[***]            Summary:            [***]

6 new OPEN, 25 new PRO (6 + 19).  MageCart, Lodu Stealer, Various Exploits, Various Phish, Various Rule Edits.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030237 - ET EXPLOIT Authenticated QuickBox CE 2.5.5/Pro 2.1.8 RCE
Attempt Inbound M1 (CVE-2020-13448) (exploit.rules)
2030238 - ET EXPLOIT Authenticated QuickBox CE 2.5.5/Pro 2.1.8 RCE
Attempt Inbound M2 (CVE-2020-13448) (exploit.rules)
2030239 - ET EXPLOIT Possible WordPress Plugin BBPress 2.5 -
Unauthenticated Priv Esc Attempt (CVE-2020-13693) (exploit.rules)
2030240 - ET EXPLOIT Possible VMware Cloud Director RCE Attempt
(CVE-2020-3956) (exploit.rules)
2030241 - ET EXPLOIT Possible Successful VMware Cloud Director RCE
Attempt (CVE-2020-3956) (exploit.rules)
2030242 - ET EXPLOIT Possible Zephyr RTOS ICMPv4 Stack Buffer
Overflow (exploit.rules)

Pro:

2842823 - ETPRO WEB_CLIENT Observed Magecart JS Skimmer Inbound
(web_client.rules)
2842824 - ETPRO TROJAN Observed Malicious SSL Cert (VBSLoader
Payload DL) (trojan.rules)
2842825 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-02 1) (trojan.rules)
2842826 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-02 2) (trojan.rules)
2842827 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-02 3) (trojan.rules)
2842828 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-02 4) (trojan.rules)
2842829 - ETPRO TROJAN Malicious SSL Certificate detected
(MassLogger CnC) (trojan.rules)
2842830 - ETPRO TROJAN Win32/Remcos RAT Checkin 449 (trojan.rules)
2842831 - ETPRO TROJAN Get2 Related Domain in DNS Lookup
(trojan.rules)
2842832 - ETPRO MOBILE_MALWARE PUP Android.Wapsx Variant
(mobile_malware.rules)
2842833 - ETPRO TROJAN Observed Lodu Stealer User-Agent
(trojan.rules)
2842834 - ETPRO TROJAN Lodu Stealer CnC Checkin (System Info)
(trojan.rules)
2842835 - ETPRO TROJAN Lodu Stealer CnC Checkin (Passwords)
(trojan.rules)
2842836 - ETPRO TROJAN Lodu Stealer CnC Checkin (Firefox Cookies)
(trojan.rules)
2842837 - ETPRO TROJAN Lodu Stealer CnC Checkin (Chrome Cookies)
(trojan.rules)
2842838 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-06-02 (current_events.rules)
2842839 - ETPRO CURRENT_EVENTS Successful Belfius DE Phish
2020-06-02 (current_events.rules)
2842840 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-02
(current_events.rules)
2842841 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)

[///]     Modified active rules:     [///]

2012977 - ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server
Administration Console Authentication Bypass Attempt
(web_specific_apps.rules)
2013929 - ET POLICY HTTP traffic on port 443 (OPTIONS)
(policy.rules)
2013930 - ET POLICY HTTP traffic on port 443 (PUT) (policy.rules)
2013932 - ET POLICY HTTP traffic on port 443 (TRACE) (policy.rules)
2013933 - ET POLICY HTTP traffic on port 443 (CONNECT)
(policy.rules)
2021847 - ET CURRENT_EVENTS Evil Redirector Sep 29 2015
(current_events.rules)
2021852 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 2
(trojan.rules)
2021853 - ET TROJAN Ransomware Win32/WinPlock.A Successfully
Installed CnC Beacon (trojan.rules)
2021854 - ET TROJAN Ransomware Win32/WinPlock.A CnC Beacon 3
(trojan.rules)
2021870 - ET CURRENT_EVENTS Evil Redirector Leading To EK Sep 30
2015 (current_events.rules)
2021886 - ET POLICY Hola VPN Activity - X-Hola-* Headers
(policy.rules)
2021889 - ET TROJAN Java/QRat Retrieving PE (trojan.rules)
2021917 - ET TROJAN ELF/muBoT User-Agent (I'm a mu mu mu ?)
(trojan.rules)
2021923 - ET TROJAN Win32/Neshta.A Posting Data (trojan.rules)
2021929 - ET MOBILE_MALWARE Android/Kemoge Checkin 2
(mobile_malware.rules)
2803739 - ETPRO TROJAN Backdoor.Win32.Shiz.ufj Checkin
(trojan.rules)
2804589 - ETPRO POLICY HTTP POST on port 53 DNS (policy.rules)
2808698 - ETPRO TROJAN Win32/Paskod.B Downloading Files
(trojan.rules)
2812896 - ETPRO TROJAN Shaosmine.A Variant Retrieving Data from
Pastebin (trojan.rules)
2814119 - ETPRO TROJAN Win32/MultiInjector.C Checkin (trojan.rules)
2814132 - ETPRO TROJAN Win32/Arpove.A Activity (trojan.rules)
2814141 - ETPRO TROJAN Win32/NetFilter.W Checkin (trojan.rules)
2814156 - ETPRO TROJAN Unknown Checkin (trojan.rules)
2814157 - ETPRO TROJAN Win32.Torus Checkin (trojan.rules)
2814158 - ETPRO TROJAN Win32.ChateauLafite Connectivity Check
(trojan.rules)
2814165 - ETPRO TROJAN Win32/Bulta!rfn Checkin (trojan.rules)
2814182 - ETPRO POLICY Slimware Driver Updater Checkin
(policy.rules)
2814196 - ETPRO MOBILE_MALWARE Trojan-SMS.AndroidOS.Agent.ra
Checkin 2 (mobile_malware.rules)
2814197 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.AUP Checkin
(mobile_malware.rules)
2814229 - ETPRO TROJAN W32/Interv.A Checkin (trojan.rules)
2814232 - ETPRO TROJAN QuimbyKit Checkin via LJ (possibly training
aid) (trojan.rules)
2814233 - ETPRO TROJAN MSIL/PSW.Steam.OC Installation Beacon
(trojan.rules)
2814234 - ETPRO TROJAN MSIL/PSW.Steam.OC Retrieve Commands 1
(trojan.rules)
2814235 - ETPRO TROJAN MSIL/PSW.Steam.OC Install Confirm
(trojan.rules)
2814236 - ETPRO TROJAN MSIL/PSW.Steam.OC Retrieve Commands 2
(trojan.rules)
2814237 - ETPRO TROJAN MSIL/PSW.Steam.OC Binary Download
(trojan.rules)
2814244 - ETPRO TROJAN MSIL/BloquearCasa Checkin (trojan.rules)
2814276 - ETPRO MOBILE_MALWARE AdWare.AndroidOS.Dowgin.r Checkin
(mobile_malware.rules)
2814278 - ETPRO TROJAN W32/VB-Backdoor-PClient Checkin
(trojan.rules)
2814280 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.cl
Checkin (mobile_malware.rules)
2814294 - ETPRO TROJAN Backdoor.Busadom CnC Beacon 1 (trojan.rules)
2814295 - ETPRO TROJAN Backdoor.Busadom CnC Beacon 2 (trojan.rules)
2814296 - ETPRO TROJAN Backdoor.Busadom Exfiltrated Data b64 M1
(trojan.rules)
2839119 - ETPRO TROJAN Win32/Spy.Socelars.S CnC Activity M1
(trojan.rules)

Date:
Summary title:
6 new OPEN, 25 new PRO (6 + 19). MageCart, Lodu Stealer, Various Exploits, Various Phish, Various Rule Edits.