[***] Summary: [***]
3 new OPEN, 48 new PRO (3 + 45). Android Spy DraconianPin, Win32/Backport Backdoor, VBS/xProRat CnC, and VARIOUS PHISH.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031261 - ET TROJAN Observed Jupyter Stealer CnC Domain (gogohid .com in
TLS SNI) (trojan.rules)
2031262 - ET TROJAN Observed Jupyter Stealer CnC Domain (blackl1vesmatter
.org in TLS SNI) (trojan.rules)
2031263 - ET TROJAN Observed Jupyter Stealer CnC Domain (vincentolife .com
in TLS SNI) (trojan.rules)
Pro:
2845829 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Location
(mobile_malware.rules)
2845830 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Calls
(mobile_malware.rules)
2845831 - ETPRO MOBILE_MALWARE Android Spy DraconianPin AddUser
(mobile_malware.rules)
2845832 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Checkin
(mobile_malware.rules)
2845833 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Contact
List (mobile_malware.rules)
2845834 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting Incoming
Calls (mobile_malware.rules)
2845835 - ETPRO MOBILE_MALWARE Android Spy DraconianPin Reporting App List
(mobile_malware.rules)
2845836 - ETPRO MOBILE_MALWARE Android Spy LuckyLeader Checkin
(mobile_malware.rules)
2845837 - ETPRO MOBILE_MALWARE Android.SmsSend.1359.origin Checkin
(mobile_malware.rules)
2845838 - ETPRO MOBILE_MALWARE Android.Agent.GEN24784 Checkin
(mobile_malware.rules)
2845839 - ETPRO MOBILE_MALWARE Android.fyben.a Checkin
(mobile_malware.rules)
2845840 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Piom.ly CnC Beacon
(mobile_malware.rules)
2845841 - ETPRO MOBILE_MALWARE Android/Hiddad.AKP CnC Beacon
(mobile_malware.rules)
2845842 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.OJNF-2 Checkin
(mobile_malware.rules)
2845843 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hydra Checkin
(mobile_malware.rules)
2845844 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hydra Checkin 2
(mobile_malware.rules)
2845845 - ETPRO MOBILE_MALWARE Android Spy RemoteAssist Checkin
(mobile_malware.rules)
2845846 - ETPRO MOBILE_MALWARE Android DynamicParam Reporting Location
(mobile_malware.rules)
2845847 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Easylogger.b Checkin
(mobile_malware.rules)
2845848 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.GQH Checkin
(mobile_malware.rules)
2845849 - ETPRO TROJAN Win32/Backport Backdoor Checkin via SMTP
(trojan.rules)
2845850 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2845851 - ETPRO POLICY External Geo/Timezone Lookup via api .timezonedb
.com (policy.rules)
2845852 - ETPRO TROJAN MalDoc Retrieving Payload 2020-12-07 (set)
(trojan.rules)
2845853 - ETPRO TROJAN MalDoc Retrieving Payload 2020-12-07 (trojan.rules)
2845854 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-05 1) (trojan.rules)
2845855 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-05 2) (trojan.rules)
2845856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-05 3) (trojan.rules)
2845857 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-12-07
(current_events.rules)
2845858 - ETPRO CURRENT_EVENTS Successful Intesa Sanpaolo Phish 2020-12-07
(current_events.rules)
2845859 - ETPRO CURRENT_EVENTS Successful Fedex Phish 2020-12-07
(current_events.rules)
2845860 - ETPRO CURRENT_EVENTS Successful USPS Phish 2020-12-07
(current_events.rules)
2845861 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union Phish
2020-12-07 (current_events.rules)
2845862 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish 2020-12-07
(current_events.rules)
2845863 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2845864 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2845865 - ETPRO TROJAN VBS/xProRat CnC Host Checkin (trojan.rules)
2845866 - ETPRO TROJAN VBS/xProRat CnC Activity (trojan.rules)
2845867 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-12-07 (current_events.rules)
2845868 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-12-07
(current_events.rules)
2845869 - ETPRO CURRENT_EVENTS Successful Boursorama Banque Phish
2020-12-07 (current_events.rules)
2845870 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-12-07
(current_events.rules)
2845871 - ETPRO TROJAN Jupyter Stealer CnC Server Response (trojan.rules)
2845872 - ETPRO TROJAN Win32/Remcos RAT Checkin 627 (trojan.rules)
2845873 - ETPRO CURRENT_EVENTS Successful UBS Phish 2020-12-07
(current_events.rules)
[///] Modified active rules: [///]
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2030393 - ET TROJAN Jupyter Stealer Reporting System Information
(trojan.rules)
2842012 - ETPRO TROJAN External Template Request for .dot (trojan.rules)
2845565 - ETPRO CURRENT_EVENTS Successful Metrobank Credential Phish
2020-11-18 (current_events.rules)
2845655 - ETPRO TROJAN Jupyter Stealer Activity (POST) (trojan.rules)