Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/01/08

[***]            Summary:            [***]

10 new OPEN, 35 new PRO (10 + 25). Mirai Variants, KiwiHook, Amadey, Various Vuln, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031497 - ET TROJAN Observed Malicious SSL Cert (ElegyRAT) (trojan.rules)
  2031498 - ET TROJAN Amadey Stealer CnC (trojan.rules)
  2031499 - ET INFO PHP Xdebug Extension Query Parameter
(XDEBUG_SESSION_START) (info.rules)
  2031500 - ET INFO Spring Boot Actuator Health Check Request (info.rules)
  2031501 - ET INFO Netlink GPON Login Attempt (GET) (info.rules)
  2031502 - ET INFO Request to Hidden Environment File (info.rules)
  2031503 - ET INFO Liferay JSON Web Services Invoker (info.rules)
  2031504 - ET INFO Apache Solr System Information Request (info.rules)
  2031505 - ET SCAN WordPress Scanner Performing Multiple Requests to
Windows Live Writer XML (scan.rules)
  2031506 - ET EXPLOIT Microsoft Exchange Server Exploitation Inbound
(CVE-2020-17132) (exploit.rules)

Pro:

  2846405 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846406 - ETPRO TROJAN Win32/KiwiHook Injector Checkin (trojan.rules)
  2846407 - ETPRO TROJAN ELF/Mirai Variant CnC Activity (trojan.rules)
  2846408 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-07 1) (trojan.rules)
  2846409 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-01-08 (current_events.rules)
  2846410 - ETPRO CURRENT_EVENTS Successful Orange FR Phish 2021-01-08
(current_events.rules)
  2846411 - ETPRO CURRENT_EVENTS Successful Tangerine Phish 2021-01-08
(current_events.rules)
  2846412 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-01-08
(current_events.rules)
  2846413 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2021-01-08
(current_events.rules)
  2846414 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-08
(current_events.rules)
  2846415 - ETPRO TROJAN MSIL/Injector.RXR Variant CnC Activity
(trojan.rules)
  2846416 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2846417 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2846418 - ETPRO EXPLOIT FreePBX Authentication Bypass (CVE-2019-19006)
(exploit.rules)
  2846419 - ETPRO WEB_SPECIFIC_APPS Oracle WebLogic Server Authenticated
File Upload (CVE-2019-2618) (web_specific_apps.rules)
  2846420 - ETPRO EXPLOIT D-Link DCS-2530L Unauthenticated Credential
Disclosure (CVE-2020-25078) (exploit.rules)
  2846421 - ETPRO WEB_SPECIFIC_APPS PHPUnit Arbitrary Code Execution
(CVE-2017-9841) M1 (web_specific_apps.rules)
  2846422 - ETPRO WEB_SPECIFIC_APPS PHPUnit Arbitrary Code Execution
(CVE-2017-9841) M2 (web_specific_apps.rules)
  2846423 - ETPRO WEB_SPECIFIC_APPS Sonatype Nexus Repository Manager
Privilege Escalation (CVE-2020-11444) (web_specific_apps.rules)
  2846424 - ETPRO WEB_SPECIFIC_APPS WordPress File Manager Plugin Remote
Code Execution (CVE-2020-25213) (web_specific_apps.rules)
  2846425 - ETPRO TROJAN Suspicious GitHack Domain Request - Possible
PurpleFox EK (trojan.rules)
  2846426 - ETPRO CURRENT_EVENTS Obfuscated SecureString PowerShell Inbound
2021-01-08 (current_events.rules)
  2846427 - ETPRO TROJAN MSIL/CoinMiner.ACM CnC Activity (trojan.rules)
  2846428 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-01-08 (current_events.rules)

[///]     Modified active rules:     [///]

  2804705 - ETPRO TROJAN Win32/Votwup.D User-Agent (Uploader) (trojan.rules)
  2845828 - ETPRO CURRENT_EVENTS Successful Nest Phish 2020-12-04
(current_events.rules)
  2846307 - ETPRO CURRENT_EVENTS PurpleFox Exploit Kit Landing Page
(current_events.rules)

Date:
Summary title:
10 new OPEN, 35 new PRO (10 + 25). Mirai Variants, KiwiHook, Amadey, Various Vuln, Various Phishing.