[***] Summary: [***]
4 new OPEN, 23 new PRO (4 + 19). Ursnif, AsyncRAT, Various Phish.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2033201 - ET INFO Ransomware Decryptor Domain in DNS Query
(decryptor .top) (info.rules)
2033202 - ET INFO Ransomware Decryptor Domain in DNS Query (decoder
.re) (info.rules)
2033203 - ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
(trojan.rules)
2033204 - ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
(trojan.rules)
Pro:
2849105 - ETPRO TROJAN Win32/Woreflint Discord Activity (POST) (trojan.rules)
2849106 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849107 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849108 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2021-06-29
(current_events.rules)
2849109 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2021-06-29 (current_events.rules)
2849110 - ETPRO INFO Suspicious URL Encoded Hex String Observed
(This program...) M1 (info.rules)
2849111 - ETPRO INFO Suspicious URL Encoded Hex String Observed
(This program...) M2 (info.rules)
2849112 - ETPRO CURRENT_EVENTS Successful BMO Harris Bank Phish
2021-06-29 (current_events.rules)
2849113 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 1) (trojan.rules)
2849114 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 2) (trojan.rules)
2849115 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 3) (trojan.rules)
2849116 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 4) (trojan.rules)
2849117 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 5) (trojan.rules)
2849118 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 6) (trojan.rules)
2849119 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 7) (trojan.rules)
2849120 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 8) (trojan.rules)
2849121 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 9) (trojan.rules)
2849122 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 10) (trojan.rules)
2849123 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-29 11) (trojan.rules)
[///] Modified active rules: [///]
2847916 - ETPRO TROJAN DTLoader Obfuscated HTML Payload Inbound (trojan.rules)