[***] Summary: [***]
12 new OPEN, 27 new PRO (12 + 15). AppleJeus, NukeSped, Radmin, and
VARIOUS PHISHING
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031630 - ET TROJAN AppleJeus - Kupay Wallet CnC Domain in DNS Lookup
(kupaywallet .com) (trojan.rules)
2031631 - ET TROJAN AppleJeus - Kupay Wallet CnC Domain in DNS Lookup
(levelframeblog .com) (trojan.rules)
2031632 - ET TROJAN AppleJeus - Kupay Wallet CnC Activity (trojan.rules)
2031633 - ET TROJAN AppleJeus - CoinGoTrade CnC Domain in DNS Lookup
(coingotrade .com) (trojan.rules)
2031634 - ET TROJAN OSX/NukeSped Variant CnC Domain in DNS Lookup
(airbseeker .com) (trojan.rules)
2031635 - ET TROJAN OSX/NukeSped Variant CnC Domain in DNS Lookup
(globalkeystroke .com) (trojan.rules)
2031636 - ET TROJAN OSX/NukeSped Variant CnC Domain in DNS Lookup
(woodmate .it) (trojan.rules)
2031637 - ET TROJAN OSX/NukeSped Variant CnC Activity (trojan.rules)
2031638 - ET TROJAN AppleJeus - Dorusio CnC Domain in DNS Lookup (dorusio
.com) (trojan.rules)
2031639 - ET TROJAN AppleJeus - Ants2Whale CnC Domain in DNS Lookup
(ants2whale .com) (trojan.rules)
2031640 - ET TROJAN AppleJeus - Ants2Whale CnC Domain in DNS Lookup
(qnalytica .com) (trojan.rules)
2031641 - ET TROJAN Win32/LODEINFO v0.4.6 CnC Checkin (trojan.rules)
Pro:
2847222 - ETPRO TROJAN Malicious Second Stage Payload Inbound 2021-02-19
(trojan.rules)
2847223 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-19 1) (trojan.rules)
2847224 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-19 2) (trojan.rules)
2847225 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-19 3) (trojan.rules)
2847226 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-02-19
(current_events.rules)
2847227 - ETPRO CURRENT_EVENTS Successful Discover Phish 2021-02-19
(current_events.rules)
2847228 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-02-19
(current_events.rules)
2847229 - ETPRO CURRENT_EVENTS Successful Discover Phish 2021-02-19
(current_events.rules)
2847230 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-02-19 (current_events.rules)
2847231 - ETPRO CURRENT_EVENTS Successful CashApp Phish 2021-02-19
(current_events.rules)
2847232 - ETPRO CURRENT_EVENTS Successful Xfinity Comcast Phish 2021-02-19
(current_events.rules)
2847233 - ETPRO TROJAN Unk.W32/Radmin CnC Activity M1 (trojan.rules)
2847234 - ETPRO TROJAN Unk.W32/Radmin CnC Activity M2 (trojan.rules)
2847235 - ETPRO TROJAN Unk.W32/Downloader CnC Initial Host Checkin
(trojan.rules)
2847236 - ETPRO TROJAN Win32/Remcos RAT Checkin 679 (trojan.rules)
[///] Modified active rules: [///]
2030053 - ET TROJAN Win32/IcedID Requesting Encoded Binary M4
(trojan.rules)
2031627 - ET TROJAN AppleJeus - Union Crypto CnC Activity (trojan.rules)