Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/10/26

[***]            Summary:            [***]

23 new OPEN, 52 new PRO (23 + 29).  Magecart Domains, Amarula, Cobalt Strike, Various Phishing, Suri5 Updates.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031097 - ET CURRENT_EVENTS Generic Custom Logo Phishing Landing
(current_events.rules)
  2031098 - ET CURRENT_EVENTS Generic Custom Logo Phishing Landing
(current_events.rules)
  2031099 - ET CURRENT_EVENTS Generic Custom Logo Phishing Landing
(current_events.rules)
  2031100 - ET CURRENT_EVENTS Multibank Captcha Phishing Landing
(current_events.rules)
  2031101 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031102 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031103 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031104 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031105 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031106 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031107 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031108 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031109 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031110 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031111 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031112 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031113 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2031114 - ET EXPLOIT Ruckus vRIoT Command Injection Attempt Inbound
(CVE-2020-26878) (exploit.rules)
  2031115 - ET EXPLOIT Ruckus vRIoT Authentication Bypass Attempt Inbound
(CVE-2020-26879) (exploit.rules)
  2031116 - ET MALWARE Win32/Adware.BrowSecX.AB Install Log Sent
(malware.rules)
  2031117 - ET TROJAN Amarula IRC Botnet Connection Request (trojan.rules)
  2031118 - ET TROJAN Terse Upload to Free Image Hosting Provider (uploads
.im) - Likely Malware (trojan.rules)

Pro:

  2845138 - ETPRO TROJAN Cobalt Strike Malleable C2 (Pingan Profile)
(trojan.rules)
  2845139 - ETPRO TROJAN Cobalt Strike Malleable C2 (Unknown Profile)
(trojan.rules)
  2845140 - ETPRO TROJAN MalDoc Retrieving Payload 2020-10-26 (trojan.rules)
  2845141 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2845142 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2845143 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-24 1) (trojan.rules)
  2845144 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-24 2) (trojan.rules)
  2845145 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-24 3) (trojan.rules)
  2845146 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-10-26 (current_events.rules)
  2845147 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-10-26
(current_events.rules)
  2845148 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-26 (current_events.rules)
  2845149 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-26 (current_events.rules)
  2845150 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-10-26
(current_events.rules)
  2845151 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2020-10-26
(current_events.rules)
  2845152 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-10-26
(current_events.rules)
  2845153 - ETPRO CURRENT_EVENTS Successful Boursorama Banque Phish
2020-10-26 (current_events.rules)
  2845154 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-10-26
(current_events.rules)
  2845155 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-10-26
(current_events.rules)
  2845156 - ETPRO CURRENT_EVENTS Successful BMO Phish 2020-10-26
(current_events.rules)
  2845157 - ETPRO CURRENT_EVENTS Successful Instagram 000webhost Hosted
Phish 2020-10-26 (current_events.rules)
  2845158 - ETPRO MOBILE_MALWARE Android/Treco Checkin
(mobile_malware.rules)
  2845159 - ETPRO MOBILE_MALWARE Android/Dropado Checkin
(mobile_malware.rules)
  2845160 - ETPRO MOBILE_MALWARE Android/Spy.Banker.ARV Checkin
(mobile_malware.rules)
  2845161 - ETPRO MOBILE_MALWARE Android/Spy.Banker.ARV Checkin 2
(mobile_malware.rules)
  2845162 - ETPRO MOBILE_MALWARE Android/Spy.Banker.ARV CnC Beacon
(mobile_malware.rules)
  2845163 - ETPRO TROJAN Python/PSW.Agent.CA CnC Activity (trojan.rules)
  2845164 - ETPRO TROJAN Win32/Remcos RAT Checkin 578 (trojan.rules)
  2845165 - ETPRO CURRENT_EVENTS Successful UniCredit Bank Phish 2020-10-26
(current_events.rules)
  2845166 - ETPRO CURRENT_EVENTS Successful LiberBank Phish 2020-10-26
(current_events.rules)

[///]     Modified active rules:     [///]

  2007854 - ET MALWARE User-Agent (Mozilla) - Possible Spyware Related
(malware.rules)
  2024991 - ET TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
  2028639 - ET TROJAN DNSChanger CnC Domain in DNS Lookup (trojan.rules)
  2028967 - ET TROJAN Possible Gamaredon HEAD Request for .dot file on
ddns.net (trojan.rules)
  2029092 - ET TROJAN TickGroup BROLER.F CnC Check-in (trojan.rules)
  2029093 - ET TROJAN TickGroup ABK Backdoor CnC Check-in (trojan.rules)
  2029094 - ET TROJAN Possible TickGroup Snack CnC Activity (trojan.rules)
  2029095 - ET TROJAN Possible TickGroup Coolbee/Avenger CnC Activity
(trojan.rules)
  2029096 - ET TROJAN Possible TickGroup Casper CnC Activity (trojan.rules)
  2029100 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029102 - ET TROJAN Observed Malicious SSL Cert (MageCart) (trojan.rules)
  2029108 - ET TROJAN SSL/TLS Certificate Observed (Get2 CnC) (trojan.rules)
  2029114 - ET TROJAN Possible APT38 CnC Domain Observed in DNS Query
(trojan.rules)
  2029115 - ET TROJAN Possible APT38 CnC Domain Observed in DNS Query
(trojan.rules)
  2029116 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029117 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029118 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029119 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029120 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029121 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029122 - ET WEB_CLIENT BottleEK Landing (web_client.rules)
  2029123 - ET WEB_CLIENT BottleEK Plugin Check JS (web_client.rules)
  2029124 - ET CURRENT_EVENTS BottleEK Plugin Check Response
(current_events.rules)
  2029125 - ET WEB_CLIENT Suspicious VBS Encoding Observed in BottleEK
(web_client.rules)
  2029126 - ET WEB_CLIENT BottleEK Payload Request (web_client.rules)
  2029127 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-12-12
(current_events.rules)
  2029128 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029130 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029131 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029132 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029133 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029134 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029135 - ET TROJAN [401TRG] Malicious SSL Cert (Dreambot CnC)
(trojan.rules)
  2029151 - ET TROJAN Observed DNS Query for APT40 Possible DADSTACHE CnC
Domain (trojan.rules)
  2029152 - ET EXPLOIT Yachtcontrol Webservers RCE CVE-2019-17270
(Outbound) (exploit.rules)
  2029153 - ET EXPLOIT Yachtcontrol Webservers RCE CVE-2019-17270 (Inbound)
(exploit.rules)
  2029154 - ET EXPLOIT Technicolor TD5130v2/TD5336 Router RCE
CVE-2019-118396/CVE-2017-14127 (Outbound) (exploit.rules)
  2029155 - ET EXPLOIT Technicolor TD5130v2/TD5336 Router RCE
CVE-2019-118396/CVE-2017-14127 (Inbound) (exploit.rules)
  2029156 - ET EXPLOIT Possible AVCON6 Video Conferencing System RCE
(Outbound) (exploit.rules)
  2029157 - ET EXPLOIT Possible AVCON6 Video Conferencing System RCE
(Inbound) (exploit.rules)
  2029158 - ET EXPLOIT Enigma Network Management Systems v65.0.0
CVE-2019-16072 (Outbound) (exploit.rules)
  2029159 - ET EXPLOIT Enigma Network Management Systems v65.0.0
CVE-2019-16072 (Inbound) (exploit.rules)
  2029160 - ET EXPLOIT Possible Sar2HTML plotting tool for Linux servers
v3.2.1 (Outbound) (exploit.rules)
  2029161 - ET EXPLOIT Possible Sar2HTML plotting tool for Linux servers
v3.2.1 (Inbound) (exploit.rules)
  2029162 - ET EXPLOIT NetGain Systems Enterprise Manager CVE-2017-16602
(Outbound) (exploit.rules)
  2029163 - ET EXPLOIT NetGain Systems Enterprise Manager CVE-2017-16602
(Inbound) (exploit.rules)
  2029164 - ET EXPLOIT Citrix NetScaler SD-WAN 9.1.2.26.561201 Devices
CVE-2017-6316 (Outbound) (exploit.rules)
  2029165 - ET EXPLOIT Citrix NetScaler SD-WAN 9.1.2.26.561201 Devices
CVE-2017-6316 (Inbound) (exploit.rules)
  2029166 - ET EXPLOIT Thomson Reuters Velocity Analytics Vhayu Analytic
Servers 6.94 build 2995 CVE-2013-5912 (Outbound) (exploit.rules)
  2029167 - ET EXPLOIT Thomson Reuters Velocity Analytics Vhayu Analytic
Servers 6.94 build 2995 CVE-2013-5912 (Inbound) (exploit.rules)
  2029168 - ET EXPLOIT ACTi ASOC 2200 Web Configurators versions <2.6 RCE
(Outbound) (exploit.rules)
  2029169 - ET EXPLOIT ACTi ASOC 2200 Web Configurators versions <2.6 RCE
(Inbound) (exploit.rules)
  2029170 - ET EXPLOIT 3Com Office Connect Remote Code Execution (Outbound)
(exploit.rules)
  2029171 - ET EXPLOIT 3Com Office Connect Remote Code Execution (Inbound)
(exploit.rules)
  2029172 - ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000
(Outbound) (exploit.rules)
  2029173 - ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000
(Inbound) (exploit.rules)
  2029174 - ET EXPLOIT CCBill Online Payment Systems RCE (Outbound)
(exploit.rules)
  2029175 - ET EXPLOIT CCBill Online Payment Systems RCE (Inbound)
(exploit.rules)
  2029191 - ET ACTIVEX Suspicious TLS SNI Request for Root (activex.rules)
  2029198 - ET POLICY Suspicious ToTok Mobile Application DNS Request
(policy.rules)
  2029199 - ET POLICY Suspicious ToTok Mobile Application TLS Request
(policy.rules)
  2029203 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029204 - ET TROJAN Observed Magecart CnC Domain in TLS SNI (trojan.rules)
  2029205 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029682 - ET CURRENT_EVENTS Successful Apple Phish 2019-12-18
(current_events.rules)
  2029707 - ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain
M1 (info.rules)
  2822492 - ETPRO CURRENT_EVENTS Successful Dynamic Folder Phish Oct 07
2016 (current_events.rules)
  2827952 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2017-10-14
(current_events.rules)
  2829849 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d Checkin
(mobile_malware.rules)
  2832577 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules)
  2833021 - ETPRO CURRENT_EVENTS Possible Malicious Second Stage Download
with Terse Headers (set) (current_events.rules)
  2833514 - ETPRO TROJAN Win32/TinyNuke CnC Checkin M2 (trojan.rules)
  2838228 - ETPRO CURRENT_EVENTS Successful Suntrust Phish 2019-08-29
(current_events.rules)
  2839153 - ETPRO POLICY Suspicious Double Accept HTTP Header Value
(policy.rules)
  2839719 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-03 (current_events.rules)
  2839720 - ETPRO CURRENT_EVENTS Successful WeChat Phish 2019-12-03
(current_events.rules)
  2839721 - ETPRO CURRENT_EVENTS Successful WeChat Phish 2019-12-03
(current_events.rules)
  2839722 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-03 (current_events.rules)
  2839725 - ETPRO MOBILE_MALWARE Android/Hiddad.AHN Checkin
(mobile_malware.rules)
  2839726 - ETPRO MOBILE_MALWARE Riskware.Android.Irajah Reporting Device
Info/App list (mobile_malware.rules)
  2839727 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ASR Contact/Device Info
Exfil (mobile_malware.rules)
  2839728 - ETPRO MOBILE_MALWARE Android/Datacollector.A CnC Beacon
(mobile_malware.rules)
  2839729 - ETPRO MOBILE_MALWARE Riskware.Android.Gexin.fivxlh Reporting
Device Info (mobile_malware.rules)
  2839730 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.LZUS-5 CnC Beacon
(mobile_malware.rules)
  2839736 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-04 (current_events.rules)
  2839737 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-04
(current_events.rules)
  2839738 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-04
(current_events.rules)
  2839739 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-12-04
(current_events.rules)
  2839740 - ETPRO CURRENT_EVENTS Successful Adobe Secured PDF Phish
2019-12-04 (current_events.rules)
  2839741 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-12-04
(current_events.rules)
  2839742 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-04
(current_events.rules)
  2839743 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-04 (current_events.rules)
  2839744 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish
2019-12-04 (current_events.rules)
  2839751 - ETPRO MOBILE_MALWARE AndroidOS/SMForw.AA Contacts Exfil
(mobile_malware.rules)
  2839752 - ETPRO MOBILE_MALWARE Android/Clicker.b1eb9847 CnC Beacon
(mobile_malware.rules)
  2839753 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.RLGK-5 Reporting Device
Info (mobile_malware.rules)
  2839754 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.WS Checkin
(mobile_malware.rules)
  2839756 - ETPRO TROJAN SSL/TLS Certificate Observed (APT32) (trojan.rules)
  2839757 - ETPRO CURRENT_EVENTS Successful Shaw Webmail Phish 2019-12-05
(current_events.rules)
  2839758 - ETPRO CURRENT_EVENTS Successful Citibank Phish 2019-12-05
(current_events.rules)
  2839759 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2019-12-05
(current_events.rules)
  2839760 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-05 (current_events.rules)
  2839761 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-05
(current_events.rules)
  2839762 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-12-05
(current_events.rules)
  2839764 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-05 (current_events.rules)
  2839765 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-05 (current_events.rules)
  2839766 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-05
(current_events.rules)
  2839767 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-05 (current_events.rules)
  2839772 - ETPRO CURRENT_EVENTS Successful Paypal Manager Phish 2019-12-06
(current_events.rules)
  2839773 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-06
(current_events.rules)
  2839774 - ETPRO CURRENT_EVENTS Successful AOL Phish 2019-12-06
(current_events.rules)
  2839775 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2019-12-06
(current_events.rules)
  2839776 - ETPRO CURRENT_EVENTS Successful Generic Email Account Update
Phish 2019-12-06 (current_events.rules)
  2839777 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-06 (current_events.rules)
  2839778 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-06
(current_events.rules)
  2839779 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2839797 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-09 (current_events.rules)
  2839798 - ETPRO CURRENT_EVENTS Successful Paylocity Phish 2019-12-09
(current_events.rules)
  2839799 - ETPRO CURRENT_EVENTS Successful Paylocity Phish 2019-12-09
(current_events.rules)
  2839800 - ETPRO INFO Suspicious Obfuscated Executable Downloaded from
Paste.ee (info.rules)
  2839801 - ETPRO INFO Suspicious Powershell Downloaded from Paste.ee
(info.rules)
  2839802 - ETPRO TROJAN Win32/Snojan Variant CnC Checkin (trojan.rules)
  2839803 - ETPRO CURRENT_EVENTS Successful PKO Bank PL Phish 2019-12-09
(current_events.rules)
  2839804 - ETPRO CURRENT_EVENTS Successful Gov TR TK Phish 2019-12-09
(current_events.rules)
  2839805 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-09
(current_events.rules)
  2839806 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-09 (current_events.rules)
  2839807 - ETPRO CURRENT_EVENTS Successful Rakuten Phish 2019-12-09
(current_events.rules)
  2839808 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-12-09
(current_events.rules)
  2839809 - ETPRO CURRENT_EVENTS Successful Americanas Phish 2019-12-09
(current_events.rules)
  2839810 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-09 (current_events.rules)
  2839811 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2019-12-09 (current_events.rules)
  2839812 - ETPRO CURRENT_EVENTS Successful Amazon Seller Central Phish
2019-12-09 (current_events.rules)
  2839813 - ETPRO CURRENT_EVENTS Successful Amazon Seller Central OTP Phish
2019-12-09 (current_events.rules)
  2839814 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2839822 - ETPRO CURRENT_EVENTS Successful Swedbank Phish 2019-12-10
(current_events.rules)
  2839831 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-10 (current_events.rules)
  2839832 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-10
(current_events.rules)
  2839833 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10
(current_events.rules)
  2839834 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10
(current_events.rules)
  2839835 - ETPRO CURRENT_EVENTS Successful NAB Phish 2019-12-10
(current_events.rules)
  2839836 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839837 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839838 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839839 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839840 - ETPRO TROJAN Generic Downloader Activity with Suspicious
User-Agent (64) (trojan.rules)
  2839841 - ETPRO TROJAN Generic Downloader Activity with Suspicious
User-Agent (32) (trojan.rules)
  2839842 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2839843 - ETPRO TROJAN Observed Malicious SSL Cert (Snowbot CnC)
(trojan.rules)
  2839857 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-11
(current_events.rules)
  2839858 - ETPRO CURRENT_EVENTS Successful Ebay Phish 2019-12-11
(current_events.rules)
  2839859 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-11
(current_events.rules)
  2839860 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-11
(current_events.rules)
  2839861 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-12-11
(current_events.rules)
  2839862 - ETPRO CURRENT_EVENTS Successful Davivienda Phish 2019-12-11
(current_events.rules)
  2839863 - ETPRO CURRENT_EVENTS Successful Generic Voicemail Phish
2019-12-11 (current_events.rules)
  2839864 - ETPRO CURRENT_EVENTS Successful Generic Voicemail Phish
2019-12-11 (current_events.rules)
  2839865 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-11
(current_events.rules)
  2839866 - ETPRO CURRENT_EVENTS Successful Snapchat Phish 2019-12-11
(current_events.rules)
  2839867 - ETPRO CURRENT_EVENTS Successful My3  Phish 2019-12-11
(current_events.rules)
  2839868 - ETPRO CURRENT_EVENTS Successful My3 Phish 2019-12-11
(current_events.rules)
  2839869 - ETPRO CURRENT_EVENTS Successful Generic Multi-Email Phish
2019-12-11 (current_events.rules)
  2839870 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-12-11
(current_events.rules)
  2839871 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-11
(current_events.rules)
  2839872 - ETPRO CURRENT_EVENTS Successful Clydesdale Bank Phish
2019-12-11 (current_events.rules)
  2839880 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (eaebe)
(current_events.rules)
  2839884 - ETPRO CURRENT_EVENTS Successful Apple iCloud Phish 2019-12-12
(current_events.rules)
  2839887 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-12 (current_events.rules)
  2839888 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-12-12
(current_events.rules)
  2839889 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-12
(current_events.rules)
  2839890 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-12
(current_events.rules)
  2839891 - ETPRO CURRENT_EVENTS Successful Mobile DE Phish 2019-12-12
(current_events.rules)
  2839892 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-12
(current_events.rules)
  2839896 - ETPRO TROJAN Possible Temp.Trident APT DNS Lookup Observed
(trojan.rules)
  2839897 - ETPRO TROJAN Possible Temp.Trident APT DNS Lookup Observed
(trojan.rules)
  2839898 - ETPRO TROJAN Possible Temp.Trident APT DNS Lookup Observed
(trojan.rules)
  2839901 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-13
(current_events.rules)
  2839902 - ETPRO CURRENT_EVENTS Successful Generic Charles Schwab Phish
2019-12-13 (current_events.rules)
  2839903 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-12-13
(current_events.rules)
  2839904 - ETPRO CURRENT_EVENTS Successful Santander Phish 2019-12-13
(current_events.rules)
  2839905 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-13
(current_events.rules)
  2839906 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-13
(current_events.rules)
  2839907 - ETPRO CURRENT_EVENTS Successful Twitter Phish 2019-12-13
(current_events.rules)
  2839908 - ETPRO CURRENT_EVENTS Successful NatWest Phish 2019-12-13
(current_events.rules)
  2839909 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-13 (current_events.rules)
  2839910 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-13 (current_events.rules)
  2839911 - ETPRO CURRENT_EVENTS Successful Rackspace Phish 2019-12-13
(current_events.rules)
  2839912 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-13
(current_events.rules)
  2839913 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-13
(current_events.rules)
  2839914 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-13
(current_events.rules)
  2839915 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-13
(current_events.rules)
  2839916 - ETPRO CURRENT_EVENTS Successful Credicard Phish 2019-12-13
(current_events.rules)
  2839917 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.ZUGE-6 Checkin
(mobile_malware.rules)
  2839918 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt
(1001frivjuegos .info in TLS SNI) (mobile_malware.rules)
  2839919 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt (owbe .com in
TLS SNI) (mobile_malware.rules)
  2839920 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.snt
(dailymahjonggames .com in TLS SNI) (mobile_malware.rules)
  2839930 - ETPRO CURRENT_EVENTS Successful Generic Fix Email Account Phish
2019-12-16 (current_events.rules)
  2839931 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-16 (current_events.rules)
  2839932 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-16
(current_events.rules)
  2839933 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-16 (current_events.rules)
  2839934 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-16 (current_events.rules)
  2839935 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-16 (current_events.rules)
  2839936 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-16
(current_events.rules)
  2839937 - ETPRO CURRENT_EVENTS Successful Western Union Phish 2019-12-16
(current_events.rules)
  2839939 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839940 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839941 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839942 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839943 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839944 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839945 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2839946 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2839947 - ETPRO TROJAN Cliper Stealer UA (trojan.rules)
  2839948 - ETPRO TROJAN Win32/Agima.o CnC Activity (trojan.rules)
  2839959 - ETPRO CURRENT_EVENTS Successful Swedbank Phish 2019-12-17
(current_events.rules)
  2839960 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-17 (current_events.rules)
  2839961 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-17 (current_events.rules)
  2839962 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-17 (current_events.rules)
  2839963 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-17
(current_events.rules)
  2839964 - ETPRO CURRENT_EVENTS Successful Mobile DE Phish 2019-12-17
(current_events.rules)
  2839965 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-17 (current_events.rules)
  2839966 - ETPRO CURRENT_EVENTS Successful Visa Phish 2019-12-17
(current_events.rules)
  2839967 - ETPRO CURRENT_EVENTS Successful Visa Phish 2019-12-17
(current_events.rules)
  2839968 - ETPRO CURRENT_EVENTS Successful Dash Cryptocurrency Bank
Information Phish 2019-12-17 (current_events.rules)
  2839969 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Phish
2019-12-17 (current_events.rules)
  2839985 - ETPRO CURRENT_EVENTS Successful SF Express CN Phish 2019-12-18
(current_events.rules)
  2839986 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-12-18
(current_events.rules)
  2839987 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-18
(current_events.rules)
  2839988 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-18
(current_events.rules)
  2839989 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2019-12-18
(current_events.rules)
  2839990 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-18
(current_events.rules)
  2839991 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2019-12-18 (current_events.rules)
  2839992 - ETPRO CURRENT_EVENTS Successful Square Phish 2019-12-18
(current_events.rules)
  2839994 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-18 (current_events.rules)
  2839995 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-18
(current_events.rules)
  2839996 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-12-18
(current_events.rules)
  2839997 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2019-12-18
(current_events.rules)
  2839998 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2019-12-18
(current_events.rules)
  2839999 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-18
(current_events.rules)
  2840000 - ETPRO TROJAN DiamondFox HTTP POSTing JPEG M2 (trojan.rules)
  2840001 - ETPRO TROJAN DiamondFox HTTP POSTing PW (trojan.rules)
  2840002 - ETPRO TROJAN DiamondFox HTTP GET CnC Activity (trojan.rules)
  2840006 - ETPRO MOBILE_MALWARE Android/Hiddad.AIX CnC Beacon
(mobile_malware.rules)
  2840009 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19
(current_events.rules)
  2840011 - ETPRO CURRENT_EVENTS Successful Spotify Phish 2019-12-19
(current_events.rules)
  2840012 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-19
(current_events.rules)
  2840013 - ETPRO CURRENT_EVENTS Successful KBC Bank Phish 2019-12-19
(current_events.rules)
  2840015 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-19
(current_events.rules)
  2840016 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-12-19
(current_events.rules)
  2840017 - ETPRO TROJAN Powershell.WC CnC Initial Checkin (trojan.rules)
  2840018 - ETPRO TROJAN Powershell.WC CnC - Heartbeat (trojan.rules)
  2840019 - ETPRO TROJAN Powershell.WC CnC - Report (trojan.rules)
  2840020 - ETPRO TROJAN Powershell.WC CnC - Upload (trojan.rules)
  2840021 - ETPRO TROJAN Powershell.WC CnC Activity (trojan.rules)
  2840022 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840023 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840035 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish
2019-12-20 (current_events.rules)
  2840036 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-20
(current_events.rules)
  2840037 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-20
(current_events.rules)
  2840038 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-12-20
(current_events.rules)
  2840039 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-12-20
(current_events.rules)
  2840040 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-20
(current_events.rules)
  2840041 - ETPRO TROJAN RuntimeB CnC Initial Checkin (trojan.rules)
  2840042 - ETPRO TROJAN RuntimeB CnC Heartbeat (trojan.rules)
  2840047 - ETPRO INFO Possible OAuth Redirect Observed (info.rules)
  2840048 - ETPRO INFO Possible OAuth Redirect Observed (info.rules)
  2840049 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23
(current_events.rules)
  2840050 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23
(current_events.rules)
  2840051 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
2019-12-23 (current_events.rules)
  2840052 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
2019-12-23 (current_events.rules)
  2840053 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-23 (current_events.rules)
  2840054 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23
(current_events.rules)
  2840055 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23
(current_events.rules)
  2840056 - ETPRO CURRENT_EVENTS Successful Sina Webmail CN Phish
2019-12-23 (current_events.rules)
  2840057 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-23
(current_events.rules)
  2840058 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2019-12-23
(current_events.rules)
  2840059 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23
(current_events.rules)
  2840060 - ETPRO TROJAN Zloader Inject SSL/TLS Certificate Observed
(trojan.rules)
  2840061 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-12-23
(current_events.rules)
  2840062 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-12-23
(current_events.rules)
  2840063 - ETPRO POLICY Lotus Blue OAuth Activity (policy.rules)
  2840064 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2019-12-23
(current_events.rules)
  2840065 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-23
(current_events.rules)
  2840066 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-23
(current_events.rules)
  2840067 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-12-23
(current_events.rules)
  2840068 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-23 (current_events.rules)
  2840069 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-23 (current_events.rules)
  2840070 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2019-12-23 (current_events.rules)
  2840071 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-23 (current_events.rules)
  2840074 - ETPRO TROJAN DarkRATv2 CnC Checkin (trojan.rules)
  2840075 - ETPRO TROJAN DarkRATv2 CnC Heartbeat (trojan.rules)
  2840076 - ETPRO TROJAN DarkRATv2 CnC Heartbeat Response (trojan.rules)
  2840077 - ETPRO TROJAN Win32/Downloader.Agent.EWB Variant Checkin
(trojan.rules)
  2840087 - ETPRO TROJAN Win32/Sisproc CnC Activity (trojan.rules)
  2840088 - ETPRO TROJAN Ursu Variant CnC Initial Checkin (trojan.rules)
  2840089 - ETPRO TROJAN Ursu Variant CnC Activity M1 (trojan.rules)
  2840090 - ETPRO TROJAN Ursu Variant CnC Activity M2 (trojan.rules)
  2840091 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-26
(current_events.rules)
  2840092 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-26
(current_events.rules)
  2840093 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-12-26
(current_events.rules)
  2840094 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish
2019-12-26 (current_events.rules)
  2840095 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-12-26
(current_events.rules)
  2840096 - ETPRO CURRENT_EVENTS Successful PNC Phish 2019-12-26
(current_events.rules)
  2840097 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840098 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-26
(current_events.rules)
  2840099 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-12-26
(current_events.rules)
  2840100 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-26
(current_events.rules)
  2840102 - ETPRO CURRENT_EVENTS Successful Ratuken Phish 2019-12-26
(current_events.rules)
  2840103 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2019-12-26
(current_events.rules)
  2840104 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-26
(current_events.rules)
  2840105 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-26
(current_events.rules)
  2840106 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840107 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840108 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840109 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840110 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840111 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840112 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-26 (current_events.rules)
  2840118 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (9a206)
(web_client.rules)
  2840119 - ETPRO CURRENT_EVENTS Successful Aruba IT Phish 2019-12-27
(current_events.rules)
  2840120 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840121 - ETPRO CURRENT_EVENTS Successful Google Phish 2019-12-27
(current_events.rules)
  2840122 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-12-27 (current_events.rules)
  2840123 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-12-27 (current_events.rules)
  2840124 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2019-12-27 (current_events.rules)
  2840125 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-27
(current_events.rules)
  2840126 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840127 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840128 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-27 (current_events.rules)
  2840129 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2019-12-27
(current_events.rules)
  2840130 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2019-12-27
(current_events.rules)
  2840131 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-27
(current_events.rules)
  2840132 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-27
(current_events.rules)
  2840133 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840134 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-27
(current_events.rules)
  2840135 - ETPRO CURRENT_EVENTS Successful Microsoft Live Account Phish
2019-12-27 (current_events.rules)
  2840148 - ETPRO TROJAN Win32/Namoo CnC Initial Host Checkin (trojan.rules)
  2845089 - ETPRO TROJAN Observed GET Request for mimikatz.exe
(trojan.rules)

[---]  Disabled and modified rules:  [---]

  2832188 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2018-08-15 M1
(current_events.rules)
  2834951 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-02-20
(current_events.rules)

Date:
Summary title:
23 new OPEN, 52 new PRO (23 + 29). Magecart Domains, Amarula, Cobalt Strike, Various Phishing, Suri5 Updates.