[***] Summary: [***]
5 new OPEN, 30 new PRO (5 + 25). TrickBot, Remcos, AsyncRAT,
Various Phish, Others.
Thanks @james_inthe_box.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031599 - ET TROJAN Win32/SystemBC CnC Checkin (trojan.rules)
2031600 - ET TROJAN Win32/TrickBot maserv Module Command (trojan.rules)
2031601 - ET TROJAN Win32/TrickBot maserv Module CnC Activity (trojan.rules)
2031602 - ET SCAN Generic IDBTE4M Exploit Scanner (Outbound) (scan.rules)
2031603 - ET SCAN Generic IDBTE4M Exploit Scanner (Inbound) (scan.rules)
Pro:
2846872 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.di
Checkin (mobile_malware.rules)
2846873 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846874 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 1) (trojan.rules)
2846875 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 2) (trojan.rules)
2846876 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 3) (trojan.rules)
2846877 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 4) (trojan.rules)
2846878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 5) (trojan.rules)
2846879 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 6) (trojan.rules)
2846880 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-02 7) (trojan.rules)
2846881 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2021-02-02
(current_events.rules)
2846882 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2021-02-02 (current_events.rules)
2846883 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-02-02
(current_events.rules)
2846884 - ETPRO CURRENT_EVENTS Successful Unach University MX Phish
2021-02-02 (current_events.rules)
2846885 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-02-02
(current_events.rules)
2846886 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2021-02-02
(current_events.rules)
2846887 - ETPRO CURRENT_EVENTS Successful ItechX Phish 2021-02-02
(current_events.rules)
2846888 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish
2021-02-02 (current_events.rules)
2846889 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-02-02 (current_events.rules)
2846890 - ETPRO CURRENT_EVENTS Successful Impots Gouv FR Phish
2021-02-02 (current_events.rules)
2846891 - ETPRO TROJAN Win32/Remcos RAT Checkin 667 (trojan.rules)
2846892 - ETPRO TROJAN Rift Rebirth Discord Token Grabber Exfil via
Discord (trojan.rules)
2846893 - ETPRO TROJAN Win32/Remcos RAT Checkin 668 (trojan.rules)
2846894 - ETPRO CURRENT_EVENTS Successful Office365 Phish 2021-02-02
(current_events.rules)
2846895 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2021-02-02
(current_events.rules)
2846896 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2021-02-02
(current_events.rules)
[---] Removed rules: [---]
2841309 - ETPRO TROJAN Win32/SystemBC CnC Checkin (trojan.rules)
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team