[***] Summary: [***]

8 new OPEN, 15 new PRO (8 + 7) Cobalt Strike, Wifi Geolocation
Requests, Kimsuky, and VARIOUS PHISHING.

Thanks @rootprivilege, @James_inthe_box and @malwrhunterteam

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2002833 - ET SCAN Yahoo Crawler Crawl (scan.rules)
2033006 - ET CURRENT_EVENTS Successful Generic Phish 2020-09-21
(current_events.rules)
2033007 - ET CURRENT_EVENTS Successful Chase Phish 2020-10-14
(current_events.rules)
2033008 - ET TROJAN Cobalt Strike Malleable C2 JQuery Custom Profile
M3 (trojan.rules)
2033009 - ET TROJAN Cobalt Strike Malleable C2 JQuery Custom Profile
Response (trojan.rules)
2033010 - ET POLICY Observed Wifi Geolocation Domain (api .mylnikov
.org in TLS SNI) (policy.rules)
2033011 - ET POLICY Wifi Geolocation Lookup Attempt (policy.rules)
2033012 - ET TROJAN Suspected Kimsuky Activity (GET) (trojan.rules)

Pro:

2848638 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848639 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-21 1) (trojan.rules)
2848640 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-21 2) (trojan.rules)
2848641 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-21 3) (trojan.rules)
2848642 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-05-21 4) (trojan.rules)
2848643 - ETPRO CURRENT_EVENTS Successful Commerce Bank Phish
2021-05-21 (current_events.rules)
2848644 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-05-21 (current_events.rules)

[///] Modified inactive rules: [///]

2024979 - ET TROJAN Observed Malicious SSL Cert (IcedID CnC) (trojan.rules)

[---] Removed rules: [---]

2002833 - ET POLICY Yahoo Crawler Crawl (policy.rules)
2844547 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-09-21
(current_events.rules)
2844944 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-10-14
(current_events.rules)