[***] Summary: [***]
51 new OPEN, 65 new PRO (51 + 14). F5 CVE-2021-22986, Netbounce, Raccoon
Stealer, Various PHISH.
TIIF
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2032175 - ET CURRENT_EVENTS Shared Document Base64 Phishing Landing
2016-01-20 (current_events.rules)
2032176 - ET CURRENT_EVENTS Successful Generic Phish (Redirect to
Download PDF) 2016-02-08 (current_events.rules)
2032177 - ET CURRENT_EVENTS Successful Apple Phishing 2016-03-03
(current_events.rules)
2032178 - ET CURRENT_EVENTS Successful Apple Phish 2016-03-09
(current_events.rules)
2032179 - ET CURRENT_EVENTS Successful Google Drive Phish 2016-08-18
(current_events.rules)
2032180 - ET CURRENT_EVENTS Successful Bank of America Phish M1
2016-08-31 (current_events.rules)
2032181 - ET CURRENT_EVENTS Successful Google Drive Phish M1 2016-09-01
(current_events.rules)
2032182 - ET CURRENT_EVENTS Successful Western Union/Paypal Phish
2016-09-26 (current_events.rules)
2032183 - ET CURRENT_EVENTS Successful Apple Phish M2 2016-09-29
(current_events.rules)
2032184 - ET CURRENT_EVENTS Successful Gmail Phish 2016-09-30
(current_events.rules)
2032185 - ET CURRENT_EVENTS Successful Google Drive Phish 2016-10-14
(current_events.rules)
2032186 - ET CURRENT_EVENTS Successful Credit Agricole Bank (FR) Phish M1
2016-10-19 (current_events.rules)
2032187 - ET CURRENT_EVENTS Successful Windows Live Account Phish
2016-10-26 (current_events.rules)
2032188 - ET CURRENT_EVENTS Successful Yahoo Phish 2016-10-27
(current_events.rules)
2032189 - ET CURRENT_EVENTS Successful FreeMobile (FR) Phish M1
2016-10-31 (current_events.rules)
2032190 - ET CURRENT_EVENTS Successful Shared Adobe PDF Phish 2016-11-17
(current_events.rules)
2032191 - ET CURRENT_EVENTS Successful Linkedin Phish 2016-11-18
(current_events.rules)
2032192 - ET CURRENT_EVENTS Successful Credential Phish (Multiple Brands)
2016-11-18 (current_events.rules)
2032193 - ET CURRENT_EVENTS Successful HM Revenue Phish 2016-11-23
(current_events.rules)
2032194 - ET CURRENT_EVENTS Successful Barclays Phish M1 2016-11-23
(current_events.rules)
2032195 - ET CURRENT_EVENTS Successful Personalized Adobe Online PDF
Phish 2016-11-28 (current_events.rules)
2032196 - ET CURRENT_EVENTS Successful Chase Phish 2016-12-01
(current_events.rules)
2032197 - ET CURRENT_EVENTS Successful WhatsApp Phish M2 2016-12-07
(current_events.rules)
2032198 - ET CURRENT_EVENTS Successful Free Mobile (FR) Phish 2016-12-08
(current_events.rules)
2032199 - ET CURRENT_EVENTS Successful Paypal Phish 2016-12-09
(current_events.rules)
2032200 - ET WEB_CLIENT Javascript XOR Encoding - Observed in Apple
Phishing 2016-12-09 (web_client.rules)
2032201 - ET CURRENT_EVENTS Successful Password Protected AMEX Phish
2016-12-09 (current_events.rules)
2032202 - ET CURRENT_EVENTS Successful Chase Phishing 2016-12-12
(current_events.rules)
2032203 - ET CURRENT_EVENTS Successful Paypal Phish M1 2016-12-13
(current_events.rules)
2032204 - ET CURRENT_EVENTS Successful Paypal Phish M2 2016-12-13
(current_events.rules)
2032205 - ET CURRENT_EVENTS Successful Paypal Phish M3 2016-12-13
(current_events.rules)
2032206 - ET CURRENT_EVENTS Successful Paypal Phish M4 2016-12-13
(current_events.rules)
2032207 - ET CURRENT_EVENTS Successful Paypal Phish M5 2016-12-13
(current_events.rules)
2032208 - ET CURRENT_EVENTS Successful Adobe Shared PDF Phish 2016-12-13
(current_events.rules)
2032209 - ET CURRENT_EVENTS Successful Chase Phish 2016-12-13
(current_events.rules)
2032210 - ET CURRENT_EVENTS Mailbox Deactivation Phishing Landing
2016-12-15 (current_events.rules)
2032211 - ET CURRENT_EVENTS Successful Mailbox Deactivation Phish
2016-12-15 (current_events.rules)
2032212 - ET CURRENT_EVENTS Successful Credential Phish (Multiple Brands)
2016-12-22 (current_events.rules)
2032213 - ET CURRENT_EVENTS Successful Windows Live Phish 2016-12-23
(current_events.rules)
2032214 - ET CURRENT_EVENTS Successful Banamex Bank Phish 2016-12-29
(current_events.rules)
2032216 - ET TROJAN Win32/TrickBot Anchor Variant Style External IP Check
(trojan.rules)
2032217 - ET TROJAN W32/Trickbot C2 (networkDll module) (trojan.rules)
2032218 - ET TROJAN Trickbot Checkin Response (trojan.rules)
2032219 - ET TROJAN Possible Ransomware HTTP POST to Onion Link Domain
(trojan.rules)
2032220 - ET EXPLOIT [NCC/FOX-IT] Possible F5 BIG-IP/BIG-IQ iControl REST
RCE Attempt (CVE-2021-22986) (exploit.rules)
2032221 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(mydrinksare .top) (trojan.rules)
2032222 - ET TROJAN Netbounce Related Activity (Program Wrapper)
(trojan.rules)
2032223 - ET TROJAN Netbounce User-Agent (Netbounce) (trojan.rules)
2032224 - ET TROJAN Netbounce Proxy Activity (trojan.rules)
2032225 - ET TROJAN Netbounce Proxy User-Agent (idk) (trojan.rules)
2032226 - ET TROJAN Netbounce Program Wrapper Download (trojan.rules)
Pro:
2847699 - ETPRO TROJAN Win32/TrickBot Anchor Variant CnC Checkin
(trojan.rules)
2847700 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-19 1) (trojan.rules)
2847701 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-19 2) (trojan.rules)
2847702 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-19 3) (trojan.rules)
2847703 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-19 4) (trojan.rules)
2847704 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-19 5) (trojan.rules)
2847705 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-19 6) (trojan.rules)
2847706 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Phish 2021-03-19
(current_events.rules)
2847707 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-03-19
(current_events.rules)
2847708 - ETPRO CURRENT_EVENTS Successful Assurance Maladie Phish
2021-03-19 (current_events.rules)
2847709 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2021-03-19
(current_events.rules)
2847710 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-03-19
(current_events.rules)
2847711 - ETPRO CURRENT_EVENTS Successful Bank of America EDD Debit Card
Phish 2021-03-19 (current_events.rules)
2847712 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 17 (trojan.rules)
[///] Modified active rules: [///]
2030053 - ET TROJAN Win32/IcedID Requesting Encoded Binary M4
(trojan.rules)
[---] Disabled and modified rules: [---]
2026466 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-10-10
(current_events.rules)
[---] Removed rules: [---]
2815854 - ETPRO CURRENT_EVENTS Shared Document Base64 Phishing Landing
Jan 19 (current_events.rules)
2816102 - ETPRO CURRENT_EVENTS Successful Generic Phish (Redirect to
Download PDF) Feb 8 (current_events.rules)
2816492 - ETPRO CURRENT_EVENTS Successful Apple Phishing Mar 2
(current_events.rules)
2816583 - ETPRO CURRENT_EVENTS Successful Apple Phish Mar 8
(current_events.rules)
2821745 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Aug 18 2016
(current_events.rules)
2821937 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 31
2016 (current_events.rules)
2821979 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Sept M1 1
2016 (current_events.rules)
2822224 - ETPRO CURRENT_EVENTS Successful Western Union/Paypal Phish Sept
26 2016 (current_events.rules)
2822312 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Sept 29 2016
(current_events.rules)
2822335 - ETPRO CURRENT_EVENTS Successful Gmail Phish Sep 30 2016
(current_events.rules)
2822639 - ETPRO CURRENT_EVENTS Successful Google Drive Phish Oct 14 2016
(current_events.rules)
2822756 - ETPRO CURRENT_EVENTS Successful Credit Agricole Bank (FR) Phish
M1 Oct 19 2016 (current_events.rules)
2822899 - ETPRO CURRENT_EVENTS Successful Windows Live Account Phish Oct
26 2016 (current_events.rules)
2822942 - ETPRO CURRENT_EVENTS Successful Yahoo Phish Oct 27 2016
(current_events.rules)
2823012 - ETPRO CURRENT_EVENTS Successful FreeMobile (FR) Phish M1 Oct 31
2016 (current_events.rules)
2823310 - ETPRO CURRENT_EVENTS Successful Shared Adobe PDF Phish Nov 16
2016 (current_events.rules)
2823357 - ETPRO CURRENT_EVENTS Successful Linkedin Phish Nov 18 2016
(current_events.rules)
2823358 - ETPRO CURRENT_EVENTS Successful Credential Phish (Multiple
Brands) Nov 18 2016 (current_events.rules)
2823440 - ETPRO CURRENT_EVENTS Successful HM Revenue Phish Nov 22 2016
(current_events.rules)
2823441 - ETPRO CURRENT_EVENTS Successful Barclays Phish M1 Nov 22 2016
(current_events.rules)
2823518 - ETPRO CURRENT_EVENTS Successful Personalized Adobe Online PDF
Phish Nov 28 2016 (current_events.rules)
2823550 - ETPRO CURRENT_EVENTS Successful Chase Phish Nov 30 2016
(current_events.rules)
2823665 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish M2 Dec 07 2016
(current_events.rules)
2823693 - ETPRO CURRENT_EVENTS Successful Free Mobile (FR) Phish Dec 08
2016 (current_events.rules)
2823743 - ETPRO CURRENT_EVENTS Successful Paypal Phish Dec 09 2016
(current_events.rules)
2823747 - ETPRO WEB_CLIENT Javascript XOR Encoding - Observed in Apple
Phishing Dec 08 2016 (web_client.rules)
2823776 - ETPRO CURRENT_EVENTS Successful Password Protected AMEX Phish
Dec 09 2016 (current_events.rules)
2823782 - ETPRO CURRENT_EVENTS Successful Chase Phishing Dec 12 2016
(current_events.rules)
2823817 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 13 2016
(current_events.rules)
2823818 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Dec 13 2016
(current_events.rules)
2823819 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Dec 13 2016
(current_events.rules)
2823820 - ETPRO CURRENT_EVENTS Successful Paypal Phish M4 Dec 13 2016
(current_events.rules)
2823821 - ETPRO CURRENT_EVENTS Successful Paypal Phish M5 Dec 13 2016
(current_events.rules)
2823822 - ETPRO CURRENT_EVENTS Successful Adobe Shared PDF Phish Dec 13
2016 (current_events.rules)
2823824 - ETPRO CURRENT_EVENTS Successful Chase Phish Dec 13 2016
(current_events.rules)
2823910 - ETPRO CURRENT_EVENTS Mailbox Deactivation Phishing Landing Dec
15 2016 (current_events.rules)
2823911 - ETPRO CURRENT_EVENTS Successful Mailbox Deactivation Phish Dec
15 2016 (current_events.rules)
2824020 - ETPRO CURRENT_EVENTS Successful Credential Phish (Multiple
Brands) Dec 22 2016 (current_events.rules)
2824046 - ETPRO CURRENT_EVENTS Successful Windows Live Phish Dec 23 2016
(current_events.rules)
2824132 - ETPRO CURRENT_EVENTS Successful Banamex Bank Phish Dec 29 2016
(current_events.rules)
2830243 - ETPRO TROJAN W32/Trickbot C2 (networkDll module) (trojan.rules)
2832501 - ETPRO TROJAN Win32/TrickBot Anchor Variant CnC Checkin
(trojan.rules)
2834888 - ETPRO TROJAN Trickbot Checkin Response (trojan.rules)
2845479 - ETPRO TROJAN Win32/TrickBot Anchor Variant Style External IP
Check (trojan.rules)