[***] Summary: [***]
5 new OPEN, 29 new PRO (5 + 24). AsyncRAT, Redline, W32/Startun and Various Coinminer Sigs.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031454 - ET TROJAN FIN7/Carbanak CnC Domain in DNS Lookup
(sephardimension .com) (trojan.rules)
2031455 - ET TROJAN FIN7/Carbanak CnC Domain in DNS Lookup
(besaintegration .com) (trojan.rules)
2031456 - ET TROJAN FIN7/Carbanak CnC Domain in DNS Lookup (dmnadmin .com)
(trojan.rules)
2031457 - ET TROJAN FIN7/Carbanak CnC Domain in DNS Lookup (sendbits
.m2stor4ge .xyz) (trojan.rules)
2031458 - ET TROJAN FIN7/Carbanak CnC Domain in DNS Lookup (myrric-uses
.singlejets .com) (trojan.rules)
Pro:
2846260 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846261 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846262 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846263 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846264 - ETPRO TROJAN ELF/DarkNexus Variant CnC Activity (trojan.rules)
2846265 - ETPRO TROJAN Redline - SendClientInfo Request (trojan.rules)
2846266 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-24 1) (trojan.rules)
2846267 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-24 2) (trojan.rules)
2846268 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 1) (trojan.rules)
2846269 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 2) (trojan.rules)
2846270 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 3) (trojan.rules)
2846271 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 4) (trojan.rules)
2846272 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 5) (trojan.rules)
2846273 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 6) (trojan.rules)
2846274 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 7) (trojan.rules)
2846275 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 8) (trojan.rules)
2846276 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 9) (trojan.rules)
2846277 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 10) (trojan.rules)
2846278 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-28 11) (trojan.rules)
2846279 - ETPRO TROJAN W32/Startun CnC Activity (trojan.rules)
2846280 - ETPRO TROJAN Win32/TrojanDownloader.Agent.FGQ Variant CnC
Activity M2 (trojan.rules)
2846281 - ETPRO TROJAN Win32/Remcos RAT Checkin 635 (trojan.rules)
2846282 - ETPRO TROJAN Win32/Remcos RAT Checkin 636 (trojan.rules)
2846283 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-12-28
(current_events.rules)
[///] Modified active rules: [///]
2846246 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)