[***] Summary: [***]
13 new OPEN, 41 new PRO (13 + 28). Bazaloader, Remcos, T-RAT, Various Others.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031072 - ET TROJAN Mustang Panda/RedDelta Activity (trojan.rules)
2031074 - ET TROJAN Win32/Kryptik.HGXH Variant Activity (trojan.rules)
2031075 - ET WEB_SERVER Generic File Upload Accessed on Internal
Compromised Server (web_server.rules)
2031076 - ET WEB_CLIENT Generic File Upload Accessed on External
Compromised Server (web_client.rules)
2031077 - ET WEB_SERVER Generic Mailer Accessed on Internal
Compromised Server (web_server.rules)
2031078 - ET WEB_CLIENT Generic Mailer Accessed on External
Compromised Server (web_client.rules)
2031079 - ET WEB_SERVER Generic Mailer Accessed on Internal
Compromised Server (web_server.rules)
2031080 - ET WEB_CLIENT Generic Mailer Accessed on External
Compromised Server (web_client.rules)
2031081 - ET TROJAN Possible T-RAT Encrypted Zip Request (trojan.rules)
2031082 - ET MALWARE FLV/Youtube Downloader Install Activity (malware.rules)
2031083 - ET POLICY File Downloaded from Discord (policy.rules)
2031084 - ET TROJAN Bazaloader Variant Activity (trojan.rules)
2031085 - ET TROJAN Bazaloader Variant Activity (trojan.rules)
Pro:
2845081 - ETPRO MOBILE_MALWARE Android/Denglu Config Download
(mobile_malware.rules)
2845082 - ETPRO MOBILE_MALWARE Android/Hiddad.AJA DNS Lookup
(mobile_malware.rules)
2845083 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OJNF-2 Reporting
Location (mobile_malware.rules)
2845084 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Ahmyth.d Checkin
(mobile_malware.rules)
2845085 - ETPRO MOBILE_MALWARE Android.DownLoader.861 Checkin
(mobile_malware.rules)
2845086 - ETPRO TROJAN MalDoc Requesting Payload 2020-10-21 (trojan.rules)
2845087 - ETPRO TROJAN Observed Malicious Filename in
Content-Disposition Inbound (mimikatz) (trojan.rules)
2845088 - ETPRO TROJAN Observed Malicious Filename in
Content-Disposition Inbound (keylogger) (trojan.rules)
2845089 - ETPRO TROJAN Observed GET Request for mimikatz.exe (trojan.rules)
2845090 - ETPRO TROJAN Cobalt Strike Malleable C2 (Microsoft CDN
Profile) (trojan.rules)
2845091 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-22 1) (trojan.rules)
2845092 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-22 2) (trojan.rules)
2845093 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-10-22
(current_events.rules)
2845094 - ETPRO TROJAN Win32/Spy.Autoit.DD Variant CnC GeoIP Lookup
(trojan.rules)
2845095 - ETPRO TROJAN Win32/Spy.Autoit.DD Variant CnC Host Checkin
(trojan.rules)
2845096 - ETPRO TROJAN Win32/Spy.Autoit.DD Variant CnC Activity (trojan.rules)
2845097 - ETPRO CURRENT_EVENTS Successful Microsoft Office Encrypted
Document Phish 2020-10-22 (current_events.rules)
2845098 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-10-22
(current_events.rules)
2845099 - ETPRO CURRENT_EVENTS Successful Tangerine Phish 2020-10-22
(current_events.rules)
2845100 - ETPRO TROJAN T-RAT Checkin via Telegram (trojan.rules)
2845101 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FGQ Variant CnC
Activity (trojan.rules)
2845102 - ETPRO TROJAN Win32/Remcos RAT Checkin 575 (trojan.rules)
2845103 - ETPRO TROJAN Win32/Remcos RAT Checkin 576 (trojan.rules)
2845104 - ETPRO TROJAN Win32/Remcos RAT Checkin 577 (trojan.rules)
2845105 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2845106 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2845107 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2845108 - ETPRO CURRENT_EVENTS Sucessful Generic Credential Phish
2020-10-22 (current_events.rules)
[///] Modified active rules: [///]
2026039 - ET MOBILE_MALWARE [PTsecurity] Spyware.BondPath
(PathCall/Dingwe) Check-in (mobile_malware.rules)
2030878 - ET TROJAN MassLogger Client Exfil (POST) M3 (trojan.rules)
2839557 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2839558 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2839559 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
2845024 - ETPRO INFO Unusually Long ydns DynDNS Domain (info.rules)
2845047 - ETPRO TROJAN Win32/Delf.BLT Variant CnC Activity (trojan.rules)
[---] Disabled rules: [---]
2805914 - ETPRO TROJAN TrojanDownloader.Win32/Pluzoks.A CnC response
(trojan.rules)
[---] Removed rules: [---]
2031072 - ET MALWARE Mustang Panda/RedDelta Activity (malware.rules)
2031074 - ET MALWARE Win32/Kryptik.HGXH Variant Activity (malware.rules)