[***]            Summary:            [***]

6 new Open, 46 new Pro (6 + 40). Various IoT Vulns, Various Ransomware, Various Coinminers, Various Powershell, and VARIOUS PHISH.

tks @malwrhunterteam

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2003626 - ET INFO Double User-Agent (User-Agent User-Agent) (info.rules)
2029212 - ET TROJAN Win32/ViSystem CnC Checkin (trojan.rules)
2029213 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection Outbound (CVE-2019-7256) (exploit.rules)
2029214 - ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Inbound (exploit.rules)
2029215 - ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound (exploit.rules)
2029216 - ET INFO Suspicious Chmod Usage in URI (Outbound) (info.rules)

Pro:

2839239 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839646 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839648 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839671 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839837 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839839 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839940 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839942 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839944 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2839946 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840023 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2840163 - ETPRO TROJAN Win32/PredatorTheThief CnC Activity (trojan.rules)
2840164 - ETPRO INFO Observed Decmial Encoded EXE Inbound (info.rules)
2840165 - ETPRO TROJAN Observed Powershell Browser Stealer Code Inbound (Chrome) (trojan.rules)
2840166 - ETPRO TROJAN Powershell Empire Get-ChromeDump Code Inbound (trojan.rules)
2840167 - ETPRO INFO Observed Powershell OS Screenshot Code Inbound (info.rules)
2840168 - ETPRO INFO Observed Powershell Keylogging Code Inbound (info.rules)
2840169 - ETPRO TROJAN Win32/Various Ransomware CnC Activity (trojan.rules)
2840170 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish 2019-12-31 (current_events.rules)
2840171 - ETPRO CURRENT_EVENTS Successful Banorte Bank Phish 2019-12-31 (current_events.rules)
2840172 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-31 (current_events.rules)
2840173 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-31 (current_events.rules)
2840174 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-31 (current_events.rules)
2840175 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-31 (current_events.rules)
2840176 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-31 (current_events.rules)
2840177 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-31 (current_events.rules)
2840178 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-31 (current_events.rules)
2840179 - ETPRO CURRENT_EVENTS Successful Bank of America Phish 2019-12-31 (current_events.rules)
2840180 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-12-31 (current_events.rules)
2840181 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-12-31 (current_events.rules)
2840182 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-12-31 (current_events.rules)
2840183 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-31 (current_events.rules)
2840184 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-12-31 (current_events.rules)
2840185 - ETPRO CURRENT_EVENTS Successful Facebook FR Phish 2019-12-31 (current_events.rules)
2840186 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-12-31 (current_events.rules)
2840187 - ETPRO CURRENT_EVENTS Successful Hinet Phish 2019-12-31 (current_events.rules)
2840188 - ETPRO CURRENT_EVENTS Successful Sprint Identityguard Phish 2019-12-31 (current_events.rules)
2840189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-31 1) (trojan.rules)
2840190 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-31 2) (trojan.rules)
2840191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-12-31 3) (trojan.rules)

[///]     Modified active rules:     [///]

2009363 - ET WEB_SERVER Suspicious Chmod Usage in URI (Inbound) (web_server.rules)
2018403 - ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe (trojan.rules)
2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86) (trojan.rules)
2029207 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection Inbound (CVE-2019-7256) (exploit.rules)
2839331 - ETPRO INFO Suspicious User-Agent containing Loader Observed (info.rules)

[---]         Removed rules:         [---]

2003626 - ET MALWARE Double User-Agent (User-Agent User-Agent) (malware.rules)
2839239 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839646 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839648 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839671 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839837 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839839 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839940 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839942 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839944 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2839946 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)
2840023 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules)

Date: 
Monday, December 30, 2019 - 22:00