Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/11/09

[***]            Summary:            [***]

6 new OPEN, 25 new PRO (6 + 19). CVE-2020-10204, Pay2Key Ransomware, Snugy DNS Backdoor, Win32/TrickBot, JasperBot, Win32/Remcos, Coinminers, VARIOUS PHISH.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031189 - ET INFO HTTP POST to XYZ TLD Containing Pass - Possible
Phishing (info.rules)
  2031190 - ET EXPLOIT Nexus Repository Manager EL Injection to RCE Inbound
(CVE-2020-10204) (exploit.rules)
  2031191 - ET MALWARE Win32/Sogou.H Variant Request (malware.rules)
  2031192 - ET TROJAN Pay2Key Ransomware - Sending RSA Key (trojan.rules)
  2031193 - ET TROJAN Suspected Snugy DNS Backdoor Initial Beacon
(trojan.rules)
  2031194 - ET TROJAN Suspected Snugy DNS Backdoor CnC Activity (Hostname
Send) (trojan.rules)

Pro:

  2845390 - ETPRO INFO HTTP Request with Lowercase host Header Observed
(info.rules)
  2845391 - ETPRO INFO HTTP Request with Lowercase user-agent Header
Observed (info.rules)
  2845392 - ETPRO TROJAN MSIL/PredatorPain Stealer CnC Exfil (trojan.rules)
  2845393 - ETPRO INFO Long String of Asteriks - Possible Exfil in URI
(info.rules)
  2845394 - ETPRO TROJAN Win32/TrickBot CnC Initial Checkin M2
(trojan.rules)
  2845395 - ETPRO TROJAN JasperBot CnC Checkin (trojan.rules)
  2845396 - ETPRO TROJAN JasperBot Requesting Command from CnC
(trojan.rules)
  2845397 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-07 1) (trojan.rules)
  2845398 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-07 2) (trojan.rules)
  2845399 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-11-09 (current_events.rules)
  2845400 - ETPRO CURRENT_EVENTS Successful Millennium BCP Phish 2020-11-09
(current_events.rules)
  2845401 - ETPRO CURRENT_EVENTS Successful Magenta Phish 2020-11-09
(current_events.rules)
  2845402 - ETPRO CURRENT_EVENTS Successful CaixaBank Phish 2020-11-09
(current_events.rules)
  2845403 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-11-09
(current_events.rules)
  2845404 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-11-09
(current_events.rules)
  2845405 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-11-09 (current_events.rules)
  2845406 - ETPRO TROJAN Win32/Remcos RAT Checkin 597 (trojan.rules)
  2845407 - ETPRO TROJAN Win32/Remcos RAT Checkin 598 (trojan.rules)

[///]     Modified active rules:     [///]

  2010133 - ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable INSERT
INTO SQL Injection Attempt (web_specific_apps.rules)
  2010134 - ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable DELETE
FROM SQL Injection Attempt (web_specific_apps.rules)
  2010457 - ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web
VPN FTP or CIFS Authentication Form Phishing Attempt (web_server.rules)
  2010669 - ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring
Application INTO OUTFILE SQL Injection Attempt (web_specific_apps.rules)
  2010670 - ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring
Application SELECT FROM SQL Injection Attempt (web_specific_apps.rules)
  2010672 - ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring
Application INSERT INTO SQL Injection Attempt (web_specific_apps.rules)
  2010673 - ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring
Application UNTION SELECT SQL Injection Attempt (web_specific_apps.rules)
  2010704 - ET WEB_SERVER Possible HP OpenView Network Node Manager
ovalarm.exe CGI Buffer Overflow Attempt (web_server.rules)
  2010728 - ET WEB_SPECIFIC_APPS WordPress wp-admin/admin.php Module
Configuration Security Bypass Attempt (web_specific_apps.rules)
  2010863 - ET WEB_SERVER LANDesk Command Injection Attempt
(web_server.rules)
  2010964 - ET WEB_SERVER SHOW CHARACTER SET SQL Injection Attempt in URI
(web_server.rules)
  2011839 - ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id
Parameter DELETE FROM SQL Injection Attempt (web_specific_apps.rules)
  2011927 - ET WEB_SPECIFIC_APPS SiteloomCMS mailform_1 variable Cross Site
Scripting Attempt (web_specific_apps.rules)
  2011929 - ET WEB_SPECIFIC_APPS Joomla Component com_banners
banners.class.php Remote File inclusion Attempt (web_specific_apps.rules)
  2012407 - ET WEB_SPECIFIC_APPS Potential Wordpress local file disclosure
vulnerability (web_specific_apps.rules)
  2012408 - ET WEB_SPECIFIC_APPS Potential Wordpress local file disclosure
vulnerability (web_specific_apps.rules)
  2014643 - ET TROJAN ConstructorWin32/Agent.V (trojan.rules)
  2025114 - ET CURRENT_EVENTS Successful EDU Phish 2017-12-04
(current_events.rules)
  2025163 - ET TROJAN W32/Patchwork.Backdoor Communicating with CnC
(trojan.rules)
  2025164 - ET TROJAN W32/Patchwork.Backdoor CnC Check-in M2 (trojan.rules)
  2027439 - ET TROJAN HAWKBALL CnC Initial Request (trojan.rules)
  2027440 - ET TROJAN HAWKBALL CnC Activity (trojan.rules)
  2028865 - ET CURRENT_EVENTS Spelevo VBS Payload Downloaded
(current_events.rules)
  2029025 - ET SCAN Mirai Variant User-Agent (Inbound) (scan.rules)
  2029037 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules)
  2029626 - ET TROJAN Observed DNS Query to Vicious Panda CnC Domain
(trojan.rules)
  2029627 - ET TROJAN Observed DNS Query to Vicious Panda CnC Domain
(trojan.rules)
  2029628 - ET TROJAN Observed DNS Query to Vicious Panda CnC Domain
(trojan.rules)
  2029629 - ET TROJAN Observed DNS Query to Vicious Panda CnC Domain
(trojan.rules)
  2029630 - ET TROJAN Observed DNS Query to Vicious Panda CnC Domain
(trojan.rules)
  2029631 - ET TROJAN Observed DNS Query to Vicious Panda CnC Domain
(trojan.rules)
  2029636 - ET WEB_SPECIFIC_APPS Possible CVE-2020-8518 (Horde Groupware
RCE) (web_specific_apps.rules)
  2029638 - ET POLICY DNS Query to DynDNS *.dyn-ip24 .de Domain
(policy.rules)
  2029641 - ET TROJAN Win32/Unk.Joia CnC Activity (trojan.rules)
  2029647 - ET TROJAN MZRevenge Ransomware CnC (trojan.rules)
  2029652 - ET CURRENT_EVENTS Possible Successful Generic Phish Aug 31 2015
(current_events.rules)
  2029653 - ET CURRENT_EVENTS Successful DHL Account Phish 2015-11-03
(current_events.rules)
  2029658 - ET CURRENT_EVENTS Microsoft Office Phishing Landing 2016-12-18
(current_events.rules)
  2029659 - ET CURRENT_EVENTS Successful DHL Phish (Meta HTTP-Equiv
Refresh) 2017-02-08 (current_events.rules)
  2029679 - ET CURRENT_EVENTS Successful DHL Phish 2019-10-18
(current_events.rules)
  2029715 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2029716 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2029717 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2029718 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2029719 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2029720 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2029721 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2029722 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2029723 - ET TROJAN Possible APT28 Phishing Domain in DNS Query
(trojan.rules)
  2800860 - ETPRO WEB_SPECIFIC_APPS FreePBX Recording Interface Directory
Traversal (web_specific_apps.rules)
  2800962 - ETPRO WEB_SPECIFIC_APPS Symantec IM Manager
IMAdminScheduleReport.asp SQL Injection via email parameter
(web_specific_apps.rules)
  2801946 - ETPRO WEB_SPECIFIC_APPS Majordomo Directory Traversal Attempt
(web_specific_apps.rules)
  2804421 - ETPRO TROJAN Win32/Dofoil.A Checkin (trojan.rules)
  2804967 - ETPRO TROJAN Win32/Bancos.AEW Checkin (trojan.rules)
  2805030 - ETPRO TROJAN PWS.Win32/Sinowal.gen!Y/Torpig Checkin
(trojan.rules)
  2805617 - ETPRO TROJAN Trojan-Downloader.Win32.Agent.qsl Checkin
(trojan.rules)
  2806091 - ETPRO POLICY IP geo location service ipinfodb.com request
(policy.rules)
  2806713 - ETPRO TROJAN Backdoor.Win32.Androm.aatu Checkin (trojan.rules)
  2806943 - ETPRO TROJAN Win32/Nefyn.A POST (trojan.rules)
  2807232 - ETPRO TROJAN Trojan.Agent.29683 PDF Checkin (trojan.rules)
  2807321 - ETPRO TROJAN Trojan-Dropper.MSIL.Agent.akze Checkin
(trojan.rules)
  2807636 - ETPRO TROJAN Trojan-Banker.Win32.Agent.ree Checkin
(trojan.rules)
  2807881 - ETPRO TROJAN TrojanDownloader Win32/Waledac.C .exe download 2
(trojan.rules)
  2808010 - ETPRO MALWARE Win32.Boaxxe.BL windowsupdate connectivity check
(malware.rules)
  2808274 - ETPRO TROJAN Win32/Delf.W Checkin (trojan.rules)
  2808317 - ETPRO MALWARE Adware.StartPage.AUB (malware.rules)
  2808472 - ETPRO TROJAN PWS-Banker!dg Callback (trojan.rules)
  2808570 - ETPRO TROJAN Win32.Sisron.B Checkin 2 (trojan.rules)
  2809407 - ETPRO MALWARE Win32.SkySTools.A Checkin (malware.rules)
  2809576 - ETPRO EXPLOIT Arris Cable Modem Backdoor Cookie 2
(exploit.rules)
  2809652 - ETPRO TROJAN Chthonic Bot CnC Beacon 1 (trojan.rules)
  2809797 - ETPRO WEB_SPECIFIC_APPS WP Video Gallery 2.7 SQLi Attempt
(web_specific_apps.rules)
  2809946 - ETPRO TROJAN Win32/Unruy.C Possible Click Fraud (trojan.rules)
  2810007 - ETPRO TROJAN Win32/Bagfi Variant Checkin (trojan.rules)
  2810055 - ETPRO TROJAN Sharik/Smoke Loader CnC Beacon Response
(trojan.rules)
  2810084 - ETPRO TROJAN Win32.Androm.gljb Trojan Checkin (trojan.rules)
  2811002 - ETPRO MALWARE Win32/BomJogo.A Checkin (malware.rules)
  2811810 - ETPRO TROJAN Win32/Dowector.A Checkin (trojan.rules)
  2812053 - ETPRO MALWARE Win32/Multibar.EA Variant PUP Google Connectivity
Check (malware.rules)
  2812060 - ETPRO TROJAN Win32/FakeJa Checkin (trojan.rules)
  2812063 - ETPRO TROJAN Win32/Banload2 Variant Checkin (trojan.rules)
  2812182 - ETPRO TROJAN ZIP file embedded in Large JPG (~10-100MB)
(trojan.rules)
  2812201 - ETPRO MOBILE_MALWARE Android/Clicker.C Checkin
(mobile_malware.rules)
  2814087 - ETPRO POLICY RealThinClient Outbound Communication
(policy.rules)
  2815440 - ETPRO TROJAN Elmer Checkin (trojan.rules)
  2819677 - ETPRO MOBILE_MALWARE Trojan-Downloader.AndroidOS.Leech.f
Checkin (mobile_malware.rules)
  2819789 - ETPRO TROJAN APT.Hedas CnC Beacon 2 (trojan.rules)
  2819966 - ETPRO EXPLOIT Linksys wap54gv3 Remote Code Execution
(exploit.rules)
  2820007 - ETPRO TROJAN Emissary CnC Beacon 3 (trojan.rules)
  2820009 - ETPRO TROJAN Emissary CnC Beacon 4 (trojan.rules)
  2820041 - ETPRO TROJAN APT.MADMAX CnC Beacon 1 M1 (trojan.rules)
  2820056 - ETPRO TROJAN APT.ZoxPNG CnC Beacon (trojan.rules)
  2820537 - ETPRO TROJAN Win32/Neutrino HTTP Structure (trojan.rules)
  2826326 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot CnC Beacon
(mobile_malware.rules)
  2826511 - ETPRO MOBILE_MALWARE Unknown Android Loader CnC Beacon
(mobile_malware.rules)
  2826786 - ETPRO MOBILE_MALWARE Trojan-PSW.AndroidOS.Inazun.h CnC Beacon 2
(mobile_malware.rules)
  2826884 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 12
(mobile_malware.rules)
  2826932 - ETPRO MOBILE_MALWARE Android/Fobus.BD Checkin
(mobile_malware.rules)
  2826933 - ETPRO MOBILE_MALWARE Android/Fobus.BD Retrieving IP
(mobile_malware.rules)
  2826994 - ETPRO MOBILE_MALWARE Android/Rootnik.BV Checkin
(mobile_malware.rules)
  2827008 - ETPRO TROJAN MSIL/TeleBot.Backdoor Beacon To CnC (trojan.rules)
  2827066 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.edqmtx CnC Beacon
(mobile_malware.rules)
  2827067 - ETPRO MOBILE_MALWARE Trojan.Android.Agent.edqmtx CnC Beacon 2
(mobile_malware.rules)
  2827105 - ETPRO TROJAN JS/HTA Downloader Behavior M1 (trojan.rules)
  2827106 - ETPRO TROJAN JS/HTA Downloader Behavior M2 (trojan.rules)
  2827111 - ETPRO MOBILE_MALWARE Android/DoubleLocker.A CnC Beacon
(mobile_malware.rules)
  2827112 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.JX Download
(mobile_malware.rules)
  2827116 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BCS Checkin
(mobile_malware.rules)
  2827132 - ETPRO TROJAN MSIL/SkyNet CnC Activity (trojan.rules)
  2827140 - ETPRO MOBILE_MALWARE Android/Monitor.OwnSpy.B CnC Beacon
(mobile_malware.rules)
  2827144 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK (Known Evil
Keitaro TDS) Jul 14 2017 (current_events.rules)
  2827990 - ETPRO TROJAN Malicious Miner Downloading CoinMiner
Configuration M2 (trojan.rules)
  2828006 - ETPRO TROJAN Emotet Post Drop C2 Comms M2 (trojan.rules)
  2828110 - ETPRO MOBILE_MALWARE Android/BinaryBanc CnC Beacon
(mobile_malware.rules)
  2828158 - ETPRO TROJAN JS Cryxos Downloader M2 Oct 05 2017 (trojan.rules)
  2828197 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Ubsod.c Checkin
(mobile_malware.rules)
  2828239 - ETPRO MOBILE_MALWARE Android/HiddenApp.FH CnC Beacon
(mobile_malware.rules)
  2828252 - ETPRO CURRENT_EVENTS Successful Postmaster Phish M1 Oct 12 2017
(current_events.rules)
  2828259 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 5
(mobile_malware.rules)
  2828260 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 6
(mobile_malware.rules)
  2828261 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh SMS Exfil
(mobile_malware.rules)
  2828262 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh Contact Exfil
(mobile_malware.rules)
  2828264 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Beacon 8
(mobile_malware.rules)
  2828265 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh Network
Activity Exfil (mobile_malware.rules)
  2828312 - ETPRO TROJAN HttpRAT POST to CnC (trojan.rules)
  2828317 - ETPRO TROJAN Orz JavaScript Backdoor Communicating with CnC
(trojan.rules)
  2828321 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.aun CnC Beacon
(mobile_malware.rules)
  2828322 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Wapron.aun CnC Beacon 2
(mobile_malware.rules)
  2828494 - ETPRO TROJAN Win32/Gibon Ransomware CnC Activity (trojan.rules)
  2828503 - ETPRO MOBILE_MALWARE Android/Spy.Banker.TBE CnC Beacon
(mobile_malware.rules)
  2828538 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.dot Checkin
(mobile_malware.rules)
  2828575 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BLR Checkin
(mobile_malware.rules)
  2828621 - ETPRO CURRENT_EVENTS MalDoc Retrieving Payload Nov 13 2017
(current_events.rules)
  2828747 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Guerrilla.l Checkin
(mobile_malware.rules)
  2828803 - ETPRO TROJAN StorageCrypt Downloading SambaCry (trojan.rules)
  2828875 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin
2 (mobile_malware.rules)
  2829455 - ETPRO MOBILE_MALWARE Android/Agent.IW SMS Exfil
(mobile_malware.rules)
  2829588 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.TF Checkin
(mobile_malware.rules)
  2829886 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Dnotua.olg Checkin
(mobile_malware.rules)
  2829888 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.cx Checkin
(mobile_malware.rules)
  2829899 - ETPRO MOBILE_MALWARE SMS-Flooder.AndroidOS.Agent.l CnC Beacon
(mobile_malware.rules)
  2830033 - ETPRO TROJAN Win32/Agent.xxxyeb Connectivity Check
(trojan.rules)
  2830040 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BHH Checkin
(mobile_malware.rules)
  2830045 - ETPRO MOBILE_MALWARE Android/Inmobi.D Checkin 2
(mobile_malware.rules)
  2830078 - ETPRO POLICY Android Bitcoin Wallet CnC Beacon (policy.rules)
  2830249 - ETPRO TROJAN MSIL/SocketPlayer RAT Receiving Screenshot Command
(trojan.rules)
  2830283 - ETPRO CURRENT_EVENTS Possible Evil Redirect via bit .ly
(Observed in MalDoc Campaigns) (current_events.rules)
  2830303 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.w Checkin
(mobile_malware.rules)
  2830305 - ETPRO MOBILE_MALWARE Android.Trojan.SLocker.PN Checkin
(mobile_malware.rules)
  2830307 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.dm Checkin 2
(mobile_malware.rules)
  2830513 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven Device Info
Exfil (mobile_malware.rules)
  2830515 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven Location Exfil
(mobile_malware.rules)
  2830516 - ETPRO MOBILE_MALWARE Android Trojan-Spy EmSeven SMS Exfil
(mobile_malware.rules)
  2830535 - ETPRO MOBILE_MALWARE Android Trojan-Spy Simpkol Call Log Exfil
(mobile_malware.rules)
  2830686 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.ZooPark Checkin
(mobile_malware.rules)
  2830727 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Wifle.A CallLog/SMS Exfil
(mobile_malware.rules)
  2830868 - ETPRO MOBILE_MALWARE Android/Monitor.SpyHuman Checkin
(mobile_malware.rules)
  2830870 - ETPRO MOBILE_MALWARE Android-Trojan/Downloader.907ce CnC Beacon
(mobile_malware.rules)
  2830925 - ETPRO WEB_CLIENT Tech Support Phone Scam Landing M1 - May 20
2018 (web_client.rules)
  2830996 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SMSreg.pf CnC Beacon
(mobile_malware.rules)
  2831526 - ETPRO TROJAN W32.Unk.Stealer Checkin M2 (trojan.rules)
  2831998 - ETPRO TROJAN Possible Jenxcus Variant Exfiltrating via
User-Agent (trojan.rules)
  2832075 - ETPRO MALWARE Win32/FileTour Adware Activity (malware.rules)
  2832094 - ETPRO TROJAN Possible More_eggs Connectivity Check
(trojan.rules)
  2832299 - ETPRO CURRENT_EVENTS Possible Evil Redirect via bitly .com M2
(Observed in MalDoc Campaigns) (current_events.rules)
  2832705 - ETPRO TROJAN Win32/ELF Xbash CnC Checkin (trojan.rules)
  2833577 - ETPRO TROJAN Banload Variant CnC Activity (trojan.rules)
  2833969 - ETPRO TROJAN Silent Downloader CnC Initial Request
(trojan.rules)
  2834134 - ETPRO TROJAN Win32/SpyBanker.ADUT Activity (trojan.rules)
  2834577 - ETPRO TROJAN GearBest Stealer CnC Activity (trojan.rules)
  2834578 - ETPRO TROJAN TinyDeal Stealer CnC Activity (trojan.rules)
  2835225 - ETPRO SCAN ELF/Mirai Solstice Variant User-Agent (scan.rules)
  2836237 - ETPRO MOBILE_MALWARE Android Spy Moez Checkin
(mobile_malware.rules)
  2836238 - ETPRO MOBILE_MALWARE Android Spy Moez CnC Beacon
(mobile_malware.rules)
  2837092 - ETPRO TROJAN Win32/Various Unusual POST to ip-api .com
(trojan.rules)
  2837240 - ETPRO INFO Suspicious HTTP 448 Response (info.rules)
  2837678 - ETPRO MALWARE Win32/Downloader.Soft32 Checkin (malware.rules)
  2838087 - ETPRO TROJAN DonotGroup Maldoc Stage 1 CnC Checkin M2
(trojan.rules)
  2838311 - ETPRO TROJAN Win32/Predator The Thief Initial CnC Checkin
Request (trojan.rules)
  2841528 - ETPRO TROJAN MSIL/Agent.TQA CnC Checkin (trojan.rules)
  2841533 - ETPRO TROJAN Observed Tonto/Bisonal CnC Domain in DNS Query
(trojan.rules)
  2841534 - ETPRO TROJAN Observed Tonto/Bisonal CnC Domain in DNS Query
(trojan.rules)
  2841554 - ETPRO TROJAN MSIL/Poulight Stealer Domain in DNS Lookup
(trojan.rules)
  2841555 - ETPRO INFO Observed Suspicious Reversed String Inbound
(DeleteFile) (info.rules)
  2841556 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(obshell.run) (trojan.rules)
  2841557 - ETPRO INFO Observed Suspicious Reversed String Inbound
(objFile.Write) (info.rules)
  2841558 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(Winmgmts:/) (trojan.rules)
  2841559 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(cmd.exe /C) (trojan.rules)
  2841560 - ETPRO INFO Observed Suspicious Reversed String Inbound
(CreateTextFile) (info.rules)
  2841561 - ETPRO INFO Observed Suspicious Reversed String Inbound
(FileSystemObject) (info.rules)
  2841562 - ETPRO INFO Observed Suspicious Reversed String Inbound
(ExpandEnvironmentStrings) (info.rules)
  2841563 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(Wscript.Shell) (trojan.rules)
  2841564 - ETPRO INFO Observed Suspicious Reversed String Inbound
(ProgramData) (info.rules)
  2841565 - ETPRO INFO Observed Suspicious Reversed String Inbound
(Microsoft) (info.rules)
  2841566 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(WScript.CreateObject) (trojan.rules)
  2841567 - ETPRO INFO Observed Suspicious Reversed String Inbound
(Scripting.FileSystemObject) (info.rules)
  2841568 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(Shell.Application) (trojan.rules)
  2841569 - ETPRO TROJAN Observed Suspicious Reversed String Inbound
(objWMIService.ExecQuery) (trojan.rules)
  2841570 - ETPRO INFO Observed Suspicious Reversed String Inbound
(StrReverse) (info.rules)
  2841571 - ETPRO INFO Observed Suspicious Reversed String Inbound
(Microsoft.XMLHTTP) (info.rules)
  2841593 - ETPRO TROJAN MSIL/Injector.ULQ Variant CnC Checkin
(trojan.rules)
  2841618 - ETPRO INFO Observed Suspicious Hex Encoded String Inbound
(decodeURIComponent) (info.rules)
  2841621 - ETPRO TROJAN Suspected Powershell Empire CnC (trojan.rules)
  2841625 - ETPRO TROJAN SSL/TLS Certificate Observed (Evil Powershell)
(trojan.rules)

[///]    Modified inactive rules:    [///]

  2823170 - ETPRO CURRENT_EVENTS MalDoc Requesting Payload Nov 08
(current_events.rules)
  2823520 - ETPRO CURRENT_EVENTS MalDoc Request for Payload Nov 28 2016
(current_events.rules)

Date:
Summary title:
6 new OPEN, 25 new PRO (6 + 19). CVE-2020-10204, Pay2Key Ransomware, Snugy DNS Backdoor, Win32/TrickBot, JasperBot, Win32/Remcos, Coinminers, VARIOUS PHISH.