[***]            Summary:            [***]

7 new OPEN, 18 new PRO (7 + 11). PurpleFox EK, DarkSide Ransomware, and Win64/Kryptik.BZY CnC.

Thanks: @nao_sec.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031459 - ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure
(web.config) (exploit.rules)
  2031460 - ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure
(SWNetPerfMon.db) (exploit.rules)
  2031461 - ET CURRENT_EVENTS PurpleFox EK Domain in DNS Lookup
(current_events.rules)
  2031462 - ET TROJAN Possible PurpleFox EK Framework URI Struct Payload
Request M1 (trojan.rules)
  2031463 - ET TROJAN Possible PurpleFox EK Redirect (trojan.rules)
  2031464 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)
  2031465 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)

Pro:

  2846284 - ETPRO TROJAN DarkSide Ransomware CnC Activity (trojan.rules)
  2846285 - ETPRO TROJAN DarkSide Ransomware Server Response (trojan.rules)
  2846286 - ETPRO TROJAN Observed Malicious SSL Cert (Win64/Kryptik.BZY CnC)
(trojan.rules)
  2846287 - ETPRO TROJAN Win64/Kryptik.BZY CnC Activity (trojan.rules)
  2846288 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-29 1) (trojan.rules)
  2846289 - ETPRO CURRENT_EVENTS Successful redit Card Information Phish
2020-12-29 (current_events.rules)
  2846290 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-29 (current_events.rules)
  2846291 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-29 (current_events.rules)
  2846292 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2020-12-29
(current_events.rules)
  2846293 - ETPRO TROJAN Observed DarkSide Ransomware CnC Domain in TLS SNI
(trojan.rules)
  2846294 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2020-12-29
(current_events.rules)

[///]     Modified active rules:     [///]

  2809127 - ETPRO MALWARE PUP.3lsoft Checkin (malware.rules)
  2844133 - ETPRO TROJAN DCRat Initial Checkin Server Response
(trojan.rules)
  2846256 - ETPRO TROJAN DCRat Initial Checkin Server Response M2
(trojan.rules)

Date:
Summary title:
7 new OPEN, 18 new PRO (7 + 11). PurpleFox EK, DarkSide Ransomware, and Win64/Kryptik.BZY CnC.