[***] Summary: [***]
7 new OPEN, 16 new PRO (7 + 9). AsyncRAT, TA428 Malware, Shift Gopher, and VARIOUS Phishing.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030916 - ET TROJAN APT39/Chafer Payload - CnC Checkin M2 (trojan.rules)
2030935 - ET TROJAN Observed Malicious SSL Cert (AsyncRAT CnC)
(trojan.rules)
2030936 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M5 (current_events.rules)
2030937 - ET CURRENT_EVENTS Possible Phishing Landing Hosted on
CodeSandbox.io M6 (current_events.rules)
2030938 - ET TROJAN TA428 Tmanger Checkin (trojan.rules)
2030939 - ET TROJAN TA428 Infostealer CnC Host Checkin (trojan.rules)
2030940 - ET MOBILE_MALWARE TransparentTribe AhMyth RAT Variant Activity
(POST) (mobile_malware.rules)
Pro:
2844720 - ETPRO TROJAN Win32./Unk.AnonJVM Stealer CnC Activity
(trojan.rules)
2844721 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-01 (current_events.rules)
2844722 - ETPRO TROJAN Shifty Gopher CnC Host Checkin (trojan.rules)
2844723 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-01 1) (trojan.rules)
2844724 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-10-01
(current_events.rules)
2844725 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-01 (current_events.rules)
2844726 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-10-01
(current_events.rules)
2844727 - ETPRO CURRENT_EVENTS Generic Chase Phishing Panel Accessed on
Externally Compromised Server (current_events.rules)
2844728 - ETPRO CURRENT_EVENTS Generic Chase Phishing Panel Accessed on
Internally Compromised Server (current_events.rules)
[///] Modified active rules: [///]
2021118 - ET TROJAN SPEAR CnC Beacon (trojan.rules)
2021119 - ET TROJAN SPEAR CnC Beacon 2 (trojan.rules)
2021132 - ET TROJAN JavaScriptBackdoor HTTP GET CnC Beacon (trojan.rules)
2021139 - ET TROJAN H1N1 Loader CnC Beacon M1 (trojan.rules)
2021142 - ET TROJAN Win32/Bancos URL Structure (trojan.rules)
2021143 - ET TROJAN MSIL/Autorun.AD Checkin (trojan.rules)
2804642 - ETPRO POLICY Remote Manipulator Init Connect (policy.rules)
2809554 - ETPRO MOBILE_MALWARE Android.Trojan.Kysn.A Checkin
(mobile_malware.rules)
2809589 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.SO Checkin
(mobile_malware.rules)
2810758 - ETPRO TROJAN ReactorBot HTTP POST CnC Beacon 1 (trojan.rules)
2810759 - ETPRO TROJAN ReactorBot HTTP POST CnC Beacon 2 (trojan.rules)
2810974 - ETPRO CURRENT_EVENTS Fiesta EK IE Flash Exploit T1
(current_events.rules)
2810978 - ETPRO TROJAN Win32.Trojan.Black.Asdr Checkin (trojan.rules)
2810979 - ETPRO TROJAN Win32.Trojan.Black.Asdr Dropping EXE (trojan.rules)
2811001 - ETPRO TROJAN Win32.Dizkatun Checkin (trojan.rules)
2811029 - ETPRO TROJAN Pacman Ransomware C2 locked.php (trojan.rules)
2811032 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.IH Checkin
(mobile_malware.rules)
2811036 - ETPRO WEB_SPECIFIC_APPS CRUCMS Crucial Networking SQLi Attempt
(projects-cat.php) (web_specific_apps.rules)
2811038 - ETPRO MOBILE_MALWARE Android.Adware.Dowgin.EI Checkin
(mobile_malware.rules)
2811042 - ETPRO TROJAN Alphacrypt CnC Beacon (trojan.rules)
2811057 - ETPRO TROJAN Python.A CnC Beacon (trojan.rules)
2811060 - ETPRO WEB_SPECIFIC_APPS WP Plugin FeedWordPress v2015.0426 SQLi
Attempt (web_specific_apps.rules)
2811066 - ETPRO WEB_SPECIFIC_APPS WP Symposium Plugin 1.4 SQLi Attempt
(web_specific_apps.rules)
2811070 - ETPRO MOBILE_MALWARE Android.Trojan.MemPoDroid.A Checkin
(mobile_malware.rules)
2811080 - ETPRO TROJAN Win32/Banmailo.A Checkin (trojan.rules)
2811095 - ETPRO MOBILE_MALWARE PUP Android/Dianjin.B Checkin
(mobile_malware.rules)
2811096 - ETPRO MOBILE_MALWARE Android PUP SMSAgent-AVA Checkin
(mobile_malware.rules)
2811116 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.IB Checkin 2
(mobile_malware.rules)
2811117 - ETPRO MOBILE_MALWARE Android/AdDisplay.Kuguo.N Checkin
(mobile_malware.rules)
2811123 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.du Checkin 2
(mobile_malware.rules)
2811141 - ETPRO TROJAN WORM.WIN32/GOLDRV.A Checkin (trojan.rules)
2811142 - ETPRO TROJAN P2P-WORM.WIN32.DELF.AO Checkin (trojan.rules)
2811156 - ETPRO MOBILE_MALWARE Trojan.Android.Clicker.J Checkin
(mobile_malware.rules)
2811158 - ETPRO TROJAN WIN32/MEWSEI.A Checkin (trojan.rules)
2811159 - ETPRO MOBILE_MALWARE Android/Agent.GG Checkin
(mobile_malware.rules)
2811188 - ETPRO TROJAN Possible Bedep Timezone/Connectivity Check
(trojan.rules)
2811191 - ETPRO WEB_SPECIFIC_APPS WP Contus Video Gallery Plugin 2.8
Unprotected Mail Page Abuse (web_specific_apps.rules)
2811197 - ETPRO WEB_SPECIFIC_APPS WP WordPress Free Counter Plugin Stored
XSS Exploit (web_specific_apps.rules)
2822039 - ETPRO CURRENT_EVENTS Successful Generic Phish 2016-09-08
(current_events.rules)
2830404 - ETPRO CURRENT_EVENTS Successful Generic Phish 2018-04-16
(current_events.rules)
[---] Disabled and modified rules: [---]
2021091 - ET TROJAN VaultCrypt Checkin (trojan.rules)
2021095 - ET TROJAN Putty SSH Credential Stealer (trojan.rules)
2021122 - ET TROJAN Worm.VBS.Jenxcus.H URL Structure (trojan.rules)
2021166 - ET TROJAN PunkeyPOS HTTP CnC Beacon 7 (trojan.rules)
2021167 - ET TROJAN PunkeyPOS HTTP CnC Beacon 8 (trojan.rules)
2021174 - ET MOBILE_MALWARE Android.Trojan.SLocker.DZ Checkin
(mobile_malware.rules)
2808788 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.fb Checkin
(mobile_malware.rules)
2808799 - ETPRO MOBILE_MALWARE Android.Trojan.SMSSend.LJ Checkin
(mobile_malware.rules)
2810922 - ETPRO TROJAN PolloLocker PS1 Script Download Request
(trojan.rules)
2811028 - ETPRO TROJAN Pacman Ransomware C2 crypted.php (trojan.rules)
2811078 - ETPRO MOBILE_MALWARE Android/Haynu.A Checkin
(mobile_malware.rules)
2811103 - ETPRO TROJAN Win32.BitMin Variant CnC Beacon (trojan.rules)
2811118 - ETPRO TROJAN Win32.S.Agent.72704 Checkin (trojan.rules)
2811119 - ETPRO TROJAN Win32.S.Agent.72704 Checkin 2 (trojan.rules)
2811169 - ETPRO TROJAN BACKDOOR.MSIL.AGENT.QEW Checkin (trojan.rules)
2811172 - ETPRO TROJAN Ransomware WIN32/MALEX.GEN!E Checkin (trojan.rules)
2811189 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.en Checkin
(mobile_malware.rules)
2811214 - ETPRO TROJAN Win32.Reconyc Variant Checkin (trojan.rules)
[---] Removed rules: [---]
2030916 - ET MALWARE APT39/Chafer Payload - CnC Checkin M2 (malware.rules)