[***]            Summary:            [***]

10 Open, 30 Pro (10 + 20). OZH Rat, GhostBot. CVE-2020-0796, Various Phishing

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030257 - ET TROJAN Observed Malicious SSL Cert (OZH Rat) (trojan.rules)
  2030258 - ET EXPLOIT OpenMRS Deserialization Vulnerability CVE-2018-19276
(exploit.rules)
  2030259 - ET EXPLOIT Multiple Router RCE Routersploit (exploit.rules)
  2030260 - ET EXPLOIT Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote
Code Execution (exploit.rules)
  2030261 - ET EXPLOIT Technicolor TD5130.2 - Remote Command Execution
(exploit.rules)
  2030262 - ET EXPLOIT Xfinity Gateway - Remote Code Execution
(exploit.rules)
  2030263 - ET EXPLOIT Possible Attempted SMB RCE Exploitation M1
(CVE-2020-0796) (exploit.rules)
  2030264 - ET EXPLOIT Possible Attempted SMB RCE Exploitation M2
(CVE-2020-0796) (exploit.rules)
  2030265 - ET TROJAN Higaisa CnC (ipconfig) (trojan.rules)
  2030266 - ET MOBILE_MALWARE Android Malvertising Communication
(mobile_malware.rules)

Pro:

  2842906 - ETPRO POLICY GoSupportNow Remote Meeting Activity M1
(policy.rules)
  2842907 - ETPRO POLICY GoSupportNow Remote Meeting Activity M2
(policy.rules)
  2842908 - ETPRO TROJAN GhostBot IRC Checkin (trojan.rules)
  2842909 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-06 1) (trojan.rules)
  2842910 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-06-08
(current_events.rules)
  2842911 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-08 (current_events.rules)
  2842912 - ETPRO CURRENT_EVENTS Successful Interbank Phish 2020-06-08
(current_events.rules)
  2842913 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-06-08
(current_events.rules)
  2842914 - ETPRO CURRENT_EVENTS Successful Orange Phish 2020-06-08
(current_events.rules)
  2842915 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-06-08
(current_events.rules)
  2842916 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-06-08 (current_events.rules)
  2842917 - ETPRO CURRENT_EVENTS Successful Generic Yolasite Phish
2020-06-08 (current_events.rules)
  2842919 - ETPRO POLICY Base64Decode StrReverse VBS Inbound (policy.rules)
  2842920 - ETPRO POLICY Enumerate Running Procs PowerShell Inbound
(policy.rules)
  2842921 - ETPRO TROJAN VBS/Krahna Loader Inbound (trojan.rules)
  2842922 - ETPRO MALWARE Win32/Adware.Qjwmonkey.H Submitting Dump File
(malware.rules)
  2842923 - ETPRO TROJAN Win32/Adware.Qjwmonkey.H Exception Report
(trojan.rules)
  2842924 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2842925 - ETPRO TROJAN Win32/Remcos RAT Checkin 451 (trojan.rules)
  2842926 - ETPRO CURRENT_EVENTS Successful PayPal Phish (FR) 2020-06-08
(current_events.rules)

[///]     Modified active rules:     [///]

  2024914 - ET EXPLOIT Netgear ReadyNAS Surveillance Unauthenticated Remote
Command Execution (exploit.rules)
  2029181 - ET EXPLOIT TP-LINK Archer C5 v4 (CVE-2019-7405) (exploit.rules)
  2811240 - ETPRO EXPLOIT DLink DNS/DNR 320 Default Credential
Authentication Bypass HTTP Request (exploit.rules)
  2832333 - ETPRO TROJAN Suspicious Terse HTTP Headers IP Check
(trojan.rules)
  2841358 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M1
(current_events.rules)
  2841359 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M2
(current_events.rules)
  2841360 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M3
(current_events.rules)
  2841361 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M4
(current_events.rules)
  2841362 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M5
(current_events.rules)
  2841363 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M6
(current_events.rules)
  2841364 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M7
(current_events.rules)
  2841365 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M8
(current_events.rules)
  2841366 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M9
(current_events.rules)
  2841367 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M10
(current_events.rules)
  2841368 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04 M11
(current_events.rules)
  2841460 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841461 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841462 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841463 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841464 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841465 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841466 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-04
(current_events.rules)
  2841467 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841468 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841469 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841470 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841471 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841472 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-11
(current_events.rules)
  2841486 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-12
(current_events.rules)
  2841487 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-03-12
(current_events.rules)

Date:
Summary title:
10 Open, 30 Pro (10 + 20). OZH Rat, GhostBot. CVE-2020-0796, Various Phishing