[***] Summary: [***]
19 new OPEN, 21 new PRO (19 + 2). slock Ransomware,
Win32/Ciadoor.10.UPX, Cobalt Strike, Win32.Raccoon Stealer.
Thanks @TheDFIRReport, @quickheal and @malwrhunterteam
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034289 - ET TROJAN JsOutProx CnC Activity - Outbound (trojan.rules)
2034290 - ET TROJAN JsOutProx CnC Activity - Inbound (trojan.rules)
2034291 - ET TROJAN slock Ransomware CnC Activity (trojan.rules)
2034292 - ET TROJAN Casbaneiro CnC Host Checkin M2 (malware.rules)
2034293 - ET TROJAN Win32/Ciadoor.10.UPX CnC Activity M1 (trojan.rules)
2034294 - ET TROJAN Win32/Ciadoor.10.UPX CnC Activity M2 (trojan.rules)
2034295 - ET MALWARE SecureDriverUpdater Checkin (malware.rules)
2034296 - ET USER_AGENTS Suspicious User-Agent
(Microsoft-ATL-Native/9.00) (user_agents.rules)
2034297 - ET MALWARE Win32/Systweak Checkin M2 (malware.rules)
2034298 - ET USER_AGENTS Suspicious User-Agent (urlRequest)
(user_agents.rules)
2034299 - ET TROJAN Win32/Kryptik.HNBU CryptoMiner - GetTasks
Request (trojan.rules)
2034300 - ET TROJAN Win32/Kryptik.HNBU CryptoMiner - Report Request
(trojan.rules)
2034301 - ET TROJAN Win32/Small.NO Checkin (trojan.rules)
2034302 - ET TROJAN Observed Cobalt Strike Related Domain
(croperdate .com in TLS SNI) (trojan.rules)
2034303 - ET TROJAN Observed Cobalt Strike Related Domain (kaslose
.com in TLS SNI) (trojan.rules)
2034304 - ET TROJAN Observed Cobalt Strike Related Domain (cdnwin
.xyz in TLS SNI) (trojan.rules)
2034305 - ET TROJAN Win32/Agent.UWW Variant Activity (Retrieving
Commands) (trojan.rules)
2034306 - ET TROJAN Win32/Agent.UWW Variant Activity (Sending System
Information) (trojan.rules)
2034307 - ET TROJAN Fake Google Chrome Notifications Installer (trojan.rules)
Pro:
2850322 - ETPRO TROJAN Sorillus JS RAT Sending System Information
(POST) (trojan.rules)
2850323 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror
Checkin (toptelete .top) (malware.rules)
[///] Modified active rules: [///]
2844069 - ETPRO CURRENT_EVENTS Possible Successful
Facebook/Instagram Phish 2020-08-18 (current_events.rules)
[---] Removed rules: [---]
2839848 - ETPRO TROJAN JsOutProx CnC Activity - Outbound (trojan.rules)
2839849 - ETPRO TROJAN JsOutProx CnC Activity - Inbound (trojan.rules)
2850289 - ETPRO TROJAN JS RAT Sending System Information (POST) (trojan.rules)