[***]            Summary:            [***]

5 new OPEN, 26 new PRO (5 + 21). SaltStack CVE-2020-16846, Python.Stealer.vlu, Various Android, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031492 - ET CURRENT_EVENTS Suspicious TikTok Domain Request - Possible
Phishing or Scam (current_events.rules)
  2031493 - ET CURRENT_EVENTS Possible Instagram Phishing or Scam Landing
Page (current_events.rules)
  2031494 - ET EXPLOIT Silver Peak Unity Orchestrator Exploitation Inbound
(CVE-2020-12146) (exploit.rules)
  2031495 - ET EXPLOIT SaltStack Salt Exploitation Inbound (CVE-2020-16846)
(exploit.rules)
  2031496 - ET TROJAN Win32/Injector.ULH CnC Activity (trojan.rules)

Pro:

  2846384 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.pu Reporting
Contact List (mobile_malware.rules)
  2846385 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Regon.p / Cerberus
Checkin (mobile_malware.rules)
  2846386 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Regon.p / Cerberus
Reporting Installed Apps (mobile_malware.rules)
  2846387 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.AO Checkin
(mobile_malware.rules)
  2846388 - ETPRO TROJAN Win32/Python.Stealer.vlu CnC Screenshot Exfil via
FTP (trojan.rules)
  2846389 - ETPRO TROJAN Win32/Python.Stealer.vlu CnC Password Exfil via
FTP (trojan.rules)
  2846390 - ETPRO TROJAN Win32/Python.Stealer.vlu Config Inbound
(trojan.rules)
  2846391 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2021-01-07 (current_events.rules)
  2846392 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2021-01-07
(current_events.rules)
  2846393 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2021-01-07
(current_events.rules)
  2846394 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2021-01-07
(current_events.rules)
  2846395 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2846396 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-01-07
(current_events.rules)
  2846397 - ETPRO TROJAN Win32/Python.Stealer.vlu Requesting Config
(trojan.rules)
  2846398 - ETPRO TROJAN W32/GenKryptik.ERSP!tr CnC Activity (trojan.rules)
  2846399 - ETPRO TROJAN Win32/Remcos RAT Checkin 639 (trojan.rules)
  2846400 - ETPRO TROJAN Win32/Remcos RAT Checkin 640 (trojan.rules)
  2846401 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-07
(current_events.rules)
  2846402 - ETPRO INFO Unusually Long dns .army Domain (info.rules)
  2846403 - ETPRO CURRENT_EVENTS Successful Cox Phish 2021-01-07
(current_events.rules)
  2846404 - ETPRO CURRENT_EVENTS Successful Rogers Phish 2021-01-07
(current_events.rules)

[///]     Modified active rules:     [///]

  2012325 - ET WEB_CLIENT Obfuscated Javascript // ptth (web_client.rules)
  2835219 - ETPRO TROJAN ELF/Mirai OKANE Variant User-Agent Observed
(Inbound) (trojan.rules)
  2846364 - ETPRO TROJAN MSIL/DTStealer V3.x CnC Exfil (trojan.rules)
  2846365 - ETPRO TROJAN MSIL/DTStealer V3.x CnC Screenshot Exfil
(trojan.rules)

[---]         Removed rules:         [---]

  2846373 - ETPRO TROJAN Win32/DTStealer V3.x CnC Exfil (trojan.rules)

Date:
Summary title:
5 new OPEN, 26 new PRO (5 + 21). SaltStack CVE-2020-16846, Python.Stealer.vlu, Various Android, Various Phishing.