[***] Summary: [***]
10 new OPEN, 35 new PRO (10 + 25). Mirai Variants, KiwiHook, Amadey, Various Vuln, Various Phishing.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031497 - ET TROJAN Observed Malicious SSL Cert (ElegyRAT) (trojan.rules)
2031498 - ET TROJAN Amadey Stealer CnC (trojan.rules)
2031499 - ET INFO PHP Xdebug Extension Query Parameter
(XDEBUG_SESSION_START) (info.rules)
2031500 - ET INFO Spring Boot Actuator Health Check Request (info.rules)
2031501 - ET INFO Netlink GPON Login Attempt (GET) (info.rules)
2031502 - ET INFO Request to Hidden Environment File (info.rules)
2031503 - ET INFO Liferay JSON Web Services Invoker (info.rules)
2031504 - ET INFO Apache Solr System Information Request (info.rules)
2031505 - ET SCAN WordPress Scanner Performing Multiple Requests to
Windows Live Writer XML (scan.rules)
2031506 - ET EXPLOIT Microsoft Exchange Server Exploitation Inbound
(CVE-2020-17132) (exploit.rules)
Pro:
2846405 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846406 - ETPRO TROJAN Win32/KiwiHook Injector Checkin (trojan.rules)
2846407 - ETPRO TROJAN ELF/Mirai Variant CnC Activity (trojan.rules)
2846408 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-07 1) (trojan.rules)
2846409 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2021-01-08 (current_events.rules)
2846410 - ETPRO CURRENT_EVENTS Successful Orange FR Phish 2021-01-08
(current_events.rules)
2846411 - ETPRO CURRENT_EVENTS Successful Tangerine Phish 2021-01-08
(current_events.rules)
2846412 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-01-08
(current_events.rules)
2846413 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2021-01-08
(current_events.rules)
2846414 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-08
(current_events.rules)
2846415 - ETPRO TROJAN MSIL/Injector.RXR Variant CnC Activity
(trojan.rules)
2846416 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
2846417 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
2846418 - ETPRO EXPLOIT FreePBX Authentication Bypass (CVE-2019-19006)
(exploit.rules)
2846419 - ETPRO WEB_SPECIFIC_APPS Oracle WebLogic Server Authenticated
File Upload (CVE-2019-2618) (web_specific_apps.rules)
2846420 - ETPRO EXPLOIT D-Link DCS-2530L Unauthenticated Credential
Disclosure (CVE-2020-25078) (exploit.rules)
2846421 - ETPRO WEB_SPECIFIC_APPS PHPUnit Arbitrary Code Execution
(CVE-2017-9841) M1 (web_specific_apps.rules)
2846422 - ETPRO WEB_SPECIFIC_APPS PHPUnit Arbitrary Code Execution
(CVE-2017-9841) M2 (web_specific_apps.rules)
2846423 - ETPRO WEB_SPECIFIC_APPS Sonatype Nexus Repository Manager
Privilege Escalation (CVE-2020-11444) (web_specific_apps.rules)
2846424 - ETPRO WEB_SPECIFIC_APPS WordPress File Manager Plugin Remote
Code Execution (CVE-2020-25213) (web_specific_apps.rules)
2846425 - ETPRO TROJAN Suspicious GitHack Domain Request - Possible
PurpleFox EK (trojan.rules)
2846426 - ETPRO CURRENT_EVENTS Obfuscated SecureString PowerShell Inbound
2021-01-08 (current_events.rules)
2846427 - ETPRO TROJAN MSIL/CoinMiner.ACM CnC Activity (trojan.rules)
2846428 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-01-08 (current_events.rules)
[///] Modified active rules: [///]
2804705 - ETPRO TROJAN Win32/Votwup.D User-Agent (Uploader) (trojan.rules)
2845828 - ETPRO CURRENT_EVENTS Successful Nest Phish 2020-12-04
(current_events.rules)
2846307 - ETPRO CURRENT_EVENTS PurpleFox Exploit Kit Landing Page
(current_events.rules)