[***] Summary: [***]
2 new OPEN, 27 new PRO (2 + 25). Beur Loader, Matanbuchus Stealer,
AsyncRAT, Various Phish.
Thanks: @mattdep_
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031609 - ET CURRENT_EVENTS Observed KnowBe4/Popcorn Training Simulated
Phish Landing Page M5 (current_events.rules)
2031610 - ET TROJAN Observed Buer Loader Domain (officewestunionbank .com
in TLS SNI) (trojan.rules)
Pro:
2847006 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.ar Checkin
(mobile_malware.rules)
2847007 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Ghimob.a TLS SNI
(mobile_malware.rules)
2847008 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.ar Checkin
2 (mobile_malware.rules)
2847009 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847010 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847011 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847012 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847013 - ETPRO CURRENT_EVENTS Successful Craigslist Phish 2021-02-10
(current_events.rules)
2847014 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-02-10 (current_events.rules)
2847015 - ETPRO CURRENT_EVENTS Successful Mobile DE Phish 2021-02-10
(current_events.rules)
2847016 - ETPRO CURRENT_EVENTS Successful Bankia Phish 2021-02-10
(current_events.rules)
2847017 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2021-02-10 (current_events.rules)
2847018 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-02-10 (current_events.rules)
2847019 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-02-10 (current_events.rules)
2847020 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2021-02-10
(current_events.rules)
2847021 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2021-02-10
(current_events.rules)
2847022 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2021-02-10
(current_events.rules)
2847023 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2021-02-10
(current_events.rules)
2847024 - ETPRO TROJAN Win32/Agent.AAVQ Variant CnC Activity
(trojan.rules)
2847025 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-10 1) (trojan.rules)
2847026 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-10 2) (trojan.rules)
2847027 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-10 3) (trojan.rules)
2847028 - ETPRO MALWARE Saleem Software Checkin (malware.rules)
2847029 - ETPRO TROJAN Matanbuchus Stealer CnC (trojan.rules)
2847030 - ETPRO CURRENT_EVENTS Successful TD Phish 2021-02-10
(current_events.rules)
[///] Modified active rules: [///]
2029829 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)
2029830 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)
2029831 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)
2029832 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)
2029833 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)
2029835 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)
2029836 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)
2031516 - ET CURRENT_EVENTS Observed KnowBe4/Popcorn Training Simulated
Phish Landing Page M1 (current_events.rules)
2031517 - ET CURRENT_EVENTS Observed KnowBe4/Popcorn Training Simulated
Phish Landing Page M2 (current_events.rules)
2031518 - ET CURRENT_EVENTS Observed KnowBe4/Popcorn Training Simulated
Phish Landing Page M3 (current_events.rules)
2031519 - ET CURRENT_EVENTS Observed KnowBe4/Popcorn Training Simulated
Phish Landing Page M4 (current_events.rules)
[///] Modified inactive rules: [///]
2029834 - ET CURRENT_EVENTS Observed DNS Query to KnowBe4 Simulated Phish
Domain (current_events.rules)