[***] Summary: [***]

5 new OPEN, 37 new PRO (5 + 32). Cobalt Strike, Magecart,
Android/Agent.BQX, AsyncRAT, XMRig, Various Phish.

Thanks @_brettfitz and @rootprivilege

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033141 - ET TROJAN Cobalt Strike Malleable C2 (WooCommerce Profile)
(trojan.rules)
2033142 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2033143 - ET TROJAN Cobalt Strike Beacon Activity (Wordpress
Profile) (trojan.rules)
2033144 - ET TROJAN Magecart Skimmer Websocket Domain in DNS Lookup
(trojan.rules)
2033145 - ET MALWARE Cobalt Strike Beacon Activity (GET) (malware.rules)

Pro:

2848947 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 111
(mobile_malware.rules)
2848948 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 112
(mobile_malware.rules)
2848949 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 113
(mobile_malware.rules)
2848950 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848951 - ETPRO TROJAN Observed Malicious Downloader User-Agent (trojan.rules)
2848952 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848953 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848954 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848955 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848956 - ETPRO TROJAN ELF/Mirai Variant CnC Keep-Alive (Inbound)
(trojan.rules)
2848957 - ETPRO TROJAN Likely MalDoc Retrieving Payload 2021-06-15
(trojan.rules)
2848958 - ETPRO TROJAN ELF/XMRig Miner Module Inbound (processhider)
(trojan.rules)
2848959 - ETPRO TROJAN ELF/XMRig Miner Module Inbound (dbus) (trojan.rules)
2848960 - ETPRO TROJAN ELF/XMRig Miner Config Inbound (trojan.rules)
2848961 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-03 2) (trojan.rules)
2848962 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 1) (trojan.rules)
2848963 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 2) (trojan.rules)
2848964 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 3) (trojan.rules)
2848965 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 4) (trojan.rules)
2848966 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 5) (trojan.rules)
2848967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 6) (trojan.rules)
2848968 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 7) (trojan.rules)
2848969 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 8) (trojan.rules)
2848970 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 9) (trojan.rules)
2848971 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 10) (trojan.rules)
2848972 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 11) (trojan.rules)
2848973 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-14 12) (trojan.rules)
2848974 - ETPRO CURRENT_EVENTS Successful Banco Ciudad Phish
2021-06-15 (current_events.rules)
2848975 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-06-15
(current_events.rules)
2848976 - ETPRO CURRENT_EVENTS Succesful Wells Fargo Phish
2021-06-15 (current_events.rules)
2848977 - ETPRO TROJAN Win32/Remcos RAT Checkin 724 (trojan.rules)
2848978 - ETPRO TROJAN Observed AZORult CnC Domain in TLS SNI (trojan.rules)

[///] Modified active rules: [///]

2005320 - ET USER_AGENTS Suspicious User-Agent (MyAgent) (user_agents.rules)
2825827 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-07 1) (trojan.rules)
2825828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-07 2) (trojan.rules)
2826162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 3) (trojan.rules)
2826163 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-04-28 4) (trojan.rules)
2826763 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-06-14 1) (trojan.rules)
2827236 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-07-19 5) (trojan.rules)
2827874 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 8) (trojan.rules)
2827879 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-09-08 13) (trojan.rules)
2828294 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-13 8) (trojan.rules)
2828437 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-26 7) (trojan.rules)
2828439 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-10-26 9) (trojan.rules)
2828596 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 4) (trojan.rules)
2828597 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-09 5) (trojan.rules)
2828619 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-10 2) (trojan.rules)
2828729 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-11-30 1) (trojan.rules)
2828738 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-01 3) (trojan.rules)
2828739 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-01 3) (trojan.rules)
2828832 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 4) (trojan.rules)
2828834 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-08 6) (trojan.rules)
2828899 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-13 4) (trojan.rules)
2828909 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 2) (trojan.rules)
2828976 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 5) (trojan.rules)
2828977 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-18 6) (trojan.rules)
2829139 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 9) (trojan.rules)
2829154 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 11) (trojan.rules)
2829162 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 17) (trojan.rules)
2829175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-04 6) (trojan.rules)
2829185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-05 3) (trojan.rules)
2829207 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 5) (trojan.rules)
2829211 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-08 9) (trojan.rules)
2829227 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-09 4) (trojan.rules)
2829256 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-11 2) (trojan.rules)
2829361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-19 4) (trojan.rules)
2829373 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-22 7) (trojan.rules)
2829390 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-23 3) (trojan.rules)
2829465 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-29 2) (trojan.rules)
2829559 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-05 10) (trojan.rules)
2829674 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-02-14 2) (trojan.rules)
2829904 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-06 2) (trojan.rules)
2829982 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-12 4) (trojan.rules)
2830075 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-20 4) (trojan.rules)
2830104 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-23 2) (trojan.rules)
2830170 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-03-28 3) (trojan.rules)
2830241 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-03 3) (trojan.rules)
2830298 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-06 3) (trojan.rules)
2830320 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-09 3) (trojan.rules)
2830385 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-13 2) (trojan.rules)
2830416 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-16 6) (trojan.rules)
2830480 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-19 3) (trojan.rules)
2830525 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-23 4) (trojan.rules)
2830564 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-25 6) (trojan.rules)
2830583 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-25 5) (trojan.rules)
2830605 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-27 4) (trojan.rules)
2830617 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-30 4) (trojan.rules)
2830621 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-30 8) (trojan.rules)
2830622 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-30 9) (trojan.rules)
2830663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 1) (trojan.rules)
2830665 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 3) (trojan.rules)
2830675 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-03 13) (trojan.rules)
2830715 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 5) (trojan.rules)
2830718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 8) (trojan.rules)
2830719 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 9) (trojan.rules)
2830725 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-07 15) (trojan.rules)
2830774 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-09 6) (trojan.rules)
2830776 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-09 8) (trojan.rules)
2830796 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-10 3) (trojan.rules)
2830798 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-10 5) (trojan.rules)
2830832 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 3) (trojan.rules)
2830833 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 4) (trojan.rules)
2830834 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 5) (trojan.rules)
2830840 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 11) (trojan.rules)
2830841 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 12) (trojan.rules)
2830843 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 14) (trojan.rules)
2830856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-15 4) (trojan.rules)
2830857 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-15 5) (trojan.rules)
2830862 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-15 9) (trojan.rules)
2830878 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-16 4) (trojan.rules)
2830881 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-16 7) (trojan.rules)
2830916 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-18 2) (trojan.rules)
2830921 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-18 7) (trojan.rules)
2831020 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-24 2) (trojan.rules)
2831066 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-29 3) (trojan.rules)
2831067 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-29 4) (trojan.rules)
2831105 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-31 3) (trojan.rules)
2831126 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-01 5) (trojan.rules)
2831149 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-04 7) (trojan.rules)
2831173 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-06 5) (trojan.rules)
2831186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-07 2) (trojan.rules)
2831198 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-08 2) (trojan.rules)
2831213 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-11 9) (trojan.rules)
2831214 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-11 10) (trojan.rules)
2831263 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-13 3) (trojan.rules)
2831290 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-15 4) (trojan.rules)
2831313 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-18 10) (trojan.rules)
2831366 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-06-20 6) (trojan.rules)
2831514 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-02 7) (trojan.rules)
2831570 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-05 5) (trojan.rules)
2831578 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-05 13) (trojan.rules)
2831598 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-06 4) (trojan.rules)
2831633 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 1) (trojan.rules)
2831640 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-09 8) (trojan.rules)
2831762 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-12 5) (trojan.rules)
2831812 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-07-16 8) (trojan.rules)
2833688 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-11-28 2) (trojan.rules)
2840728 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-01-29 2) (trojan.rules)
2841702 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-03-25 1) (trojan.rules)
2842483 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-05-11 1) (trojan.rules)
2847322 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-24 6) (trojan.rules)
2847378 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-01 6) (trojan.rules)
2847460 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-05 2) (trojan.rules)
2847714 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-20 1) (trojan.rules)

[///] Modified inactive rules: [///]

2828996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2017-12-15 2) (trojan.rules)
2829160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-01-02 15) (trojan.rules)

[---] Removed rules: [---]

2830240 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-04-03 2) (trojan.rules)
2848928 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)

Date:
Summary title:
5 new OPEN, 37 new PRO (5 + 32). Cobalt Strike, Magecart, Android/Agent.BQX, AsyncRAT, XMRig, Various Phish.