Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/10/21

[***]            Summary:            [***]

9 new OPEN, 25 new PRO (9 + 16).  SolarSys, Remcos, MustangPanda, Various Exploits, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031066 - ET EXPLOIT Possible Jira User Enumeration Attempts
(CVE-2020-14181) (exploit.rules)
  2031067 - ET EXPLOIT Possible Citrix Authentication Bypass Attempt
Inbound (CVE-2020-8193) (exploit.rules)
  2031068 - ET EXPLOIT Possible Citrix Information Disclosure Attempt
Inbound (CVE-2020-8195) (exploit.rules)
  2031069 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2031070 - ET TROJAN SolarSys CnC Activity M1 (trojan.rules)
  2031071 - ET INFO Microsoft Connection Test (info.rules)
  2031072 - ET MALWARE Mustang Panda/RedDelta Activity (malware.rules)
  2031073 - ET TROJAN Mustang Panda/RedDelta Downloader Activity (trojan.rules)
  2031074 - ET MALWARE Win32/Kryptik.HGXH Variant Activity (malware.rules)

Pro:

  2845065 - ETPRO INFO Observed Unusual Host (ww.) (info.rules)
  2845066 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-10-21
(current_events.rules)
  2845067 - ETPRO CURRENT_EVENTS Successful Google Drive Phish
2020-10-21 (current_events.rules)
  2845068 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-10-21
(current_events.rules)
  2845069 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-10-21
(current_events.rules)
  2845070 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2020-10-21
(current_events.rules)
  2845071 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-21 1) (trojan.rules)
  2845072 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-21 2) (trojan.rules)
  2845073 - ETPRO CURRENT_EVENTS Successful ING Phish 2020-10-21
(current_events.rules)
  2845074 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-10-21
(current_events.rules)
  2845076 - ETPRO TROJAN Observed Possible Cobalt Strike CnC SSL Cert
Inbound (trojan.rules)
  2845077 - ETPRO TROJAN SolarSys CnC Activity M2 (trojan.rules)
  2845078 - ETPRO TROJAN Win32/Remcos RAT Checkin 573 (trojan.rules)
  2845079 - ETPRO TROJAN Win32/Remcos RAT Checkin 574 (trojan.rules)
  2845080 - ETPRO INFO World Time API Time Check (info.rules)

[///]     Modified active rules:     [///]

  2003492 - ET INFO Suspicious Mozilla User-Agent - Likely Fake
(Mozilla/4.0) (info.rules)
  2027353 - ET TROJAN MSIL/Almashreq CnC Checkin (trojan.rules)
  2028922 - ET TROJAN Kimsuky CnC Domain Observed in DNS Query (trojan.rules)
  2028924 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query (trojan.rules)
  2028925 - ET TROJAN Unk/LNKR CnC Domain Observed in DNS Query (trojan.rules)
  2028926 - ET TROJAN Observed Malicious SSL Cert (StrongPity CnC)
(trojan.rules)
  2028927 - ET TROJAN StrongPity CnC Domain Observed in DNS Query (trojan.rules)
  2028929 - ET TROJAN MSIL.L4L Stealer IP Check (trojan.rules)
  2028930 - ET TROJAN MSIL.L4L Stealer Screenshot Exfiltration (trojan.rules)
  2028931 - ET TROJAN MSIL.L4L Stealer Systeminfo Exfiltration (trojan.rules)
  2028932 - ET TROJAN Win32/CryptInject.BE!MTB Stealer CnC Checkin
(trojan.rules)
  2028933 - ET EXPLOIT Possible rConfig 3.9.2 Remote Code Execution
PoC (CVE-2019-16662) (exploit.rules)
  2028934 - ET TROJAN Possible Darkhotel Higasia Downloader Requesting
Module (trojan.rules)
  2028935 - ET TROJAN Possible Darkhotel Higasia Downloader
Connectivity Check (trojan.rules)
  2028936 - ET TROJAN Possible Darkhotel Higasia Downloader Checkin
(trojan.rules)
  2028939 - ET CURRENT_EVENTS Capesand EK Visitor Tracking
(current_events.rules)
  2028942 - ET P2P FFTorrent P2P Client User-Agent (FFTorrent/x.x.x) (p2p.rules)
  2028944 - ET TROJAN Observed Malicious SSL Cert (Turla CnC) (trojan.rules)
  2028945 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2019-11-06 (current_events.rules)
  2028946 - ET CURRENT_EVENTS Possible Successful Generic Phish (set)
2019-11-06 (current_events.rules)
  2028959 - ET TROJAN Platinum APT Activity (trojan.rules)
  2028961 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query (trojan.rules)
  2028962 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query (trojan.rules)
  2028964 - ET TROJAN DADJOKE/Rail Tycoon Payload Extraction (trojan.rules)
  2028965 - ET TROJAN DADJOKE/Rail Tycoon Payload Execution (trojan.rules)
  2028968 - ET TROJAN Observed Malicious SSL Cert (Possible APT33 CnC)
(trojan.rules)
  2028969 - ET TROJAN Gamaredon CnC Domain Observed in DNS Query (trojan.rules)
  2028970 - ET WEB_CLIENT Tech Support Scam 2019-11-14 (web_client.rules)
  2028971 - ET WEB_CLIENT Tech Support Scam 2019-11-14 (web_client.rules)
  2028973 - ET CURRENT_EVENTS Possible PurpleFox/RIG EK Flash Request
M2 (current_events.rules)
  2028976 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)
  2028977 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Flash
HEAD Request (current_events.rules)
  2028978 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Flash
GET Request (current_events.rules)
  2028979 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI
Struct Landing Request (current_events.rules)
  2028980 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI
Struct Flash Request (current_events.rules)
  2028981 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)
  2028982 - ET CURRENT_EVENTS Possible PurpleFox EK Framework Payload
(current_events.rules)
  2029004 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2029008 - ET WEB_SERVER JAWS Webserver Unauthenticated Shell Command
Execution (web_server.rules)
  2029077 - ET TROJAN Buer Loader Update Request (trojan.rules)
  2029078 - ET TROJAN Buer Loader Download Request (trojan.rules)
  2029079 - ET TROJAN Buer Loader Successful Payload Download (trojan.rules)
  2029080 - ET TROJAN SSL/TLS Certificate Observed (Buer Loader) (trojan.rules)
  2029680 - ET CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2029681 - ET CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-06 (current_events.rules)
  2832226 - ETPRO MOBILE_MALWARE Android.Riskware.Drolock.BK CnC
Beacon (mobile_malware.rules)
  2835637 - ETPRO TROJAN Win32/Pterodo.NG Checkin 2 (trojan.rules)
  2838994 - ETPRO CURRENT_EVENTS Spelevo VBS Cookie (current_events.rules)
  2839154 - ETPRO MOBILE_MALWARE Riskware.Android.Wooboo.cthjxd
Reporting Device Details (mobile_malware.rules)
  2839155 - ETPRO MOBILE_MALWARE Android/TrojanDownloader.Agent.LV CnC
Beacon (mobile_malware.rules)
  2839156 - ETPRO MOBILE_MALWARE Trojan.Android.SystemMonitor.eeirqa
CnC Beacon (mobile_malware.rules)
  2839157 - ETPRO MOBILE_MALWARE Android/Triada.GY Checkin
(mobile_malware.rules)
  2839161 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-11-01
(current_events.rules)
  2839162 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2019-11-01 (current_events.rules)
  2839163 - ETPRO CURRENT_EVENTS Successful Apartments.com Phish
2019-11-01 (current_events.rules)
  2839164 - ETPRO CURRENT_EVENTS Successful ANA Airlines Phish
2019-11-01 (current_events.rules)
  2839165 - ETPRO CURRENT_EVENTS Successful Ziggo Phish 2019-11-01
(current_events.rules)
  2839166 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-11-01
(current_events.rules)
  2839167 - ETPRO CURRENT_EVENTS Successful EC21 Phish 2019-11-01
(current_events.rules)
  2839168 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-11-01
(current_events.rules)
  2839169 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-01
(current_events.rules)
  2839170 - ETPRO CURRENT_EVENTS Successful Generic Management Service
Phish 2019-11-01 (current_events.rules)
  2839171 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-01 (current_events.rules)
  2839178 - ETPRO TROJAN Possible Lyceum CnC Checkin (trojan.rules)
  2839181 - ETPRO CURRENT_EVENTS Successful Netease 163 Webmail Phish
2019-11-04 (current_events.rules)
  2839182 - ETPRO CURRENT_EVENTS Successful Office 365 Message Center
Phish 2019-11-04 (current_events.rules)
  2839183 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-04 (current_events.rules)
  2839184 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-11-04
(current_events.rules)
  2839185 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2019-11-04 (current_events.rules)
  2839186 - ETPRO CURRENT_EVENTS Successful Generic Email Validation
Phish 2019-11-04 (current_events.rules)
  2839187 - ETPRO CURRENT_EVENTS Successful Generic Email Verification
Phish 2019-11-04 (current_events.rules)
  2839188 - ETPRO CURRENT_EVENTS Successful Swisscom Phish 2019-11-04
(current_events.rules)
  2839189 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-04 (current_events.rules)
  2839190 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839191 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839192 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839193 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839194 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839195 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-11-04
(current_events.rules)
  2839196 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839197 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839198 - ETPRO CURRENT_EVENTS Successful Gov UK Vehicle Tax Phish
2019-11-04 (current_events.rules)
  2839199 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839200 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839201 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839202 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839203 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839204 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839205 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839206 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839207 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839208 - ETPRO CURRENT_EVENTS Successful Mastercard Phish
2019-11-04 (current_events.rules)
  2839209 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2019-11-04 (current_events.rules)
  2839210 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839212 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839213 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839215 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839216 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-04 (current_events.rules)
  2839217 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-04
(current_events.rules)
  2839218 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-04
(current_events.rules)
  2839219 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-04
(current_events.rules)
  2839224 - ETPRO CURRENT_EVENTS Successful Sparda Bank Phish
2019-11-05 (current_events.rules)
  2839225 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-11-05 (current_events.rules)
  2839226 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-11-05
(current_events.rules)
  2839227 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish
2019-11-05 (current_events.rules)
  2839228 - ETPRO CURRENT_EVENTS Successful BB&T Phish 2019-11-05
(current_events.rules)
  2839229 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2019-11-05
(current_events.rules)
  2839230 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2019-11-05 (current_events.rules)
  2839231 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-11-05
(current_events.rules)
  2839232 - ETPRO CURRENT_EVENTS Successful Outlook  Phish 2019-11-05
(current_events.rules)
  2839233 - ETPRO CURRENT_EVENTS Successful Generic Email Validation
Phish 2019-11-05 (current_events.rules)
  2839234 - ETPRO CURRENT_EVENTS Successful Standard Bank Phish
2019-11-05 (current_events.rules)
  2839235 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware
Encryption Process Start (trojan.rules)
  2839236 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware
Encryption Bak Status (trojan.rules)
  2839237 - ETPRO TROJAN Cryptor Client Satan Variant Ransomware
Encryption DB Status (trojan.rules)
  2839238 - ETPRO TROJAN Blackmoon CnC Activity (trojan.rules)
  2839242 - ETPRO CURRENT_EVENTS Successful Nordea Phish 2019-11-06
(current_events.rules)
  2839243 - ETPRO CURRENT_EVENTS Successful Generic Email Account
Validation Phish 2019-11-06 (current_events.rules)
  2839245 - ETPRO CURRENT_EVENTS Successful Wayne State University
Phish 2019-11-06 (current_events.rules)
  2839246 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-06 (current_events.rules)
  2839247 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish
2019-11-06 (current_events.rules)
  2839249 - ETPRO CURRENT_EVENTS Successful BNP Paribas Fortis Phish
2019-11-06 (current_events.rules)
  2839250 - ETPRO CURRENT_EVENTS Successful BNP Paribas Fortis Phish
2019-11-06 (current_events.rules)
  2839251 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2019-11-06 (current_events.rules)
  2839252 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-11-06
(current_events.rules)
  2839253 - ETPRO CURRENT_EVENTS Successful Suncorp Phish 2019-11-06
(current_events.rules)
  2839254 - ETPRO CURRENT_EVENTS Successful Facebook Application Phish
2019-11-06 (current_events.rules)
  2839255 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-11-06
(current_events.rules)
  2839256 - ETPRO CURRENT_EVENTS Successful Google Application Phish
2019-11-06 (current_events.rules)
  2839257 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2019-11-06 (current_events.rules)
  2839258 - ETPRO CURRENT_EVENTS Successful Airbnb Phish 2019-11-06
(current_events.rules)
  2839259 - ETPRO CURRENT_EVENTS Successful Suncorp Phish 2019-11-06
(current_events.rules)
  2839260 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-06
(current_events.rules)
  2839261 - ETPRO CURRENT_EVENTS Successful Generic Multimail Phish
2019-11-06 (current_events.rules)
  2839269 - ETPRO CURRENT_EVENTS Successful Generic Compromised
Wordpress Phish 2019-11-06 (current_events.rules)
  2839270 - ETPRO CURRENT_EVENTS Successful Fio Banka Phish 2019-11-06
(current_events.rules)
  2839281 - ETPRO MOBILE_MALWARE Android/Androluna Checkin
(mobile_malware.rules)
  2839282 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.VYEU-2 Checkin
(mobile_malware.rules)
  2839283 - ETPRO MOBILE_MALWARE Android.HiddenApp.E CnC Beacon
(mobile_malware.rules)
  2839284 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2019-11-07 (current_events.rules)
  2839285 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2019-11-07 (current_events.rules)
  2839286 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2019-11-07 (current_events.rules)
  2839287 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-11-07 (current_events.rules)
  2839288 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-11-07 (current_events.rules)
  2839289 - ETPRO CURRENT_EVENTS Successful UBI Banca Phish 2019-11-07
(current_events.rules)
  2839290 - ETPRO CURRENT_EVENTS Successful Telekom / Tmobile Phish
2019-11-07 (current_events.rules)
  2839291 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-07 (current_events.rules)
  2839292 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-07 (current_events.rules)
  2839293 - ETPRO CURRENT_EVENTS Successful Spotify Credit Card
Information Phish 2019-11-07 (current_events.rules)
  2839294 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-07
(current_events.rules)
  2839295 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-11-07
(current_events.rules)
  2839296 - ETPRO CURRENT_EVENTS Successful Microsoft Sharepoint Phish
2019-11-07 (current_events.rules)
  2839297 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report
Phish 2019-11-07 (current_events.rules)
  2839298 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-11-07
(current_events.rules)
  2839299 - ETPRO CURRENT_EVENTS Successful Airbnb Phish 2019-11-07
(current_events.rules)
  2839300 - ETPRO CURRENT_EVENTS Successful Desjardins Phish
2019-11-07 (current_events.rules)
  2839301 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-11-07
(current_events.rules)
  2839302 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2019-11-07 (current_events.rules)
  2839303 - ETPRO CURRENT_EVENTS Successful Banco BPM Phish 2019-11-07
(current_events.rules)
  2839304 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-11-07
(current_events.rules)
  2839305 - ETPRO TROJAN Fastloader CnC Checkin (trojan.rules)
  2839306 - ETPRO TROJAN Fastloader CnC Heartbeat (trojan.rules)
  2839307 - ETPRO TROJAN Fastloader CnC GetPath (trojan.rules)
  2839310 - ETPRO CURRENT_EVENTS Successful Mercado Livre Phish
2019-11-08 (current_events.rules)
  2839311 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-11-08
(current_events.rules)
  2839312 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-11-08
(current_events.rules)
  2839313 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-11-08
(current_events.rules)
  2839314 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-11-08
(current_events.rules)
  2839315 - ETPRO CURRENT_EVENTS Successful Microsoft Office Phish
2019-11-08 (current_events.rules)
  2839316 - ETPRO CURRENT_EVENTS Successful Bankia Phish 2019-11-08
(current_events.rules)
  2839317 - ETPRO CURRENT_EVENTS Successful Espace Phish 2019-11-08
(current_events.rules)
  2839318 - ETPRO CURRENT_EVENTS Successful Webmail Mini Phish
2019-11-08 (current_events.rules)
  2839319 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-08
(current_events.rules)
  2839320 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2019-11-08 (current_events.rules)
  2839321 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-08
(current_events.rules)
  2839322 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Online
Phish 2019-11-08 (current_events.rules)
  2839323 - ETPRO CURRENT_EVENTS Successful Generic View Product
Sample Phish 2019-11-08 (current_events.rules)
  2839324 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish
2019-11-08 (current_events.rules)
  2839325 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish
2019-11-08 (current_events.rules)
  2839326 - ETPRO CURRENT_EVENTS Successful AlaskaUSA Federal Credit
Union Phish 2019-11-08 (current_events.rules)
  2839327 - ETPRO USER_AGENTS Suspicious HTTP/1. User-Agent Observed
(user_agents.rules)
  2839328 - ETPRO USER_AGENTS Suspicious XXXX User-Agent Observed
(user_agents.rules)
  2839329 - ETPRO USER_AGENTS Suspicious IP User-Agent Observed
(user_agents.rules)
  2839330 - ETPRO USER_AGENTS Suspicious AutoIt3Script User-Agent
Observed (user_agents.rules)
  2839332 - ETPRO POLICY iolo Download Manager User-Agent Observed
(policy.rules)
  2839333 - ETPRO USER_AGENTS Appcelerator Titanium User-Agent
Observed (user_agents.rules)
  2839334 - ETPRO MALWARE Installer Doctor User-Agent Observed (malware.rules)
  2839335 - ETPRO MALWARE Install Machine User-Agent Observed (malware.rules)
  2839336 - ETPRO MALWARE WidgiToolbar User-Agent Observed (malware.rules)
  2839337 - ETPRO MALWARE DriverUpdate Installer User-Agent Observed
(malware.rules)
  2839338 - ETPRO MALWARE Weather Buddy User-Agent Observed (malware.rules)
  2839339 - ETPRO MALWARE AnVir Task Manager Free User-Agent Observed
(malware.rules)
  2839340 - ETPRO MALWARE SlimCleaner Plus Installer User-Agent
Observed (malware.rules)
  2839341 - ETPRO MALWARE AccelPCPro User-Agent Observed (malware.rules)
  2839342 - ETPRO MALWARE RunBooster-Updater User-Agent Observed (malware.rules)
  2839343 - ETPRO MALWARE InnoDownloadPlugin User-Agent Observed (malware.rules)
  2839344 - ETPRO POLICY CCleaner Update Agent User-Agent Observed
(policy.rules)
  2839350 - ETPRO CURRENT_EVENTS Successful Spectrum Phish 2019-11-11
(current_events.rules)
  2839351 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-11-11
(current_events.rules)
  2839352 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2019-11-11 (current_events.rules)
  2839354 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-11-11
(current_events.rules)
  2839355 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2019-11-11
(current_events.rules)
  2839356 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2019-11-11 (current_events.rules)
  2839357 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-11 (current_events.rules)
  2839358 - ETPRO CURRENT_EVENTS Successful Facebook Messenger Phish
2019-11-11 (current_events.rules)
  2839359 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish
2019-11-11 (current_events.rules)
  2839360 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2019-11-11
(current_events.rules)
  2839361 - ETPRO TROJAN Buran Ransomware Activity M3 (trojan.rules)
  2839379 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839380 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839381 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839382 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839383 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish
2019-11-12 (current_events.rules)
  2839385 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-12 (current_events.rules)
  2839386 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-11-12
(current_events.rules)
  2839387 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-12
(current_events.rules)
  2839388 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2019-11-12
(current_events.rules)
  2839389 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-12 (current_events.rules)
  2839390 - ETPRO CURRENT_EVENTS Successful Commbank Phish 2019-11-12
(current_events.rules)
  2839391 - ETPRO CURRENT_EVENTS Successful Instagram TK Phish
2019-11-12 (current_events.rules)
  2839394 - ETPRO TROJAN MataFilesystem CnC Activity (trojan.rules)
  2839403 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-13 (current_events.rules)
  2839406 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-13 (current_events.rules)
  2839407 - ETPRO CURRENT_EVENTS Successful VDK Bank Phish 2019-11-13
(current_events.rules)
  2839408 - ETPRO CURRENT_EVENTS Successful Generic Administrator
Login Phish 2019-11-13 (current_events.rules)
  2839409 - ETPRO CURRENT_EVENTS Successful Trademe NZ Phish
2019-11-13 (current_events.rules)
  2839410 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-11-13 (current_events.rules)
  2839411 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2019-11-13 (current_events.rules)
  2839412 - ETPRO CURRENT_EVENTS Successful Apple ID Phish 2019-11-13
(current_events.rules)
  2839413 - ETPRO CURRENT_EVENTS Successful Excel Online Phish
2019-11-13 (current_events.rules)
  2839414 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-11-13
(current_events.rules)
  2839415 - ETPRO CURRENT_EVENTS Successful Hawaii National Bank Phish
2019-11-13 (current_events.rules)
  2839416 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-13
(current_events.rules)
  2839417 - ETPRO CURRENT_EVENTS Successful Spark Phish 2019-11-13
(current_events.rules)
  2839418 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-13
(current_events.rules)
  2839427 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish
2019-11-14 (current_events.rules)
  2839428 - ETPRO CURRENT_EVENTS Successful University of Iowa Phish
2019-11-14 (current_events.rules)
  2839429 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-14
(current_events.rules)
  2839430 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-14
(current_events.rules)
  2839431 - ETPRO CURRENT_EVENTS Successful Desjardins Phish
2019-11-14 (current_events.rules)
  2839432 - ETPRO CURRENT_EVENTS Successful Desjardins Phish
2019-11-14 (current_events.rules)
  2839433 - ETPRO CURRENT_EVENTS Successful QNB Finansbank Phish
2019-11-14 (current_events.rules)
  2839434 - ETPRO CURRENT_EVENTS Successful Skype Phish 2019-11-14
(current_events.rules)
  2839438 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.19 Checkin
(mobile_malware.rules)
  2839447 - ETPRO TROJAN SSL/TLS Certificate Observed (Fallout EK)
(trojan.rules)
  2839448 - ETPRO CURRENT_EVENTS Fallout EK JS Landing (current_events.rules)
  2839450 - ETPRO CURRENT_EVENTS Fallout EK Powershell (current_events.rules)
  2839451 - ETPRO CURRENT_EVENTS Fallout EK Payload (current_events.rules)
  2839452 - ETPRO CURRENT_EVENTS Spelevo EK Landing 2019-11-15
(current_events.rules)
  2839453 - ETPRO TROJAN Mirai Variant Exploit Scanner User-Agent
(Outbound) (trojan.rules)
  2839457 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-11-15 (current_events.rules)
  2839458 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2019-11-15
(current_events.rules)
  2839459 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
  2839460 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
  2839461 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-11-15
(current_events.rules)
  2839462 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2019-11-15
(current_events.rules)
  2839463 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-11-15
(current_events.rules)
  2839464 - ETPRO CURRENT_EVENTS Successful Update Personal
Information Phish 2019-11-15 (current_events.rules)
  2839471 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
  2839473 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
  2839475 - ETPRO CURRENT_EVENTS Successful Microsoft VoiceNote Phish
2019-11-18 (current_events.rules)
  2839476 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2019-11-18
(current_events.rules)
  2839477 - ETPRO CURRENT_EVENTS Successful Volksbank Phish 2019-11-18
(current_events.rules)
  2839478 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-11-18 (current_events.rules)
  2839479 - ETPRO CURRENT_EVENTS Successful My3 Phish 2019-11-18
(current_events.rules)
  2839480 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-18 (current_events.rules)
  2839481 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-18 (current_events.rules)
  2839495 - ETPRO TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
  2839505 - ETPRO CURRENT_EVENTS Successful Microsoft Onedrive Phish
2019-11-19 (current_events.rules)
  2839506 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-11-19 (current_events.rules)
  2839507 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2019-11-19
(current_events.rules)
  2839508 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2019-11-19 (current_events.rules)
  2839510 - ETPRO CURRENT_EVENTS Successful Generic Account Update
Phish 2019-11-19 (current_events.rules)
  2839511 - ETPRO CURRENT_EVENTS Successful Outlook Web Access Phish
2019-11-19 (current_events.rules)
  2839512 - ETPRO CURRENT_EVENTS Successful Charles Schwab Phish
2019-11-19 (current_events.rules)
  2839513 - ETPRO TROJAN Win32/Erjan Loader CnC Activity (trojan.rules)
  2839515 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839516 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839517 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839518 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839519 - ETPRO SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2839528 - ETPRO CURRENT_EVENTS Successful BCP Phish 2019-11-20
(current_events.rules)
  2839529 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2019-11-20 (current_events.rules)
  2839530 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20
(current_events.rules)
  2839531 - ETPRO CURRENT_EVENTS Successful ADP Phish 2019-11-20
(current_events.rules)
  2839532 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-11-20
(current_events.rules)
  2839550 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2839551 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2839552 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2839553 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
  2839554 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
  2839555 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules)
  2839556 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2839684 - ETPRO TROJAN Buer Loader Response (trojan.rules)
  2844483 - ETPRO TROJAN Bluedad Checkin Activity (trojan.rules)
  2845054 - ETPRO TROJAN MSIL/Spy.Agent.CYF Variant CnC Exfil (trojan.rules)

Date:
Summary title:
9 new OPEN, 25 new PRO (9 + 16). SolarSys, Remcos, MustangPanda, Various Exploits, Various Phish, Others.