[***] Summary: [***]

65 new OPEN, 92 new PRO (65 + 27). Win32/MereTam.A Ransomware, Donot
Group, AsyncRAT, Various PHISH.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032419 - ET TROJAN Win32/MereTam.A Ransomware CnC Init Activity
(trojan.rules)
2032420 - ET TROJAN Win32/MereTam.A Ransomware CnC Checkin (trojan.rules)
2032421 - ET CURRENT_EVENTS Successful Excel Online Phish 2016-01-06
(current_events.rules)
2032422 - ET CURRENT_EVENTS Successful Google Drive Phish 2016-01-12
(current_events.rules)
2032423 - ET CURRENT_EVENTS Successful IRS Phish (set) 2016-01-23
(current_events.rules)
2032424 - ET CURRENT_EVENTS Successful Workspace Phish 2016-01-26
(current_events.rules)
2032425 - ET CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2016-02-01 (current_events.rules)
2032426 - ET CURRENT_EVENTS Successful USAA Phish M1 2016-02-06
(current_events.rules)
2032427 - ET CURRENT_EVENTS Successful USAA Phish M2 2016-02-06
(current_events.rules)
2032428 - ET CURRENT_EVENTS Successful Google Credential Phish
2016-02-17 (current_events.rules)
2032429 - ET CURRENT_EVENTS Successful Maersk Phishing 2016-02-25
(current_events.rules)
2032430 - ET CURRENT_EVENTS Successful FR Gmail Phish M1 2016-03-15
(current_events.rules)
2032431 - ET CURRENT_EVENTS Successful FR Gmail Phish M2 2016-03-15
(current_events.rules)
2032432 - ET CURRENT_EVENTS Successful Email System Manager Phish
2016-04-13 (current_events.rules)
2032433 - ET CURRENT_EVENTS Successful Sign PDF Phish 2016-05-18
(current_events.rules)
2032434 - ET CURRENT_EVENTS Successful Facebook Phish 2016-05-18
(current_events.rules)
2032435 - ET CURRENT_EVENTS Successful Excel Shared Document Phish
2016-06-02 (current_events.rules)
2032436 - ET CURRENT_EVENTS Successful Ebay Phish 2016-06-14
(current_events.rules)
2032437 - ET CURRENT_EVENTS Successful Yahoo Phish M2 2016-06-15
(current_events.rules)
2032438 - ET CURRENT_EVENTS Successful Square Phish 2016-06-15
(current_events.rules)
2032439 - ET CURRENT_EVENTS Successful Navy Federal Phish 2016-06-16
(current_events.rules)
2032440 - ET CURRENT_EVENTS Successful Earthlink Phish 2016-06-16
(current_events.rules)
2032441 - ET CURRENT_EVENTS Successful Christian Mingle Phish
2016-06-17 (current_events.rules)
2032442 - ET CURRENT_EVENTS Successful Maybank2u Phish 2016-06-17
(current_events.rules)
2032443 - ET CURRENT_EVENTS Successful Xfinity/Comcast Phish
2016-06-17 (current_events.rules)
2032444 - ET CURRENT_EVENTS Possible Amazon Phishing Domain
2016-06-21 (current_events.rules)
2032445 - ET CURRENT_EVENTS Possible barclays .co. uk Phishing
Domain 2016-06-22 (current_events.rules)
2032446 - ET CURRENT_EVENTS Successful Singtel Phish 2016-06-22
(current_events.rules)
2032447 - ET CURRENT_EVENTS Successful Email Termination Phish
2016-06-22 (current_events.rules)
2032448 - ET CURRENT_EVENTS Successful H&M Revenue Phish M2
2016-06-22 (current_events.rules)
2032449 - ET CURRENT_EVENTS Successful Microsoft Encrypted Email
Phish M2 2016-06-23 (current_events.rules)
2032450 - ET CURRENT_EVENTS Successful Standard Bank Phish
2016-06-23 (current_events.rules)
2032451 - ET CURRENT_EVENTS Successful Google Drive Phish M1
2016-06-11 (current_events.rules)
2032452 - ET CURRENT_EVENTS Successful Google Drive Phish M2
2016-06-11 (current_events.rules)
2032453 - ET CURRENT_EVENTS Successful Synchronize Email Account
Phish 2016-06-15 (current_events.rules)
2032454 - ET CURRENT_EVENTS Successful Webmail Account Upgrade Phish
2016-07-15 (current_events.rules)
2032455 - ET CURRENT_EVENTS Successful Earthlink Phish 2016-07-19
(current_events.rules)
2032456 - ET CURRENT_EVENTS Successful Webmail Account Upgrade Phish
2016-07-21 (current_events.rules)
2032457 - ET CURRENT_EVENTS Successful Intuit Phish 2016-08-01
(current_events.rules)
2032458 - ET CURRENT_EVENTS Tectite Web Form Submission - Possible
Successful Phish (current_events.rules)
2032459 - ET CURRENT_EVENTS Successful DHL Phish 2016-08-11
(current_events.rules)
2032460 - ET CURRENT_EVENTS Successful Adobe Shared Document Phish
2016-08-11 (current_events.rules)
2032461 - ET CURRENT_EVENTS Successful Dropbox Phish 2016-09-14
(current_events.rules)
2032462 - ET CURRENT_EVENTS Successful Personalized Adobe PDF Online
Phish 2016-10-26 (current_events.rules)
2032463 - ET CURRENT_EVENTS Successful Santander Bank Phish
2016-10-28 (current_events.rules)
2032464 - ET CURRENT_EVENTS Successful Wells Fargo Phish 2016-11-28
(current_events.rules)
2032465 - ET CURRENT_EVENTS Successful Generic Webmail Phish
2016-12-02 (current_events.rules)
2032466 - ET CURRENT_EVENTS Successful WhatsApp Phish M1 2016-12-07
(current_events.rules)
2032467 - ET CURRENT_EVENTS Successful BB&T Bank Phish 2016-12-15
(current_events.rules)
2032468 - ET INFO Killbot JS Configuration - Possible Phishing (info.rules)
2032469 - ET ACTIVEX Possible Sparkasse Phishing Domain 2021-04-05
(activex.rules)
2032470 - ET CURRENT_EVENTS HTTP POST Contains Only Password (tk)
2021-04-05 (current_events.rules)
2032471 - ET CURRENT_EVENTS HTTP POST Contains Only Password (ml)
2021-04-05 (current_events.rules)
2032472 - ET CURRENT_EVENTS HTTP POST Contains Only Password (gq)
2021-04-05 (current_events.rules)
2032473 - ET CURRENT_EVENTS HTTP POST Contains Only Password (ga)
2021-04-05 (current_events.rules)
2032474 - ET CURRENT_EVENTS HTTP POST Contains Only Password (cf)
2021-04-05 (current_events.rules)
2032475 - ET CURRENT_EVENTS HTTP POST Contains Only Password (xyz)
2021-04-05 (current_events.rules)
2032476 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
External Server (current_events.rules)
2032477 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
Internal Server (current_events.rules)
2032478 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
External Server (current_events.rules)
2032479 - ET CURRENT_EVENTS Generic Phishing Panel Accessed on
Internal Server (current_events.rules)
2032480 - ET CURRENT_EVENTS Possible PurpleFox EK Redirect M2
(current_events.rules)
2032481 - ET CURRENT_EVENTS Suspicious GitHack TLS SNI Request -
Possible PurpleFox EK (current_events.rules)
2032482 - ET CURRENT_EVENTS Suspicious GitHack DNS Request -
Possible PurpleFox EK (current_events.rules)
2032483 - ET TROJAN DonotGroup Template Download (trojan.rules)

Pro:

2847999 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848000 - ETPRO TROJAN Win32/GenCBL.AFU CnC Activity (trojan.rules)
2848001 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-03 1) (trojan.rules)
2848002 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-03 2) (trojan.rules)
2848003 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-03 3) (trojan.rules)
2848004 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-04-05 (current_events.rules)
2848005 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-04-05 (current_events.rules)
2848006 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2021-04-05
(current_events.rules)
2848007 - ETPRO CURRENT_EVENTS Successful Telus Phish 2021-04-05
(current_events.rules)
2848008 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2021-04-05 (current_events.rules)
2848009 - ETPRO CURRENT_EVENTS Successful MyJCB Phish 2021-04-05
(current_events.rules)
2848010 - ETPRO CURRENT_EVENTS Successful Generic Mobile Banking
Phish 2021-04-05 (current_events.rules)
2848011 - ETPRO CURRENT_EVENTS Successful Sparkasse Phish 2021-04-05
(current_events.rules)
2848012 - ETPRO CURRENT_EVENTS Successful Career Placement
000webhostapp Hosted Phish 2021-04-05 (current_events.rules)
2848013 - ETPRO CURRENT_EVENTS Successful Assurance Maladie Phish
2021-04-05 (current_events.rules)
2848014 - ETPRO CURRENT_EVENTS Successful Paypal BR Phish 2021-04-05
(current_events.rules)
2848015 - ETPRO CURRENT_EVENTS Successful Snapchat 000webhostapp
Hosted Phish 2021-04-05 (current_events.rules)
2848016 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 1) (trojan.rules)
2848017 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 2) (trojan.rules)
2848018 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 3) (trojan.rules)
2848019 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 4) (trojan.rules)
2848020 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 5) (trojan.rules)
2848021 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 6) (trojan.rules)
2848022 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 7) (trojan.rules)
2848023 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 8) (trojan.rules)
2848024 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-05 9) (trojan.rules)
2848025 - ETPRO CURRENT_EVENTS Successful Caixa Phish 2021-04-05
(current_events.rules)

[///] Modified active rules: [///]

2846307 - ETPRO CURRENT_EVENTS PurpleFox Exploit Kit Landing Page
(current_events.rules)

Date:
Summary title:
65 new OPEN, 92 new PRO (65 + 27). Win32/MereTam.A Ransomware, Donot Group, AsyncRAT, Various PHISH.