[***]            Summary:            [***]

7 new OPEN, 44 new PRO (7 + 37).  Trojan-Banker.AndroidOS.Agent.eq, MSIL/Ensky Checkin, Kimsuky KGH Malware and VARIOUS PHISHING
  
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031166 - ET CURRENT_EVENTS Cloned IRS Page - Possible Phishing Landing
(current_events.rules)
  2031167 - ET USER_AGENTS Suspicious HttpSocket User-Agent Observed
(user_agents.rules)
  2031168 - ET TROJAN Kimsuky KGH Malware Suite Checkin M1 (trojan.rules)
  2031169 - ET TROJAN Kimsuky KGH Malware Suite Checkin M2 (trojan.rules)
  2031170 - ET TROJAN Kimsuky KGH Backdoor Secondary Payload Download
Request (trojan.rules)
  2031171 - ET TROJAN Kimsuky CSPY Downloader Activity (trojan.rules)
  2031172 - ET TROJAN Kimsuky KGH Backdoor CnC Activity (trojan.rules)

Pro:

  2845285 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.va Checkin
(mobile_malware.rules)
  2845286 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.QX Checkin
(mobile_malware.rules)
  2845287 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.eq Checkin -
SET (mobile_malware.rules)
  2845288 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.eq Checkin
(mobile_malware.rules)
  2845289 - ETPRO TROJAN MSIL/Ensky Checkin (trojan.rules)
  2845290 - ETPRO TROJAN Win32/Nitol Variant DDoS Bot Requesting Target
(trojan.rules)
  2845291 - ETPRO POLICY HTTP Request for named PuTTY SCP Client exe
(policy.rules)
  2845292 - ETPRO POLICY HTTP Request for named PuTTY SSH Auth Agent exe
(policy.rules)
  2845293 - ETPRO POLICY HTTP Request for named PuTTY exe (policy.rules)
  2845294 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-11-03 (current_events.rules)
  2845295 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 1) (trojan.rules)
  2845296 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 2) (trojan.rules)
  2845297 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 3) (trojan.rules)
  2845298 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 4) (trojan.rules)
  2845299 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 5) (trojan.rules)
  2845300 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 6) (trojan.rules)
  2845301 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 7) (trojan.rules)
  2845302 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 8) (trojan.rules)
  2845303 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-03 9) (trojan.rules)
  2845304 - ETPRO CURRENT_EVENTS Successful Telekom/Tmobile Phish 2020-11-03
(current_events.rules)
  2845305 - ETPRO CURRENT_EVENTS Successful BRED Banque Populaire Phish
2020-11-03 (current_events.rules)
  2845306 - ETPRO CURRENT_EVENTS Successful Orange Phish 2020-11-03
(current_events.rules)
  2845307 - ETPRO CURRENT_EVENTS Successful Banco Popular Internet Banking
Phish 2020-11-03 (current_events.rules)
  2845308 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-11-03
(current_events.rules)
  2845309 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-11-03 (current_events.rules)
  2845310 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-11-03
(current_events.rules)
  2845311 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-11-03
(current_events.rules)
  2845312 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-11-03
(current_events.rules)
  2845313 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2020-11-03
(current_events.rules)
  2845314 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-11-03
(current_events.rules)
  2845315 - ETPRO TROJAN Win32/Agent.empi Rootkit CnC Host Checkin
(trojan.rules)
  2845316 - ETPRO TROJAN Win32/Agent.empi Rootkit CnC Activity
(trojan.rules)
  2845317 - ETPRO TROJAN Win32/Remcos RAT Checkin 589 (trojan.rules)
  2845318 - ETPRO TROJAN Win32/Remcos RAT Checkin 590 (trojan.rules)
  2845319 - ETPRO TROJAN Win32/Remcos RAT Checkin 591 (trojan.rules)
  2845320 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2845321 - ETPRO INFO Google Script URI Usage (info.rules)

[///]     Modified active rules:     [///]

  2017313 - ET TROJAN China Chopper Command Struct (trojan.rules)
  2018358 - ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser
1 (info.rules)
  2019129 - ET TROJAN Backdoor.Win32/Dervec.gen Connectivity Check to Google
(trojan.rules)
  2019141 - ET TROJAN Zbot POST Request to C2 (trojan.rules)
  2019168 - ET TROJAN Tinba Checkin (trojan.rules)
  2019749 - ET WEB_SERVER FOX-SRT - Backdoor - CryptoPHP Shell C2 POST
(fsockopen) (web_server.rules)
  2020064 - ET TROJAN Dridex Post Check-in Activity (trojan.rules)
  2021278 - ET TROJAN Backdoor.Elise CnC Beacon 3 M2 (trojan.rules)
  2021949 - ET SCAN abdullkarem Wordpress PHP Scanner (scan.rules)
  2022197 - ET TROJAN Ponmocup HTTP Request (generic) M1 (trojan.rules)
  2022198 - ET TROJAN Ponmocup HTTP Request (generic) M2 (trojan.rules)
  2022199 - ET TROJAN Ponmocup HTTP Request (generic) M3 (trojan.rules)
  2022200 - ET TROJAN Ponmocup HTTP Request (generic) M4 (trojan.rules)
  2022201 - ET TROJAN Ponmocup HTTP Request (generic) M5 (trojan.rules)
  2022202 - ET TROJAN Ponmocup HTTP Request (generic) M6 (trojan.rules)
  2022203 - ET TROJAN Ponmocup HTTP Request (generic) M7 (trojan.rules)
  2022204 - ET TROJAN Ponmocup HTTP Request (generic) M8 (trojan.rules)
  2022205 - ET TROJAN Ponmocup HTTP Request (generic) M9 (trojan.rules)
  2022260 - ET WEB_SERVER Possible Darkleech C2 (web_server.rules)
  2022679 - ET POLICY Possible Psiphon Proxy Tool traffic (policy.rules)
  2023334 - ET TROJAN Enigma Locker Checkin (trojan.rules)
  2023468 - ET EXPLOIT Unknown Router Remote DNS Change Attempt
(exploit.rules)
  2023479 - ET TROJAN Moose CnC Request M2 (trojan.rules)
  2023553 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin
(mobile_malware.rules)
  2023875 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-06
(trojan.rules)
  2024020 - ET CURRENT_EVENTS RIG EK URI Struct Feb 26 2017
(current_events.rules)
  2024036 - ET TROJAN WS/JS Downloader Mar 07 2017 M2 (trojan.rules)
  2024288 - ET TROJAN Jaff Ransomware Checkin (trojan.rules)
  2026007 - ET TROJAN [PTsecurity] MSIL/Biskvit.A Check-in (trojan.rules)
  2027405 - ET TROJAN Possible APT28 Xtunnel Activity (trojan.rules)
  2027808 - ET TROJAN Win32/Onliner Receiving Commands from CnC
(trojan.rules)
  2029556 - ET TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2029557 - ET TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2029558 - ET TROJAN Observed Malicious SSL Cert (SmokeLoader CnC)
(trojan.rules)
  2029559 - ET TROJAN BlackTech ELF/TSCookie CnC Observed in DNS Query
(trojan.rules)
  2029560 - ET TROJAN BlackTech ELF/TSCookie CnC Observed in DNS Query
(trojan.rules)
  2029566 - ET TROJAN Magecart CnC Domain in DNS Lookup (trojan.rules)
  2803709 - ETPRO TROJAN Trojan-Downloader.Win32.Diple.A Checkin 1
(trojan.rules)
  2803840 - ETPRO WEB_CLIENT Microsoft Active Accessibility oleacc.dll
Insecure Library Loading Code Execution - WebDAV (web_client.rules)
  2803895 - ETPRO TROJAN Win32/Gevenbu.A Checkin (trojan.rules)
  2808490 - ETPRO TROJAN WORM Gammima.AG Checkin (trojan.rules)
  2808621 - ETPRO MALWARE PUP/Win32.IBryte Checkin via HTTP (malware.rules)
  2808643 - ETPRO TROJAN Zeus variant C2 (trojan.rules)
  2808915 - ETPRO TROJAN Trojan.FakeAlert.CAF Checkin (trojan.rules)
  2809054 - ETPRO EXPLOIT Incredible PBX RCE Attempt (exploit.rules)
  2809127 - ETPRO MALWARE PUP.3lsoft Checkin (malware.rules)
  2821358 - ETPRO TROJAN AZORult Variant Checkin (trojan.rules)
  2821811 - ETPRO TROJAN Win32/Banload Variant Connectivity Check
(trojan.rules)
  2823458 - ETPRO CURRENT_EVENTS RIG EK Flash Exploit Nov 25 2016
(current_events.rules)
  2824408 - ETPRO CURRENT_EVENTS PowerShell Empire Session Initial Activity
(current_events.rules)
  2824971 - ETPRO TROJAN Fareit/Pony Variant CnC Beacon (trojan.rules)
  2825063 - ETPRO TROJAN PowerShell Empire Request HTTP Pattern
(trojan.rules)
  2825123 - ETPRO INFO Suspicious Cookie Observed (bot) (info.rules)
  2825769 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017
(current_events.rules)
  2825792 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC SMS Exfil
(mobile_malware.rules)
  2825793 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Info Exfil
(mobile_malware.rules)
  2825794 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC CnC Beacon 3
(mobile_malware.rules)
  2825795 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Login Exfil
(mobile_malware.rules)
  2825797 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.IC Login Exfil 2
(mobile_malware.rules)
  2825831 - ETPRO CURRENT_EVENTS RIG EK Landing Apr 04 2017
(current_events.rules)
  2825833 - ETPRO TROJAN Possible Win32/PSWTool.WebBrowserPassView.B
Download From Free Hosting Service (trojan.rules)
  2825834 - ETPRO MOBILE_MALWARE Android/SMForw.AC SMS Exfil
(mobile_malware.rules)
  2825835 - ETPRO MOBILE_MALWARE Android/Styricka.A CnC Beacon
(mobile_malware.rules)
  2825844 - ETPRO MOBILE_MALWARE Android/Agent.ST Checkin
(mobile_malware.rules)
  2825845 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT CnC Beacon
(mobile_malware.rules)
  2825846 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT CnC Beacon 2
(mobile_malware.rules)
  2825847 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.IT CnC Beacon 3
(mobile_malware.rules)
  2825918 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fyec.bps CnC Beacon
(mobile_malware.rules)
  2825923 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.FY CnC Beacon
(mobile_malware.rules)
  2826229 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 1
(trojan.rules)
  2826230 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 2
(trojan.rules)
  2826231 - ETPRO TROJAN Possible TorrentLocker Connectivity Check 3
(trojan.rules)
  2826246 - ETPRO CURRENT_EVENTS Astrum EK Payload Callback May 03 2017
(current_events.rules)
  2826361 - ETPRO TROJAN AZORult Variant.2 Checkin m3 (trojan.rules)
  2826368 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.JZ SMS/Contact
Exfil (mobile_malware.rules)
  2826469 - ETPRO TROJAN PyCL/Fatboy Ransomware External IP Check
(trojan.rules)
  2826544 - ETPRO TROJAN Cyst Downloader Fake 404 (trojan.rules)
  2826589 - ETPRO TROJAN Win32/Neshta.A Download Request (trojan.rules)
  2826638 - ETPRO MALWARE Win32/TrojanDownloader.Banload Post Request
(malware.rules)
  2826799 - ETPRO TROJAN Win32/TrojanDownloader.Blocrypt Checkin 2
(trojan.rules)
  2826814 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.LP CnC Beacon
(mobile_malware.rules)
  2826822 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.e CnC Beacon 4
(mobile_malware.rules)
  2826926 - ETPRO TROJAN MSIL/Unk.BrowserModifier CnC Checkin (trojan.rules)
  2827147 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish Jul 17
2017 (current_events.rules)
  2827462 - ETPRO TROJAN Win32.Agent.bjswlh CnC Beacon (trojan.rules)
  2827594 - ETPRO TROJAN Formbook Stealer Checkin (trojan.rules)
  2827604 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Sivu.h Checkin
(mobile_malware.rules)
  2827989 - ETPRO TROJAN Malicious Miner Downloading CoinMiner Binary M2
(trojan.rules)
  2828313 - ETPRO TROJAN MSIL/CoalaBot CnC Checkin M2 (trojan.rules)
  2828791 - ETPRO MOBILE_MALWARE Android/Guerrilla.AM Checkin
(mobile_malware.rules)
  2828878 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 2
(mobile_malware.rules)
  2828879 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 3
(mobile_malware.rules)
  2828880 - ETPRO MOBILE_MALWARE Android/DroidDream.D Checkin 4
(mobile_malware.rules)
  2829003 - ETPRO MOBILE_MALWARE ANDROIDOS_ANUBISSPY Checkin
(mobile_malware.rules)
  2829618 - ETPRO TROJAN Chthonic CnC Beacon 13 (trojan.rules)
  2829620 - ETPRO TROJAN Chthonic CnC Beacon Generic M1 (trojan.rules)
  2829625 - ETPRO TROJAN Chthonic CnC Beacon 14 (trojan.rules)
  2831162 - ETPRO TROJAN BKDR_QULKONWI.GHR Checkin M2 (trojan.rules)
  2831202 - ETPRO TROJAN W32.PP2018.CN Stealer Checkin (trojan.rules)
  2831258 - ETPRO MALWARE Win32/SoftExperts.A PUP/PUA Checkin
(malware.rules)
  2831780 - ETPRO TROJAN W32.Gamaredon.Variant Checkin (trojan.rules)
  2831782 - ETPRO TROJAN Win32.Ursu.Variant Checkin (trojan.rules)
  2831888 - ETPRO MOBILE_MALWARE Android/Agent-MJK CnC Beacon
(mobile_malware.rules)
  2833279 - ETPRO TROJAN W32.SpyBanker.BR Variant Checkin (trojan.rules)
  2833295 - ETPRO TROJAN W32.YBomeMiner Checkin M2 (trojan.rules)
  2841326 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif Injects CnC)
(trojan.rules)
  2843622 - ETPRO TROJAN Likely Evil Powershell Inbound (Invoke-Mimikatz)
(trojan.rules)
  2844913 - ETPRO TROJAN Haskell Downloader/DTLoader CnC Activity
(trojan.rules)

[---]  Disabled and modified rules:  [---]

  2805141 - ETPRO CURRENT_EVENTS Possible WORM W32.Printlove spreading via
cve 2010-2729 (SPOOLSS OpenPrinterEx request SET) (current_events.rules)
  2806029 - ETPRO CURRENT_EVENTS ADOBE PDF zeroday 14 February
(current_events.rules)
  2807084 - ETPRO CURRENT_EVENTS Latest Internet Explorer 0day used against
Taiwan targets exe download (current_events.rules)

[---]         Removed rules:         [---]

  2845257 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.FinSpy Checkin
(mobile_malware.rules)