[***] Summary: [***]
2 new OPEN, 22 new PRO (2 + 20). DNS Reply Sinkhole - Anubis/BitSight, Cobalt Strike, Win32/Agent.NML, Win32/Remcos RAT, Coiminers, VARIOUS PHISH.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031197 - ET TROJAN DNS Reply Sinkhole - Anubis/BitSight - 35.205.61.67
(trojan.rules)
2031198 - ET TROJAN Win32/HunterStealer CnC Exfil (trojan.rules)
Pro:
2845437 - ETPRO TROJAN Observed CobaltStrike Style SSL Cert (Amazon
Profile) (trojan.rules)
2845438 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-11 1) (trojan.rules)
2845439 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-11-11 2) (trojan.rules)
2845440 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-11-11
(current_events.rules)
2845441 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-11-11 (current_events.rules)
2845442 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2020-11-11
(current_events.rules)
2845443 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-11-11 (current_events.rules)
2845444 - ETPRO CURRENT_EVENTS Successful ING Phish 2020-11-11
(current_events.rules)
2845445 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-11-11 (current_events.rules)
2845446 - ETPRO CURRENT_EVENTS Successful Orange Phish 2020-11-11
(current_events.rules)
2845447 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-11-11 (current_events.rules)
2845448 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-11-11
(current_events.rules)
2845449 - ETPRO TROJAN Win32/Agent.NML CnC Activity M1 (trojan.rules)
2845451 - ETPRO TROJAN Observed FinderBot CnC Domain in TLS SNI
(trojan.rules)
2845452 - ETPRO TROJAN Win32/Remcos RAT Checkin 603 (trojan.rules)
2845453 - ETPRO TROJAN Win32/Remcos RAT Checkin 604 (trojan.rules)
2845454 - ETPRO CURRENT_EVENTS Successful Bancorp Phish 2020-11-11
(current_events.rules)
2845455 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-11-11
(current_events.rules)
2845456 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-11-11
(current_events.rules)
2845457 - ETPRO MALWARE FCleaner Activity (malware.rules)
[///] Modified active rules: [///]
2027076 - ET INFO Wget Request for Executable (info.rules)
2027079 - ET TROJAN Win32/Retadup Success Response from CnC (trojan.rules)
2027090 - ET EXPLOIT Possible WePresent WIPG1000 OS Command Injection
(exploit.rules)
2027092 - ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (exploit.rules)
2027506 - ET TROJAN Win32/Plurox Backdoor CnC Checkin (trojan.rules)
2027707 - ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC
Check Response (trojan.rules)
2027723 - ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String
Vulnerability (Inbound) (exploit.rules)
2027802 - ET TROJAN Win32/Eris Ransomware CnC Checkin (trojan.rules)
2028573 - ET TROJAN Suspected Tunna Proxy M2 (trojan.rules)
2028579 - ET TROJAN Suspected Tunna Proxy M2 (Outbound) (trojan.rules)
2028932 - ET TROJAN Win32/CryptInject.BE!MTB Stealer CnC Checkin
(trojan.rules)
2028964 - ET TROJAN DADJOKE/Rail Tycoon Payload Extraction (trojan.rules)
2029711 - ET INFO Suspicious GET Request with Possible COVID-19 Domain M1
(info.rules)
2029712 - ET INFO Suspicious GET Request with Possible COVID-19 Domain M2
(info.rules)
2029713 - ET INFO Suspicious POST Request with Possible COVID-19 Domain
M1 (info.rules)
2029714 - ET INFO Suspicious POST Request with Possible COVID-19 Domain
M2 (info.rules)
2029753 - ET INFO Suspicious GET Request with Possible COVID-19 URI M1
(info.rules)
2029754 - ET INFO Suspicious GET Request with Possible COVID-19 URI M2
(info.rules)
2029755 - ET INFO Suspicious POST Request with Possible COVID-19 URI M1
(info.rules)
2029756 - ET INFO Suspicious POST Request with Possible COVID-19 URI M2
(info.rules)
2029766 - ET TROJAN Observed DNS Query to Stitch C2 Domain (trojan.rules)
2029767 - ET TROJAN Observed DNS Query to Stitch C2 Domain (trojan.rules)
2808251 - ETPRO TROJAN Win32/Spy.Banker.AAYY CnC (OUTBOUND) (trojan.rules)
2809086 - ETPRO WEB_SPECIFIC_APPS CreativeContact Plugin Arbitrary File
Upload (web_specific_apps.rules)
2809167 - ETPRO TROJAN Gozi Downloader Checkin (trojan.rules)
2809240 - ETPRO MOBILE_MALWARE Android.Trojan.FakeInst.IS Checkin
(mobile_malware.rules)
2809269 - ETPRO TROJAN Rovnix CnC Beacon (trojan.rules)
2810416 - ETPRO CURRENT_EVENTS Inbound cmd.exe Base64 Encoded (Unicode) 1
(current_events.rules)
2810420 - ETPRO CURRENT_EVENTS Inbound cmd.exe Base64 Encoded (ASCII) 2
(current_events.rules)
2816365 - ETPRO TROJAN W32.SOCKSBOT CnC Request (trojan.rules)
2816366 - ETPRO TROJAN W32.SOCKSBOT CnC Response (trojan.rules)
2816367 - ETPRO POLICY Suspicious 404 OK Response (policy.rules)
2816739 - ETPRO TROJAN Rexpot Retrieving Payload - set 1 (trojan.rules)
2816808 - ETPRO CURRENT_EVENTS RIG EK Flash Exploit Mar 29 2016
(current_events.rules)
2816860 - ETPRO TROJAN Salam Ransomware CnC Checkin (trojan.rules)
2816901 - ETPRO MALWARE Win32/Shouqu Checkin (malware.rules)
2819648 - ETPRO CURRENT_EVENTS SunDown/Xer Payload (URL Primer)
(current_events.rules)
2822801 - ETPRO TROJAN DiamondFox HTTP POST CnC Checkin M1 (trojan.rules)
2822967 - ETPRO TROJAN PlugX Variant CnC Beacon (trojan.rules)
2823169 - ETPRO TROJAN Mocker Retrieving Payload (trojan.rules)
2823365 - ETPRO TROJAN Godzilla Loader Retrieving Payload (trojan.rules)
2823420 - ETPRO POLICY External IP Address Lookup - myip.ch (policy.rules)
2823534 - ETPRO CURRENT_EVENTS Likely Magnitude EK Flash Exploit Struct
Nov 30 2016 (current_events.rules)
2823676 - ETPRO TROJAN Win32 QuasarRAT 1.3/VenomRAT/CinaRAT Connectivity
Check (trojan.rules)
2824087 - ETPRO TROJAN MSIL/DeriaLock Ransomware CnC Activity
(trojan.rules)
2824449 - ETPRO CURRENT_EVENTS GreenFlash SunDown EK Flash Exploit
2017-01-17 (current_events.rules)
2824567 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Jan 20 2017
(current_events.rules)
2824637 - ETPRO TROJAN Troj/Agent-APJC CnC Beacon (trojan.rules)
2824669 - ETPRO TROJAN APT.ChChes CnC Beacon 1 (trojan.rules)
2824670 - ETPRO TROJAN APT.ChChes CnC Beacon 2 (trojan.rules)
2824761 - ETPRO TROJAN MSIL/Agent.RZW CoinMiner CnC Activity
(trojan.rules)
2825027 - ETPRO CURRENT_EVENTS Possible SunDown EK Landing URI Struct T2
Feb 17 2017 (current_events.rules)
2826697 - ETPRO TROJAN Possible Win32/Jeefo.B Config DL (trojan.rules)
2827391 - ETPRO TROJAN MSIL/FriendlyBot CnC Checkin (trojan.rules)
2827456 - ETPRO MOBILE_MALWARE Android.Trojan.DDLight.E Checkin
(mobile_malware.rules)
2827509 - ETPRO TROJAN Win32/Downloader.Banload.YAZ CnC Activity
(trojan.rules)
2827605 - ETPRO TROJAN Win32/1ms0rry CoinMiner Botnet CnC Checkin
(trojan.rules)
2827607 - ETPRO TROJAN MSIL/HookUp Bot CnC Checkin (trojan.rules)
2827629 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 13
(mobile_malware.rules)
2827630 - ETPRO MOBILE_MALWARE Anubis Android Loader / BankBot Checkin 14
(mobile_malware.rules)
2827633 - ETPRO MOBILE_MALWARE Android.Trojan.InfoStealer.GV CnC Beacon
(mobile_malware.rules)
2827695 - ETPRO TROJAN Win32/Banload.Downloader POST request CnC Checkin
(trojan.rules)
2827718 - ETPRO TROJAN W32.PooLen Coinminer Requesting Commands
(trojan.rules)
2827762 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.am CnC Beacon
(mobile_malware.rules)
2827809 - ETPRO MOBILE_MALWARE Android.Riskware.SmsPay.IT CnC Beacon
(mobile_malware.rules)
2827913 - ETPRO TROJAN Win32/Virut.NBP Checkin (trojan.rules)
2829709 - ETPRO MALWARE MSIL/Linkury Toolbar Style External IP Check
(malware.rules)
2835307 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-03-12
(current_events.rules)
2835359 - ETPRO TROJAN ELF/Tsunami.NCF IRC Checkin (trojan.rules)
2835401 - ETPRO SCAN Ololosher SQL Injection Scanning with URI Constant
(scan.rules)
2835447 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2019-03-19
(current_events.rules)
2835577 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2019-03-27
(current_events.rules)
2835585 - ETPRO TROJAN Win64/Vabushky.A Checkin 1 (trojan.rules)
2835586 - ETPRO TROJAN Win64/Vabushky.A Checkin 2 (trojan.rules)
2835645 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-29
(current_events.rules)
2835647 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-29
(current_events.rules)
2835761 - ETPRO TROJAN Win32/Robit CnC Checkin M1 (trojan.rules)
2835782 - ETPRO TROJAN Win32/Win32.Invader FTP C2 2 (trojan.rules)
2835823 - ETPRO TROJAN Kaprav Related FTP Implant (trojan.rules)
2835924 - ETPRO CURRENT_EVENTS Successful Volksbank DE Phish 2019-03-29
(current_events.rules)
2835987 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-04-22
(current_events.rules)
2835988 - ETPRO CURRENT_EVENTS Successful USAA Phish 2019-04-22
(current_events.rules)
2836122 - ETPRO TROJAN Win32.Mokes Backdoor CnC Activity (trojan.rules)
2836305 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-05-14
(current_events.rules)
2836369 - ETPRO TROJAN Win64/Agent.OF Variant CnC Report Checkin
(trojan.rules)
2836406 - ETPRO TROJAN MSIL/Agent.BSY Variant Initial Check-in
(trojan.rules)
2836423 - ETPRO CURRENT_EVENTS Successful Personalized Windows Account
Phish 2019-05-21 (current_events.rules)
2836466 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-05-23
(current_events.rules)
2836467 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-05-23
(current_events.rules)
2836722 - ETPRO CURRENT_EVENTS Successful Banque Populaire Phish
2019-06-07 (current_events.rules)
2836921 - ETPRO CURRENT_EVENTS Successful Generic Need Phish 2019-06-19
(current_events.rules)
2837021 - ETPRO TROJAN ELF/Various IoT Botnet CnC Checkin M2
(trojan.rules)
2837467 - ETPRO CURRENT_EVENTS Successful Generic Phish 2019-07-11
(current_events.rules)
2837486 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-12
(current_events.rules)
2837501 - ETPRO CURRENT_EVENTS Successful Microsoft Account Voicemail
Phish 2019-07-15 (current_events.rules)
2837607 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-07-19
(current_events.rules)
2837672 - ETPRO CURRENT_EVENTS Successful Generic Mail Error Report Phish
2019-07-24 (current_events.rules)
2837675 - ETPRO CURRENT_EVENTS Successful LCL Banque et Assurance Phish
2019-07-24 (current_events.rules)
2837699 - ETPRO CURRENT_EVENTS Successful Postbank Phish 2019-07-25
(current_events.rules)
2837710 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2019-07-26
(current_events.rules)
2837711 - ETPRO CURRENT_EVENTS Successful Suncoast Credit Union Phish
2019-07-26 (current_events.rules)
2837712 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-07-26
(current_events.rules)
2837806 - ETPRO CURRENT_EVENTS Successful Banca Sella Phish 2019-08-01
(current_events.rules)
2837807 - ETPRO CURRENT_EVENTS Successful Generic Email Settings Phish
2019-08-01 (current_events.rules)
2838023 - ETPRO TROJAN Win32/SafeNewTab Acticity (trojan.rules)
2838311 - ETPRO TROJAN Win32/Predator The Thief Initial CnC Checkin
Request (trojan.rules)
2838367 - ETPRO TROJAN Possible Grandsteal RAT Websocket Usage
(trojan.rules)
2838369 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2019-09-09
(current_events.rules)
2838370 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-09-09
(current_events.rules)
2838402 - ETPRO CURRENT_EVENTS Successful FNB First National Bank Phish
2019-09-10 (current_events.rules)
2838511 - ETPRO TROJAN Win32/Bobik CnC Activity (trojan.rules)
2838580 - ETPRO TROJAN DonotGroup YTY Framework CnC Checkin (trojan.rules)
2838792 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-07 (current_events.rules)
2838823 - ETPRO CURRENT_EVENTS Successful Microsoft Teams Phish
2019-10-08 (current_events.rules)
2838870 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-10-10
(current_events.rules)
2839041 - ETPRO TROJAN Gh0stNoxy CnC Activity (trojan.rules)
2839058 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-10-22 (current_events.rules)
2839067 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-10-22
(current_events.rules)
2839100 - ETPRO CURRENT_EVENTS Successful Aruba IT Phish 2019-10-23
(current_events.rules)
2839101 - ETPRO CURRENT_EVENTS Successful MWeb Webmail Phish 2019-10-23
(current_events.rules)
2839252 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-11-06
(current_events.rules)
2839269 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2019-11-06 (current_events.rules)
2839326 - ETPRO CURRENT_EVENTS Successful AlaskaUSA Federal Credit Union
Phish 2019-11-08 (current_events.rules)
2839351 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2019-11-11
(current_events.rules)
2839409 - ETPRO CURRENT_EVENTS Successful Trademe NZ Phish 2019-11-13
(current_events.rules)
2839429 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-11-14
(current_events.rules)
2839606 - ETPRO CURRENT_EVENTS Successful BECU Phish 2019-11-25
(current_events.rules)
2839885 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-12 (current_events.rules)
2839949 - ETPRO TROJAN Bandook v0.5FM TCP CnC Beacon (trojan.rules)
2839971 - ETPRO TROJAN Win32/njRAT Variant CnC Checkin (INF)
(trojan.rules)
2839972 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (GPL)
(trojan.rules)
2839975 - ETPRO TROJAN Win32/njRAT Variant CnC Response (IE)
(trojan.rules)
2839978 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (OpenPasswords)
(trojan.rules)
2839979 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (PasswordsResult)
(trojan.rules)
2839980 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (KE)
(trojan.rules)
2839981 - ETPRO TROJAN Win32/njRAT Variant CnC Activity (KE Logs)
(trojan.rules)
2839985 - ETPRO CURRENT_EVENTS Successful SF Express CN Phish 2019-12-18
(current_events.rules)
2839986 - ETPRO CURRENT_EVENTS Successful Godaddy Phish 2019-12-18
(current_events.rules)
2839997 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2019-12-18
(current_events.rules)
2839998 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2019-12-18
(current_events.rules)
2840040 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2019-12-20
(current_events.rules)
2840059 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-23
(current_events.rules)
2840061 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2019-12-23
(current_events.rules)
2840062 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-12-23
(current_events.rules)
2840150 - ETPRO TROJAN Possible Win32/Namoo CnC Activity Response
(trojan.rules)
2840153 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-12-30
(current_events.rules)
2840156 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-30 (current_events.rules)
2840176 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-31
(current_events.rules)
2840213 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02
(current_events.rules)
2840264 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-06
(current_events.rules)
2840315 - ETPRO POLICY Observed HTTP Request to *.pythonanywhere .com
Domain (policy.rules)
2840336 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-01-09 (current_events.rules)
2840337 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-01-09 (current_events.rules)
2840353 - ETPRO TROJAN Win32/Agent.AAON Variant CnC Activity
(trojan.rules)
2840358 - ETPRO TROJAN Win32/Agent.UAF Variant CnC M1 (trojan.rules)
2840399 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-01-13
(current_events.rules)
2841779 - ETPRO TROJAN Cobalt Strike Malleable C2 (jquery Profile)
(trojan.rules)
2845411 - ETPRO TROJAN Unk.MSI.Loader CnC Activity (trojan.rules)