[***] Summary: [***]
14 new OPEN, 41 new PRO (14 + 27). SystemBC CnC, PhantomNet/Sanager CnC, Android/MicroShiva, ELF/Gafgyt Variant, MSIL/Agent.DEB CnC, MSIL/VexioPL InfoStealer, Coinminers, VARIOUS PHISH.
Thanks: @James_inthe_Box
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031419 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031420 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031421 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031422 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031423 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031424 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031425 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031426 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031427 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031428 - ET TROJAN Observed SystemBC CnC Domain in DNS Query
(trojan.rules)
2031429 - ET WEB_SERVER Generic Webshell Accessed on Internal Compromised
Server (web_server.rules)
2031430 - ET WEB_CLIENT Generic Webshell Accessed on External Compromised
Server (web_client.rules)
2031431 - ET TROJAN PhantomNet/Sanager CnC Domain in DNS Lookup
(vgca.homeunix .org) (trojan.rules)
2031432 - ET TROJAN PhantomNet/Smanager CnC Domain in DNS Lookup
(office365.blogdns .com) (trojan.rules)
Pro:
2846073 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Agent.by1r CnC Beacon
(mobile_malware.rules)
2846074 - ETPRO MOBILE_MALWARE Android MicroShiva Checkin
(mobile_malware.rules)
2846075 - ETPRO MOBILE_MALWARE Android Echa Reporting Contact List
(mobile_malware.rules)
2846076 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.gb Checkin
(mobile_malware.rules)
2846077 - ETPRO MOBILE_MALWARE Android EightBall CnC Beacon
(mobile_malware.rules)
2846078 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.adn Checkin
(mobile_malware.rules)
2846079 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.adn Checkin 2
(mobile_malware.rules)
2846080 - ETPRO TROJAN ELF/Gafgyt Variant CnC Checkin (trojan.rules)
2846081 - ETPRO TROJAN ELF/Gafgyt Variant Server Response (trojan.rules)
2846082 - ETPRO TROJAN ELF/Gafgyt Variant CnC Checkin (trojan.rules)
2846083 - ETPRO POLICY Observed SSL Cert (HashVault Monero Crypto Mining
Pool) (policy.rules)
2846084 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846085 - ETPRO TROJAN MSIL/Agent.DEB CnC Activity M2 (trojan.rules)
2846086 - ETPRO TROJAN MalDoc Retrieving Payload 2020-12-17 (trojan.rules)
2846087 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-17 1) (trojan.rules)
2846088 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-17 2) (trojan.rules)
2846089 - ETPRO CURRENT_EVENTS Successful ANZ Phish 2020-12-17
(current_events.rules)
2846090 - ETPRO CURRENT_EVENTS Successful Keybank Phish 2020-12-17
(current_events.rules)
2846091 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-12-17
(current_events.rules)
2846092 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-12-17
(current_events.rules)
2846093 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-12-17
(current_events.rules)
2846094 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-12-17
(current_events.rules)
2846095 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-12-17
(current_events.rules)
2846096 - ETPRO TROJAN MSIL/Agent.DEB CnC Activity (trojan.rules)
2846097 - ETPRO TROJAN MSIL/VexioPL InfoStealer Data Exfil M1
(trojan.rules)
2846098 - ETPRO TROJAN MSIL/VexioPL InfoStealer Data Exfil M2
(trojan.rules)
2846099 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-12-17
(current_events.rules)