Generic Multiwebmail Phish
2020-09-29 (current_events.rules)
  2844690 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-09-29
(current_events.rules)
  2844691 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-09-29 (current_events.rules)
  2844692 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set)
2020-09-29 (current_events.rules)
  2844693 - ETPRO CURRENT_EVENTS Successful Facebook Mobile Phish 2020-09-29
(current_events.rules)
  2844694 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-09-29
(current_events.rules)
  2844695 - ETPRO TROJAN Win32/Remcos RAT Checkin 549 (trojan.rules)
  2844696 - ETPRO TROJAN AsyncRAT/CinaRAT/Quasar Related Download Activity
(trojan.rules)

[///]     Modified active rules:     [///]

  2016941 - ET TROJAN ISRStealer Checkin (trojan.rules)
  2018121 - ET TROJAN Onkods.A Downloader Checkin (trojan.rules)
  2018456 - ET TROJAN ELF/Mayhem Checkin (trojan.rules)
  2018604 - ET TROJAN Andromeda Downloading Module (trojan.rules)
  2018612 - ET WEB_SPECIFIC_APPS Cacti Superlinks Plugin SQL Injection
(web_specific_apps.rules)
  2019467 - ET TROJAN Win32/Spy.KeyLogger.ODN Checkin (trojan.rules)
  2019678 - ET TROJAN Ursnif Checkin (trojan.rules)
  2020032 - ET TROJAN Trojan.Nurjax Downloading PE (trojan.rules)
  2020077 - ET TROJAN Kronos Checkin M2 (trojan.rules)
  2020080 - ET TROJAN Kronos Checkin (trojan.rules)
  2020095 - ET TROJAN Steam Stealer (trojan.rules)
  2020221 - ET WEB_SPECIFIC_APPS WP Generic revslider Arbitrary File
Download (web_specific_apps.rules)
  2020293 - ET TROJAN W32/Adrom.Backdoor CnC Beacon (trojan.rules)
  2020327 - ET WEB_SPECIFIC_APPS Wordpress PingBack Possible GHOST attempt
(web_specific_apps.rules)
  2020368 - ET WEB_SPECIFIC_APPS FancyBox Remote Code Inclusion POST Request
(web_specific_apps.rules)
  2020370 - ET TROJAN Upatre External IP Check (trojan.rules)
  2020378 - ET TROJAN Sakula/Mivast C2 Activity (trojan.rules)
  2020386 - ET POLICY SUSPICIOUS *.rar.exe in HTTP URL (policy.rules)
  2020415 - ET POLICY I2P Seeds File Request (policy.rules)
  2020419 - ET CURRENT_EVENTS Upatre Common URI Struct Feb 12 2015
(current_events.rules)
  2020420 - ET TROJAN Win32/Gulcrypt.B Downloading components - set
(trojan.rules)
  2020432 - ET TROJAN Likely Arid Viper APT Advtravel Campaign GET Keepalive
(trojan.rules)
  2020434 - ET TROJAN Arid Viper APT Checkin 1 (trojan.rules)
  2020435 - ET TROJAN Arid Viper APT Exfiltrating files (trojan.rules)
  2020436 - ET TROJAN Arid Viper APT Checkin 2 (trojan.rules)
  2020437 - ET TROJAN Arid Viper APT Checking filename (trojan.rules)
  2020438 - ET TROJAN Arid Viper APT File information (trojan.rules)
  2020439 - ET TROJAN Arid Viper APT Transmitting Serial (trojan.rules)
  2020440 - ET TROJAN Arid Viper APT Transmitting Date (trojan.rules)
  2020441 - ET TROJAN Arid Viper APT Possible User-Agent (SK) (trojan.rules)
  2020442 - ET TROJAN Arid Viper APT Possible User-Agent (Skype)
(trojan.rules)
  2020443 - ET TROJAN Arid Viper APT Possible User-Agent (Skypee)
(trojan.rules)
  2020479 - ET TROJAN Win32.Beaugrit.gen.AAAA (trojan.rules)
  2020480 - ET TROJAN Trojan.NSIS.Comame.A Checkin (trojan.rules)
  2020485 - ET EXPLOIT Possible dlink-DSL2640B DNS Change Attempt
(exploit.rules)
  2020486 - ET EXPLOIT Possible ShuttleTech 915WM DNS Change Attempt
(exploit.rules)
  2020487 - ET EXPLOIT Generic ADSL Router DNS Change GET Request
(exploit.rules)
  2020488 - ET EXPLOIT Generic ADSL Router DNS Change POST Request
(exploit.rules)
  2020490 - ET TROJAN SuperFish CnC Beacon 2 (trojan.rules)
  2020504 - ET TROJAN Win32/LockScreen CnC Beacon 2 (trojan.rules)
  2020505 - ET TROJAN Win32.Sality.3 Checkin (trojan.rules)
  2020568 - ET TROJAN Tinba Checkin 3 (trojan.rules)
  2020573 - ET CURRENT_EVENTS INFO .exe download with no referer (noalert)
(current_events.rules)
  2020580 - ET POLICY Privdog Update check (policy.rules)
  2020583 - ET EXPLOIT Seagate Business NAS Unauthenticated Remote Command
Execution (exploit.rules)
  2020590 - ET EXPLOIT D-Link and TRENDnet ncc2 Service Vulnerability
(ping.ccp) 2015-1187 (exploit.rules)
  2020603 - ET EXPLOIT D-Link and TRENDnet ncc2 Service Vulnerability
(fwupdate.cpp) 2015-1187 (exploit.rules)
  2020644 - ET CURRENT_EVENTS Unknown Malicious Second Stage Download URI
Struct M2 Feb 06 2015 (current_events.rules)
  2020645 - ET TROJAN Win32/Trapwot FakeAV Post Infection CnC Beacon
(trojan.rules)
  2020646 - ET TROJAN Win32/Trapwot FakeAV Checkin (trojan.rules)
  2020706 - ET TROJAN FakeAV Variant CnC Beacon (trojan.rules)
  2020723 - ET TROJAN FindPOS Checkin (trojan.rules)
  2020734 - ET TROJAN Fileless infection dropped by EK CnC Beacon
(trojan.rules)
  2020738 - ET TROJAN Win32/TrojanProxy.JpiProx.B CnC Beacon 2
(trojan.rules)
  2805820 - ETPRO MOBILE_MALWARE Android/FkToken.A Checkin
(mobile_malware.rules)
  2806158 - ETPRO MOBILE_MALWARE Android/Agent.KA!tr Checkin
(mobile_malware.rules)
  2806248 - ETPRO TROJAN Trojan-Dropper.Win32.Dapato.cabb Checkin
(trojan.rules)
  2806655 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Winge.b Checkin
(mobile_malware.rules)
  2806838 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.k Checkin 2
(mobile_malware.rules)
  2806842 - ETPRO TROJAN Win32/Agent.UZD/Socks5systemz Checkin
(trojan.rules)
  2806952 - ETPRO TROJAN Win32/Filecoder.NAG Ransomware Checkin
(trojan.rules)
  2808101 - ETPRO MOBILE_MALWARE Android/UUPAY.B Checkin
(mobile_malware.rules)
  2808138 - ETPRO MOBILE_MALWARE Android/Battpatch.A Checkin
(mobile_malware.rules)
  2808911 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.O Leaking Private
Information (mobile_malware.rules)
  2808957 - ETPRO MOBILE_MALWARE Trojan.Android.Leadbolt.B Checkin
(mobile_malware.rules)
  2809026 - ETPRO TROJAN Ransom.Win32.Cryakl Checkin (trojan.rules)
 2809058 - ETPRO POLICY IP Check 2ip.ru (policy.rules)
  2809103 - ETPRO MOBILE_MALWARE Android/Spyoo.C Checkin
(mobile_malware.rules)
  2809350 - ETPRO WEB_SPECIFIC_APPS Symposium WP Plugin Arbitrary File
Upload (web_specific_apps.rules)
  2809392 - ETPRO TROJAN Win32/TrojanDownloader.Agent.ART Checkin
(trojan.rules)
  2809394 - ETPRO TROJAN Win32/Tikuffed.U Checkin (trojan.rules)
  2809398 - ETPRO WEB_SPECIFIC_APPS WP Theme LFI Attempt
(web_specific_apps.rules)
  2809408 - ETPRO TROJAN Win32/Spy.Banker.ABCU Checkin (trojan.rules)
  2809409 - ETPRO TROJAN Win32/TrojanDownloader.Banload.UUR Downloading PE
set (trojan.rules)
  2809411 - ETPRO MOBILE_MALWARE Android/SMSreg.KU Checkin
(mobile_malware.rules)
  2809425 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Badaccents
Download (mobile_malware.rules)
  2809446 - ETPRO MOBILE_MALWARE AndroidOS/Fujacks.A Checkin
(mobile_malware.rules)
  2809460 - ETPRO TROJAN Win32.Fsysna.bani CnC Beacon GET (trojan.rules)
  2809461 - ETPRO TROJAN Win32.Fsysna.bani CnC Beacon POST (trojan.rules)
  2809467 - ETPRO WEB_SPECIFIC_APPS Sefrengo CMS 1.6.0 SQLi Attempt
(web_specific_apps.rules)
 2809468 - ETPRO TROJAN Email-Worm.Win32.Brontok.n Checkin 2 (trojan.rules)
  2809474 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.rr Checkin
(mobile_malware.rules)
  2809484 - ETPRO TROJAN Trojan-Banker.Win32.AutoIt.dp Checkin
(trojan.rules)
  2809510 - ETPRO WEB_SPECIFIC_APPS Symposium WP Plugin Arbitrary File
Upload 2 (web_specific_apps.rules)
  2809520 - ETPRO TROJAN INFOSTEALER.COMPFOLDER sending stolen files 2
(trojan.rules)
  2809521 - ETPRO MOBILE_MALWARE Android/DroidDeluxe.A Checkin
(mobile_malware.rules)
  2809522 - ETPRO TROJAN Qbot Checkin (trojan.rules)
  2809523 - ETPRO TROJAN P2P-Worm.Win32.Blinkom checkin 1 (trojan.rules)
  2809524 - ETPRO TROJAN P2P-Worm.Win32.Blinkom checkin 2 (trojan.rules)
  2809535 - ETPRO TROJAN Win32/Kanav Checkin (trojan.rules)
  2809543 - ETPRO EXPLOIT McAfee ePolicy Orchestrator Authenticated XXE
Attempt (exploit.rules)
  2809544 - ETPRO EXPLOIT vBSEO Plugin RCE Request Attempt (exploit.rules)
  2809548 - ETPRO TROJAN Win32.Buzus HTTP Request (trojan.rules)
  2809553 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dianru.A Checkin
(mobile_malware.rules)
  2809562 - ETPRO WEB_SPECIFIC_APPS INVEM CMS SQLi Attempt
(web_specific_apps.rules)
  2809567 - ETPRO WEB_SPECIFIC_APPS ArticleFR CMS Shell Upload Attempt
(web_specific_apps.rules)
  2809573 - ETPRO TROJAN Win32/Zemot Requesting PE (trojan.rules)
  2809582 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ja Checkin
(mobile_malware.rules)
  2809590 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Frime.a Checkin
(mobile_malware.rules)
  2809591 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.DL Checkin
(mobile_malware.rules)
  2809592 - ETPRO WEB_SPECIFIC_APPS FerretCMS SQLi Attempt
(web_specific_apps.rules)
  2809593 - ETPRO WEB_SPECIFIC_APPS SmartCMS SQLi Attempt
(web_specific_apps.rules)
  2809601 - ETPRO TROJAN Backdoor.W32.Agobot Checkin (trojan.rules)
  2809609 - ETPRO TROJAN Retrieving file from bluefile.biz likely malicious
(trojan.rules)
  2809611 - ETPRO MOBILE_MALWARE Android/SMSreg.PO Checkin
(mobile_malware.rules)
  2809614 - ETPRO MOBILE_MALWARE Android/FakeTimer.A Checkin 3
(mobile_malware.rules)
  2809618 - ETPRO POLICY External IP Lookup ipinfodb.com (policy.rules)
  2809619 - ETPRO POLICY External IP Lookup software77.net (policy.rules)
  2809620 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.dy Checkin
(mobile_malware.rules)
  2809632 - ETPRO MOBILE_MALWARE Android Hideicon Download
(mobile_malware.rules)
  2809634 - ETPRO EXPLOIT VSAT Sailor 900 Exploit Attempt (exploit.rules)
  2809635 - ETPRO WEB_SPECIFIC_APPS jclassifiedsmanager SQLi Attempt
(web_specific_apps.rules)
  2809653 - ETPRO TROJAN Chthonic CnC Beacon 2 (trojan.rules)
  2809660 - ETPRO MOBILE_MALWARE Android/SMSreg.KU Checkin 2
(mobile_malware.rules)
  2809665 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.A Checkin 3
(mobile_malware.rules)
  2809667 - ETPRO WEB_CLIENT Possible IE Same Origin Bypass Attempt
CVE-2015-0072 (web_client.rules)
  2809668 - ETPRO TROJAN Win32/Rofin.A Checkin (trojan.rules)
  2809672 - ETPRO MOBILE_MALWARE Android/AdDisplay.Dowgin.AM Checkin
(mobile_malware.rules)
  2809679 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.ANT Checkin
(mobile_malware.rules)
  2809680 - ETPRO WEB_SPECIFIC_APPS ZeroCMS SQLi Attempt
(web_specific_apps.rules)
  2809687 - ETPRO POLICY IP Check ip2country.hackers.lv (policy.rules)
  2809689 - ETPRO TROJAN Win32/IRCBot.ARX Connectivity Check (trojan.rules)
  2809691 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A Checkin 3
(mobile_malware.rules)
  2809697 - ETPRO MOBILE_MALWARE Android/SMForw.GN Checkin
(mobile_malware.rules)
  2809698 - ETPRO MOBILE_MALWARE Android/SMForw.GN Checkin 2
(mobile_malware.rules)
  2809701 - ETPRO WEB_SPECIFIC_APPS Pragyan CMS 3.0 SQLi Attempt for Default
User (web_specific_apps.rules)
  2809705 - ETPRO POLICY PUP SilenceInstaller Checkin (policy.rules)
  2809750 - ETPRO WEB_SPECIFIC_APPS Redaxscript CMS 2.2.0 SQLi Attempt
(web_specific_apps.rules)
  2809756 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.C Checkin 5
(mobile_malware.rules)
  2809757 - ETPRO TROJAN Win32.Orsam/Cosmo Checkin 2 (trojan.rules)
  2809758 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Lipbro.a Checkin
(mobile_malware.rules)
  2809778 - ETPRO WEB_SPECIFIC_APPS WP EasyCart Shell Upload Attempt
(web_specific_apps.rules)
  2809783 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.CM Checkin
(mobile_malware.rules)
  2809784 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.ai Checkin
(mobile_malware.rules)
  2809786 - ETPRO TROJAN Possible CouchStealer downloading sqlite dll
(trojan.rules)
  2809796 - ETPRO TROJAN Spyware.OnlineGames Connectivity Check
(trojan.rules)
  2809800 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Mobtes.b Checkin
(mobile_malware.rules)
  2809801 - ETPRO TROJAN Banker.Win32.ChePro.tix Download (trojan.rules)
  2809802 - ETPRO TROJAN Win32.Mailbot Checkin (trojan.rules)
  2809805 - ETPRO MOBILE_MALWARE Android/SMSreg.GE Checkin
(mobile_malware.rules)
  2809809 - ETPRO MOBILE_MALWARE Android/SMSreg.IS Checkin
(mobile_malware.rules)
  2809817 - ETPRO MOBILE_MALWARE Adware.Youmi.A Checkin 2
(mobile_malware.rules)
  2809818 - ETPRO MOBILE_MALWARE PUP Android/Igexin.E Checkin
(mobile_malware.rules)
  2809829 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.dw Checkin
(mobile_malware.rules)
  2809830 - ETPRO MOBILE_MALWARE PUP Android/Nineap.A Checkin
(mobile_malware.rules)
  2809834 - ETPRO TROJAN Win32/Spy.Banker.TWQ CnC Beacon (trojan.rules)
  2809835 - ETPRO TROJAN Win32/Spy.Banker.PJC CnC Beacon (trojan.rules)
  2809839 - ETPRO WEB_SPECIFIC_APPS DLGuard SQLi Attempt
(web_specific_apps.rules)
  2809842 - ETPRO TROJAN Win32/Ploscato.B CnC Beacon (trojan.rules)
  2809843 - ETPRO TROJAN AutoIt/Emupry.A CnC Beacon (trojan.rules)
  2809844 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.de Checkin 5
(mobile_malware.rules)
 2809856 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.kb Checkin
(mobile_malware.rules)
  2809858 - ETPRO TROJAN MSIL/DownCoin.B Fetching EXE (trojan.rules)
  2809864 - ETPRO TROJAN Urausy CnC Beacon (trojan.rules)
  2809865 - ETPRO WEB_SPECIFIC_APPS Piwigo 2.7.3 SQLi Attempt
(web_specific_apps.rules)
  2809880 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.dn Checkin
(mobile_malware.rules)
  2809885 - ETPRO WEB_SPECIFIC_APPS WP Plugin Spider Event Calendar 1.4.9
SQLi Attempt (web_specific_apps.rules)
  2809891 - ETPRO TROJAN Multi Locker CnC Beacon 1 (trojan.rules)
  2809892 - ETPRO TROJAN Multi Locker CnC Beacon 2 (trojan.rules)
  2809894 - ETPRO WEB_SPECIFIC_APPS phpBugTracker v.1.6.0 SQLi Attempt
(web_specific_apps.rules)
  2809900 - ETPRO EXPLOIT Possible Jetty Web Server Information Leak Attempt
(exploit.rules)
  2809901 - ETPRO WEB_SPECIFIC_APPS WP Plugin Gravity Forms Possible Shell
Upload (web_specific_apps.rules)
  2809916 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.CP Checkin
(mobile_malware.rules)
  2809917 - ETPRO MOBILE_MALWARE Android/Ozotshielder.A Checkin 2
(mobile_malware.rules)
  2809918 - ETPRO MOBILE_MALWARE Android SMSreg-XP Checkin
(mobile_malware.rules)
  2809919 - ETPRO TROJAN Win32/Emudbot Checkin (trojan.rules)
  2809921 - ETPRO WEB_SPECIFIC_APPS WP Holding Pattern 0.6 Shell Upload
Attempt (web_specific_apps.rules)
  2809927 - ETPRO TROJAN Win32.Banload.cwca Download Request (trojan.rules)
  2809929 - ETPRO TROJAN Win32/Delf Variant CnC Beacon (trojan.rules)
  2809930 - ETPRO WEB_SPECIFIC_APPS WP Photocrati Theme 4.x.x SQLi Attempt
(web_specific_apps.rules)
  2809931 - ETPRO TROJAN Wqlspy-A CnC Beacon 1 (trojan.rules)
  2809933 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FakeDoc.a Checkin
(mobile_malware.rules)
  2809937 - ETPRO WEB_SPECIFIC_APPS WP Calculated Fields Plugin 1.0.10 SQLi
Attempt (web_specific_apps.rules)
  2809944 - ETPRO TROJAN Phishbank.A CnC Beacon (trojan.rules)
  2809948 - ETPRO MOBILE_MALWARE Android/SMSreg.OP Checkin
(mobile_malware.rules)
  2809953 - ETPRO MOBILE_MALWARE Android/SMSreg.II Checkin
(mobile_malware.rules)
  2809982 - ETPRO TROJAN Win32.Vimditator hideippla.exe Download
(trojan.rules)
  2809986 - ETPRO TROJAN Email.FakeDoc Variant Retrieving PE (trojan.rules)
  2809995 - ETPRO TROJAN Win32.Glupteba.jb Checkin (trojan.rules)
  2809998 - ETPRO MOBILE_MALWARE Android/Agent.AQ Checkin
(mobile_malware.rules)
  2810001 - ETPRO MOBILE_MALWARE Android.Riskware.Agent.gVLO Checkin
(mobile_malware.rules)
  2810004 - ETPRO MOBILE_MALWARE Android/Agent.DG Checkin
(mobile_malware.rules)
  2810006 - ETPRO WEB_SPECIFIC_APPS PHPMoAdmin RCE Attempt
(web_specific_apps.rules)
  2810009 - ETPRO WEB_SPECIFIC_APPS ProjectSend r561 SQLi Attempt
(web_specific_apps.rules)
  2810010 - ETPRO TROJAN PSW.MSIL.Agent.zje Checkin (trojan.rules)
  2810014 - ETPRO MOBILE_MALWARE Android PUP SMSAgent-AOR Checkin
(mobile_malware.rules)
  2810032 - ETPRO WEB_SPECIFIC_APPS Possible Inbound X-OWA-CANARY XSS
Attempt (CVE-2015-1628) (web_specific_apps.rules)
  2810033 - ETPRO WEB_SPECIFIC_APPS Possible Outbound X-OWA-CANARY XSS
Attempt (CVE-2015-1628) (web_specific_apps.rules)
  2810035 - ETPRO WEB_SERVER Microsoft Exchange XSS Vulnerability
(CVE-2015-1632) (web_server.rules)
  2810045 - ETPRO TROJAN Win32/Bibi.A Retrieving PE (trojan.rules)
  2810046 - ETPRO WEB_SPECIFIC_APPS WP Daily Edition Theme SQLi Attempt
(web_specific_apps.rules)
  2810048 - ETPRO MOBILE_MALWARE Android/AdDisplay.AdFlex.C Checkin
(mobile_malware.rules)
  2810050 - ETPRO MOBILE_MALWARE Android/AdDisplay.Zdtad.G Checkin
(mobile_malware.rules)
  2810057 - ETPRO TROJAN Win32/Rofin.A Checkin 2 (trojan.rules)
  2810061 - ETPRO WEB_SPECIFIC_APPS Instant CMS 2.0 SQLi Attempt
(web_specific_apps.rules)
  2810062 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.rv Checkin
(mobile_malware.rules)
  2810065 - ETPRO TROJAN Win32/VB.NTM Retrieving Config (trojan.rules)
  2810066 - ETPRO TROJAN Win32/VB.NTM Retrieving DLL (trojan.rules)
  2810069 - ETPRO TROJAN Win32/Pfoenic.A Checkin 1 (trojan.rules)
  2810070 - ETPRO TROJAN Win32/Pfoenic.A Checkin 2 (trojan.rules)
  2810077 - ETPRO WEB_SPECIFIC_APPS WP SEO by Yoast Plugin 1.7.3.3 SQLi
Attempt (web_specific_apps.rules)
  2810091 - ETPRO WEB_SPECIFIC_APPS Codoforum 2.5.1 Arbitrary File Download
(web_specific_apps.rules)
  2810112 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.AO Checkin 5
(mobile_malware.rules)
  2810117 - ETPRO WEB_SPECIFIC_APPS WP WPML SQLi Attempt
(web_specific_apps.rules)
  2810118 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.C Checkin 6
(mobile_malware.rules)
  2810119 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.C Checkin 7
(mobile_malware.rules)
  2810122 - ETPRO TROJAN Bandook Initial HTTP CnC Beacon (trojan.rules)
  2810124 - ETPRO TROJAN Bandook HTTP CnC Beacon M1 (trojan.rules)
  2810125 - ETPRO TROJAN Bandook HTTP CnC Beacon M2 (trojan.rules)
  2810135 - ETPRO WEB_SPECIFIC_APPS WP Plugin Reflex Gallery Possible Shell
Upload (web_specific_apps.rules)
  2810138 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.AP Checkin
(mobile_malware.rules)
  2810146 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.kh Checkin
(mobile_malware.rules)
  2810147 - ETPRO WEB_SPECIFIC_APPS Mambo 4.6.5 SQLi Attempt
(web_specific_apps.rules)
  2810152 - ETPRO TROJAN Win32/Kilim.A C2 (trojan.rules)
  2810157 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.ke Checkin 2
(mobile_malware.rules)
  2810161 - ETPRO MOBILE_MALWARE Android.Adware.Mobclick.A Checkin
(mobile_malware.rules)
  2810165 - ETPRO WEB_SPECIFIC_APPS Twiki Debugenableplugins RCE Attempt
(web_specific_apps.rules)
  2810170 - ETPRO TROJAN Chthonic CnC Beacon 3 (trojan.rules)
  2810177 - ETPRO MOBILE_MALWARE Android/ScamApp.I Checkin
(mobile_malware.rules)
  2810178 - ETPRO MOBILE_MALWARE Riskware Android/SMSreg.QR Checkin
(mobile_malware.rules)
  2810187 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.FB Checkin 2
(mobile_malware.rules)
  2810234 - ETPRO MOBILE_MALWARE PUP Android/Flexion.A Checkin
(mobile_malware.rules)
  2823676 - ETPRO TROJAN Win32 QuasarRAT 1.3/VenomRAT/CinaRAT Connectivity
Check (trojan.rules)

[---]  Disabled and modified rules:  [---]

  2018951 - ET TROJAN Tor Based Locker Page (Torrentlocker) (trojan.rules)
  2020028 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin Response
1 (trojan.rules)
  2020030 - ET TROJAN Win32/Spy.Agent.OHT - AnunakAPT HTTP Checkin Response
2 (trojan.rules)
  2020195 - ET POLICY exploitpack.com tool checkin (policy.rules)
  2020323 - ET WEB_SERVER Heimdallbot Attack Tool Inbound (web_server.rules)
  2020330 - ET TROJAN Unknown Mailer CnC Beacon (trojan.rules)
  2020333 - ET TROJAN MSIL/Agent.PYO Retrieving Update (trojan.rules)
  2020334 - ET TROJAN MSIL/Agent.PYO Retrieving Config (trojan.rules)
  2020341 - ET TROJAN f0xy Download (trojan.rules)
  2020601 - ET TROJAN Xunpf.A Retrieving DLL (trojan.rules)
  2020650 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Known Domain
(bagacaoutra.ru) (trojan.rules)
  2020651 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Known Domain
(bagacavoltou.ru) (trojan.rules)
  2020652 - ET TROJAN Banker Boleto Fraud JS_BROBAN.SM Known Domain
(bagacaveia.ru) (trojan.rules)
  2807011 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.u Checkin
(mobile_malware.rules)
  2807271 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.m Checkin
(mobile_malware.rules)
  2809374 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fz Checkin
(mobile_malware.rules)
  2809375 - ETPRO MOBILE_MALWARE AndroidOS.Riskware.DroidCoupon Checkin 2
(mobile_malware.rules)
  2809376 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.lt Checkin
(mobile_malware.rules)
  2809378 - ETPRO TROJAN Autoit.F Checkin (trojan.rules)
  2809379 - ETPRO TROJAN Win32/Laimfin.A Checkin (trojan.rules)
  2809388 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
  2809389 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AHS Checkin
(mobile_malware.rules)
  2809399 - ETPRO TROJAN Win32/Filecoder.NCW Ransomware Checkin
(trojan.rules)
  2809400 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Andut.a Checkin
(mobile_malware.rules)
  2809424 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.h Checkin
(mobile_malware.rules)
  2809441 - ETPRO TROJAN suspicious User-Agent (crackim) (trojan.rules)
  2809447 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.gl Checkin 2
(mobile_malware.rules)
  2809450 - ETPRO TROJAN Trojan.Win32.Yakes Variant Checkin (trojan.rules)
  2809456 - ETPRO TROJAN Backdoor.Win32.Androm.fvcp Checkin (trojan.rules)
  2809463 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Svpeng.c Checkin
(mobile_malware.rules)
  2809469 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 11
(mobile_malware.rules)
  2809475 - ETPRO MOBILE_MALWARE Android/FakeApp.X Checkin
(mobile_malware.rules)
  2809478 - ETPRO MOBILE_MALWARE Android/Glooken.A Checkin 2
(mobile_malware.rules)
  2809509 - ETPRO MOBILE_MALWARE Android/AdDisplay.Frupi.A Checkin
(mobile_malware.rules)
  2809515 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.en Checkin
(mobile_malware.rules)
  2809517 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.SD Checkin 2
(mobile_malware.rules)
  2809538 - ETPRO MOBILE_MALWARE Android.Adware.Wapsx.A Checkin 2
(mobile_malware.rules)
  2809550 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.fa Checkin
(mobile_malware.rules)
  2809555 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.a Checkin 10
(mobile_malware.rules)
  2809557 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.JW Checkin
(mobile_malware.rules)
  2809570 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fb Checkin 3
(mobile_malware.rules)
  2809571 - ETPRO CURRENT_EVENTS Waterbug PluginDetect URI Structure
(current_events.rules)
  2809585 - ETPRO MOBILE_MALWARE Android.Riskware.SMSReg.EI Checkin
(mobile_malware.rules)
  2809595 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Logisr.a Checkin
(mobile_malware.rules)
  2809604 - ETPRO MOBILE_MALWARE Android/FakeTimer.B Checkin
(mobile_malware.rules)
  2809622 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Perkel.c Checkin
(mobile_malware.rules)
  2809623 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Perkel.c Checkin 2
(mobile_malware.rules)
  2809681 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.qf Checkin
(mobile_malware.rules)
  2809700 - ETPRO TROJAN AutoIt Downloading Chrome Password Recovery Tool -
Likely Evil (trojan.rules)
  2809752 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.N Checkin
(mobile_malware.rules)
  2809753 - ETPRO TROJAN Backdoor.Win32.Bionet Checkin (trojan.rules)
  2809761 - ETPRO MOBILE_MALWARE Android Unknown Trojan Checkin
(mobile_malware.rules)
  2809787 - ETPRO TROJAN MSIL/INJECTOR.HMT Checkin (trojan.rules)
  2809788 - ETPRO TROJAN WORM_AUTORUN.BMC (keylogger) (trojan.rules)
  2809789 - ETPRO TROJAN WORM_AUTORUN.BMC (Screen) (trojan.rules)
  2809790 - ETPRO TROJAN WORM_AUTORUN.BMC (Initialize) (trojan.rules)
  2809792 - ETPRO TROJAN WORM_AUTORUN.BMC (Update) (trojan.rules)
  2809793 - ETPRO TROJAN WORM_AUTORUN.BMC (ServerTime) (trojan.rules)
  2809826 - ETPRO TROJAN Generic Downloader Requesting PE (trojan.rules)
  2809832 - ETPRO TROJAN Win32.Rokut.dx HTTP Request (trojan.rules)
  2809833 - ETPRO TROJAN Win32/Spy.Banker.ABXQ Checkin (trojan.rules)
  2809854 - ETPRO TROJAN Backdoor.Win32.Androm.ghhv Downloading PE
(trojan.rules)
  2809862 - ETPRO TROJAN Sharik CnC Fake Response (trojan.rules)
  2809869 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.ep Checkin
(mobile_malware.rules)
  2809874 - ETPRO MOBILE_MALWARE Android/SmsSend.UZ Checkin
(mobile_malware.rules)
  2809886 - ETPRO TROJAN Androm Checkin (trojan.rules)
  2809902 - ETPRO MOBILE_MALWARE Android/Tekwon.A Checkin 5
(mobile_malware.rules)
  2809903 - ETPRO TROJAN Win32/Jinupd.B Cnc Beacon 2 (trojan.rules)
  2809910 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AIS Checkin
(mobile_malware.rules)
  2809912 - ETPRO MOBILE_MALWARE Android.Trojan.Gfs.A Checkin 2
(mobile_malware.rules)
  2809935 - ETPRO MOBILE_MALWARE Android.Adware.Adwo.A Checkin
(mobile_malware.rules)
  2809938 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.hc Checkin
(mobile_malware.rules)
  2809941 - ETPRO MOBILE_MALWARE Android.Trojan.Ewalls.C Checkin
(mobile_malware.rules)
  2809952 - ETPRO TROJAN Win32/Stimilini.J PE Download (trojan.rules)
  2809954 - ETPRO TROJAN Win32/ProxyBot.B Casper Checkin (trojan.rules)
  2810000 - ETPRO TROJAN Possible NanoCore RAT Downloading libraries
(trojan.rules)
  2810011 - ETPRO TROJAN PSW.MSIL.Agent.zje Checkin 2 (trojan.rules)
  2810056 - ETPRO TROJAN Win32/Delf.SOM Variant Checkin (trojan.rules)
  2810067 - ETPRO TROJAN Win32/VB.NTM ClickFraud CnC Beacon (trojan.rules)
  2810081 - ETPRO TROJAN KrakenRAT CnC Beacon 3 (trojan.rules)
  2810088 - ETPRO TROJAN Win32/Ursnif Sending Data (trojan.rules)
  2810092 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BAY Checkin 2
(mobile_malware.rules)
  2810093 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.BAY Checkin 3
(mobile_malware.rules)
  2810126 - ETPRO TROJAN Bandook HTTP CnC Beacon M3 (trojan.rules)
 2810141 - ETPRO TROJAN Linux.RST.B CnC Beacon (trojan.rules)
  2810149 - ETPRO TROJAN Exaction Cryptolocker CnC Beacon (trojan.rules)
  2810168 - ETPRO MOBILE_MALWARE Android/Rlove.A Checkin 2
(mobile_malware.rules)
  2810183 - ETPRO TROJAN Vawtrak/NeverQuest CnC Beacon (trojan.rules)
  2814678 - ETPRO TROJAN AbaddonPOS Exfiltrating CC Numbers 2 (trojan.rules)

Date:
Summary title:
8 new OPEN, 26 new PRO (8 + 18). APT39/Chafer, Vicious Panda, ELF/Corsotk, and VARIOUS Phishing.