[***] Summary: [***]
3 new OPEN, 30 new PRO (3 + 27). Detplock, AsyncRAT, Woreflint, Various
Phish.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031606 - ET WEB_SERVER Generic Mailer Accessed on Internal Compromised
Server (web_server.rules)
2031607 - ET WEB_CLIENT Generic Mailer Accessed on External Compromised
Server (web_client.rules)
2031608 - ET TROJAN Win32/Detplock Checkin via SMTP (trojan.rules)
Pro:
2846953 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846954 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846955 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846956 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846957 - ETPRO CURRENT_EVENTS Successful JACCS Phish 2021-02-08
(current_events.rules)
2846958 - ETPRO CURRENT_EVENTS Successful Generic Bank Verification Phish
2021-02-08 (current_events.rules)
2846959 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-02-08 (current_events.rules)
2846960 - ETPRO CURRENT_EVENTS Successful Discover Phish 2021-02-08
(current_events.rules)
2846961 - ETPRO CURRENT_EVENTS Successful Discover Phish 2021-02-08
(current_events.rules)
2846962 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-02-08
(current_events.rules)
2846963 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2021-02-08 (current_events.rules)
2846964 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2021-02-08
(current_events.rules)
2846965 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2021-02-08
(current_events.rules)
2846966 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2021-02-08
(current_events.rules)
2846967 - ETPRO CURRENT_EVENTS Microsoft Account Redirector 2021-02-08
(current_events.rules)
2846968 - ETPRO TROJAN VBS/SAgent Variant CnC Activity (trojan.rules)
2846969 - ETPRO MALWARE W32/StartSurf Activity (malware.rules)
2846970 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-05 1) (trojan.rules)
2846971 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-05 2) (trojan.rules)
2846972 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-02-08 (current_events.rules)
2846973 - ETPRO CURRENT_EVENTS Successful MyJCB Phish 2021-02-08
(current_events.rules)
2846974 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-08
(current_events.rules)
2846975 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-08
(current_events.rules)
2846976 - ETPRO INFO Inbound Java Runtime Exec in HTTP POST (info.rules)
2846977 - ETPRO TROJAN Win32/Remcos RAT Checkin 673 (trojan.rules)
2846978 - ETPRO MALWARE Notorious Installer Activity (malware.rules)
2846979 - ETPRO TROJAN Win32/Woreflint Variant CnC (trojan.rules)