[***] Summary: [***]
5 new OPEN, 26 new PRO (5 + 21). SaltStack CVE-2020-16846, Python.Stealer.vlu, Various Android, Various Phishing.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031492 - ET CURRENT_EVENTS Suspicious TikTok Domain Request - Possible
Phishing or Scam (current_events.rules)
2031493 - ET CURRENT_EVENTS Possible Instagram Phishing or Scam Landing
Page (current_events.rules)
2031494 - ET EXPLOIT Silver Peak Unity Orchestrator Exploitation Inbound
(CVE-2020-12146) (exploit.rules)
2031495 - ET EXPLOIT SaltStack Salt Exploitation Inbound (CVE-2020-16846)
(exploit.rules)
2031496 - ET TROJAN Win32/Injector.ULH CnC Activity (trojan.rules)
Pro:
2846384 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.pu Reporting
Contact List (mobile_malware.rules)
2846385 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Regon.p / Cerberus
Checkin (mobile_malware.rules)
2846386 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Regon.p / Cerberus
Reporting Installed Apps (mobile_malware.rules)
2846387 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.AO Checkin
(mobile_malware.rules)
2846388 - ETPRO TROJAN Win32/Python.Stealer.vlu CnC Screenshot Exfil via
FTP (trojan.rules)
2846389 - ETPRO TROJAN Win32/Python.Stealer.vlu CnC Password Exfil via
FTP (trojan.rules)
2846390 - ETPRO TROJAN Win32/Python.Stealer.vlu Config Inbound
(trojan.rules)
2846391 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2021-01-07 (current_events.rules)
2846392 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2021-01-07
(current_events.rules)
2846393 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2021-01-07
(current_events.rules)
2846394 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2021-01-07
(current_events.rules)
2846395 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2846396 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-01-07
(current_events.rules)
2846397 - ETPRO TROJAN Win32/Python.Stealer.vlu Requesting Config
(trojan.rules)
2846398 - ETPRO TROJAN W32/GenKryptik.ERSP!tr CnC Activity (trojan.rules)
2846399 - ETPRO TROJAN Win32/Remcos RAT Checkin 639 (trojan.rules)
2846400 - ETPRO TROJAN Win32/Remcos RAT Checkin 640 (trojan.rules)
2846401 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-07
(current_events.rules)
2846402 - ETPRO INFO Unusually Long dns .army Domain (info.rules)
2846403 - ETPRO CURRENT_EVENTS Successful Cox Phish 2021-01-07
(current_events.rules)
2846404 - ETPRO CURRENT_EVENTS Successful Rogers Phish 2021-01-07
(current_events.rules)
[///] Modified active rules: [///]
2012325 - ET WEB_CLIENT Obfuscated Javascript // ptth (web_client.rules)
2835219 - ETPRO TROJAN ELF/Mirai OKANE Variant User-Agent Observed
(Inbound) (trojan.rules)
2846364 - ETPRO TROJAN MSIL/DTStealer V3.x CnC Exfil (trojan.rules)
2846365 - ETPRO TROJAN MSIL/DTStealer V3.x CnC Screenshot Exfil
(trojan.rules)
[---] Removed rules: [---]
2846373 - ETPRO TROJAN Win32/DTStealer V3.x CnC Exfil (trojan.rules)