[***]            Summary:            [***]

2 new OPEN, 24 new PRO (2 + 22).  Lemon_Duck, Various SSL/TLS, Various Phish, Others.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

2030249 - ET CURRENT_EVENTS Cushion Redirection
(current_events.rules)
2030250 - ET MALWARE Win32/Adware.Qjwmonkey.H Variant CnC Activity
M2 (malware.rules)

Pro:

2842862 - ETPRO TROJAN VBS/Unk.VBSLoader CnC Checkin (trojan.rules)
2842863 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2842864 - ETPRO TROJAN Observed Malicious SSL Cert (Get2 CnC)
(trojan.rules)
2842866 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-04 1) (trojan.rules)
2842867 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-04 2) (trojan.rules)
2842868 - ETPRO CURRENT_EVENTS Successful Box Phish 2020-06-04
(current_events.rules)
2842869 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-06-04
(current_events.rules)
2842870 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-06-04
(current_events.rules)
2842871 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M1
(trojan.rules)
2842872 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M2
(trojan.rules)
2842873 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M3
(trojan.rules)
2842874 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M4
(trojan.rules)
2842875 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M5
(trojan.rules)
2842876 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M6
(trojan.rules)
2842877 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-04
(current_events.rules)
2842878 - ETPRO CURRENT_EVENTS Successful S-Pankki Phish 2020-06-04
(current_events.rules)
2842879 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-06-04
(current_events.rules)
2842880 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-06-04 (current_events.rules)
2842881 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-06-04
(current_events.rules)
2842882 - ETPRO TROJAN Cyborg Ransomware Desktop Image Retrieval
(trojan.rules)
2842883 - ETPRO TROJAN Win32/Sality.NBA CnC Activity (trojan.rules)
2842884 - ETPRO POLICY Large 404 Content-Length (policy.rules)

[///]     Modified active rules:     [///]

2014704 - ET WEB_SPECIFIC_APPS PHP-CGI query string parameter
vulnerability (web_specific_apps.rules)
2015034 - ET WEB_SPECIFIC_APPS Concrete CMS btask parameter
Cross-Site Scripting Attempt (web_specific_apps.rules)
2020947 - ET TROJAN Win32/StreamFlaw.A Checkin (trojan.rules)
2021951 - ET CURRENT_EVENTS Possible Magento Directory Traversal
Attempt (current_events.rules)
2021952 - ET TROJAN JS/Nemucod.M.gen requesting EXE payload
2015-10-07 (trojan.rules)
2021953 - ET TROJAN JS/Nemucod.M.gen requesting PDF payload
2015-10-07 (trojan.rules)
2021956 - ET TROJAN Nemucod Downloading Payload 2 (trojan.rules)
2021991 - ET WEB_CLIENT Fake Java Installer Landing Page Oct 21
(web_client.rules)
2021992 - ET WEB_SPECIFIC_APPS Possible Joomla SQLi Attempt
(web_specific_apps.rules)
2026040 - ET TROJAN CobaltStrike DNS Beacon Response (trojan.rules)
2810181 - ETPRO TROJAN Malicious Office Doc Retrieving PE
(trojan.rules)
2814260 - ETPRO TROJAN Trojan.InfoStealer.PHPA Checkin
(trojan.rules)
2814351 - ETPRO TROJAN Banker.AIS Checkin (trojan.rules)
2814352 - ETPRO MOBILE_MALWARE PUP Android.Adend.A Checkin
(mobile_malware.rules)
2814357 - ETPRO TROJAN W32/Unknown.IT CnC (trojan.rules)
2814363 - ETPRO TROJAN BAT/Runner.AV Checkin (trojan.rules)
2814365 - ETPRO TROJAN Possible IIS Backdoor Receiving Commands via
Client Body (trojan.rules)
2814370 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2015-10-15 (current_events.rules)
2814374 - ETPRO TROJAN Trojan.Win32.InsectsAttack.gep Beacon
(trojan.rules)
2814389 - ETPRO CURRENT_EVENTS possible Nuclear EK DHE traffic
client to server (current_events.rules)
2814397 - ETPRO TROJAN Win32.Generic Downloader Checkin
(trojan.rules)
2814398 - ETPRO TROJAN Unknown Shell Backdoor Checkin 1
(trojan.rules)
2814399 - ETPRO TROJAN Unknown Shell Backdoor CnC 1 (trojan.rules)
2814400 - ETPRO TROJAN Unknown Shell Backdoor CnC 2 (trojan.rules)
2814438 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.ak
Checkin (mobile_malware.rules)
2814440 - ETPRO TROJAN Win32/Bagoox.A Checkin (trojan.rules)
2814469 - ETPRO TROJAN InfiniteLocker CnC Beacon 1 (trojan.rules)
2814470 - ETPRO TROJAN InfiniteLocker CnC Beacon 2 (trojan.rules)
2814502 - ETPRO MOBILE_MALWARE Android.Agent.HY Checkin
(mobile_malware.rules)
2814511 - ETPRO TROJAN Unknown Banker Checkin 1 (trojan.rules)
2814516 - ETPRO TROJAN MSIL/Injector.MHV Beacon (trojan.rules)
2814544 - ETPRO TROJAN MSIL/Injector.MFJ Checkin (trojan.rules)
2814555 - ETPRO TROJAN Win32/Banload.WOO Checkin (trojan.rules)
2814560 - ETPRO TROJAN Backdoor.Emdivi Checkin 5 (trojan.rules)
2814561 - ETPRO TROJAN Backdoor.Emdivi Connectivity Check
(trojan.rules)
2814562 - ETPRO TROJAN Backdoor.Emdivi Checkin 6 (trojan.rules)
2814563 - ETPRO TROJAN Backdoor.Emdivi Checkin Response 3
(trojan.rules)
2814564 - ETPRO TROJAN Win32/Zacom External IP Check (trojan.rules)
2814566 - ETPRO TROJAN Win32/Zacom CnC Checkin 1 (trojan.rules)
2814567 - ETPRO TROJAN Win32/Zacom CnC Checkin 2 (trojan.rules)
2814568 - ETPRO TROJAN Win32/Zacom CnC Beacon 2 (trojan.rules)
2814579 - ETPRO TROJAN Password Stealer Upload (trojan.rules)
2814607 - ETPRO TROJAN Win32/Brolux.A Configuration File 1
(trojan.rules)
2814621 - ETPRO TROJAN Win32/Brolux.A Configuration File 2
(trojan.rules)
2814633 - ETPRO TROJAN Win32/TrojanDownloader.Banload.UKZ Receiving
Payload (trojan.rules)
2814634 - ETPRO TROJAN Win32/TrojanDownloader.Banload.UKZ Receiving
Payload 2 (trojan.rules)
2814647 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2015-10-28
(current_events.rules)
2814648 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2015-10-28 3
(current_events.rules)
2814657 - ETPRO TROJAN MSIL/Injector.MFJ Checkin (trojan.rules)

[---]         Removed rules:         [---]

2017552 - ET CURRENT_EVENTS Cushion Redirection
(current_events.rules)
2814646 - ETPRO CURRENT_EVENTS Successful Paypal Phish Oct 28 1
(current_events.rules)

Date:
Summary title:
2 new OPEN, 24 new PRO (2 + 22). Lemon_Duck, Various SSL/TLS, Various Phish, Others.