[***] Summary: [***]

15 new OPEN, 17 new PRO (15 + 2). NSIS/TrojanDownloader.Agent.NZK,
Cobalt Strike, PerSwaysion Phishkit, Remcos.

Thanks @Unit42_Intel and @malware_traffic

There are a larger than normal amount of modified rules today due to
some changes made to our infrastructure. These changes caused updates
to rule metadata fields.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033990 - ET TROJAN NSIS/TrojanDownloader.Agent.NZK CnC Activity M1
(trojan.rules)
2033991 - ET TROJAN NSIS/TrojanDownloader.Agent.NZK CnC Activity M2
(trojan.rules)
2033992 - ET TROJAN NSIS/TrojanDownloader.Agent.NZK Server Response
(trojan.rules)
2033993 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike) (trojan.rules)
2033994 - ET EXPLOIT Cisco ASA XSS Attempt (CVE-2020-3580) (exploit.rules)
2033995 - ET TROJAN GCleaner Downloader Activity M5 (trojan.rules)
2033996 - ET CURRENT_EVENTS Outdated Browser Lure Landing Page M1
2021-09-14 (current_events.rules)
2033997 - ET CURRENT_EVENTS Outdated Browser Lure Landing Page M2
2021-09-14 (current_events.rules)
2033998 - ET CURRENT_EVENTS Outdated Browser Lure Landing Page M3
2021-09-14 (current_events.rules)
2033999 - ET CURRENT_EVENTS PerSwaysion Phishkit Javascript Checks
if New Visitor 2021-09-14 (current_events.rules)
2034000 - ET CURRENT_EVENTS PerSwaysion Phishkit Javascript Config
Variables 2021-09-14 (current_events.rules)
2034001 - ET CURRENT_EVENTS PerSwaysion Phishkit Javascript -
Observed Repetitive Custom CSS Components (current_events.rules)
2034002 - ET CURRENT_EVENTS PerSwaysion Phishkit Javascript -
Observed Repetitive Custom JS Components (current_events.rules)
2034003 - ET CURRENT_EVENTS PerSwaysion Phishkit Javascript Response
with Phishy Text 2021-09-14 (current_events.rules)
2034004 - ET EXPLOIT Microsoft Edge Chakra - InlineArrayPush Type
Confusion Inbound M2 (CVE-2018-8617) (exploit.rules)

Pro:

2850018 - ETPRO CURRENT_EVENTS outdatedbrowser .com CnC Domain in
DNS Lookup (current_events.rules)
2850019 - ETPRO TROJAN Win32/Remcos RAT Checkin 751 (trojan.rules)

[///] Modified active rules: [///]

2001035 - ET P2P Morpheus Install (p2p.rules)
2001036 - ET P2P Morpheus Install ini Download (p2p.rules)
2001037 - ET P2P Morpheus Update Request (p2p.rules)
2002659 - ET CHAT Yahoo IM Client Install (chat.rules)
2003614 - ET INFO WinUpack Modified PE Header Inbound (info.rules)
2003615 - ET INFO WinUpack Modified PE Header Outbound (info.rules)
2004546 - ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt
-- postingdetails.php postingid UPDATE (web_specific_apps.rules)

[---] Disabled and modified rules: [---]

2845437 - ETPRO TROJAN Observed CobaltStrike Style SSL Cert (Amazon
Profile) (trojan.rules)

Date:
Summary title:
15 new OPEN, 17 new PRO (15 + 2). NSIS/TrojanDownloader.Agent.NZK, Cobalt Strike, PerSwaysion Phishkit, Remcos.