[***] Summary: [***]

12 new OPEN, 13 new PRO (12 + 1). PurpleFox, Cobalt Strike, Gamaredon, Arkei Stealer, Molerats, White Soft Loader

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.

Please note there will be no release tomorrow, 3/4 due to a company planned PTO holiday.

[+++] Added rules: [+++]

Open:

2035384 - ET TROJAN Win32/PurpleFox Related Domain in DNS Lookup (trojan.rules)

2035385 - ET TROJAN Win32/PurpleFox Retrieving File (GET) (trojan.rules)

2035386 - ET TROJAN Win32/PlugX Related Domain in DNS Lookup (trojan.rules)

2035387 - ET TROJAN Win32/Uwamson Variant Activity (GET) (trojan.rules)

2035388 - ET TROJAN Cobalt Strike Related Domain in DNS Lookup (jaxebiridi .com) (trojan.rules)

2035389 - ET TROJAN Cobalt Strike Activity (GET) (trojan.rules)

2035390 - ET TROJAN Win32/Pterodo Activity (POST) (trojan.rules)

2035391 - ET TROJAN Gamaredon APT Related Maldoc Activity (GET) (trojan.rules)

2035392 - ET TROJAN Win32/Arkei Stealer CnC Checkin (POST) (trojan.rules)

2035393 - ET TROJAN Win32/Arkei Stealer CnC Checkin (GET) (trojan.rules)

2035394 - ET TROJAN TA402/Molerats Related Domain in DNS Lookup (trojan.rules)

2035395 - ET TROJAN TA402/Molerats Related Domain in DNS Lookup (trojan.rules)

Pro:

2851192 - ETPRO TROJAN White Soft Loader CnC Activity (trojan.rules)

[///] Modified active rules: [///]

2029812 - ET TROJAN Malicious VBE Script (COVID-19 Phish 2020-04-03) (trojan.rules)