[***]            Summary:            [***]

5 Open, 31 Pro (5 + 26). FRat, OSHOO, Blacksky, Android Hangten, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

Tks: @James_inthe_box

[+++]          Added rules:          [+++]

  2030275 - ET CURRENT_EVENTS Successful Generic Phish (set) 2020-06-10
(current_events.rules)
  2030276 - ET EXPLOIT Fastweb Fastgate 0.00.81 - Remote Code Execution
(exploit.rules)
  2030277 - ET EXPLOIT Multiple DLink Routers Remote Code Execution
CVE-2019-16920 (exploit.rules)
  2030278 - ET EXPLOIT Netis WF2419 2.2.36123 - Remote Code Execution
CVE-2019-19356 (exploit.rules)
  2030279 - ET TROJAN FRat WebSocket Request (trojan.rules)

Pro:

  2832333 - ETPRO INFO Suspicious Terse HTTP Headers IP Check (info.rules)
  2842954 - ETPRO MOBILE_MALWARE Android/AdDisplay.Toofan.A Reporting
Location/Device Info (mobile_malware.rules)
  2842955 - ETPRO MOBILE_MALWARE Android Hangten Reporting Location/Device
Info (mobile_malware.rules)
  2842956 - ETPRO MOBILE_MALWARE Android Hangten Checkin
(mobile_malware.rules)
  2842957 - ETPRO MOBILE_MALWARE Android Hangten Checkin 2
(mobile_malware.rules)
  2842958 - ETPRO CURRENT_EVENTS Successful Ebay DE Phish 2020-06-10
(current_events.rules)
  2842959 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-06-10
(current_events.rules)
  2842960 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-06-10 (current_events.rules)
  2842961 - ETPRO CURRENT_EVENTS Successful Fortuneo Banque Phish
2020-06-10 (current_events.rules)
  2842962 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-10
(current_events.rules)
  2842963 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-06-10
(current_events.rules)
  2842964 - ETPRO CURRENT_EVENTS Successful T-Mobile Phish Page Downloading
Remote Access Application (current_events.rules)
  2842965 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-06-10
(current_events.rules)
  2842966 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-10 1) (trojan.rules)
  2842967 - ETPRO TROJAN Blacksky Miner Activity (trojan.rules)
  2842968 - ETPRO TROJAN Win32/LdPinch Variant CnC Activity (trojan.rules)
  2842969 - ETPRO POLICY Base64 WScript.Shell Object Inbound M1
(policy.rules)
  2842970 - ETPRO POLICY Base64 WScript.Shell Object Inbound M2
(policy.rules)
  2842971 - ETPRO POLICY Base64 WScript.Shell Object Inbound M3
(policy.rules)
  2842972 - ETPRO MOBILE_MALWARE Android/Trojan.UUPN-8 CnC Activity
(mobile_malware.rules)
  2842973 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2842974 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2842975 - ETPRO TROJAN OSHOO CnC (POST) (trojan.rules)
  2842976 - ETPRO TROJAN OSHOO CnC Domain in DNS Lookup (trojan.rules)
  2842977 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2020-06-10 (current_events.rules)
  2842978 - ETPRO TROJAN Ransomware Win32/Gpcode.NAI encrypted msg
(trojan.rules)

[///]     Modified active rules:     [///]

  2021919 - ET TROJAN DustySky CnC Beacon (trojan.rules)
  2022244 - ET TROJAN NetBackdoor Checkin (trojan.rules)
  2022262 - ET INFO possible .jpg download by VBA macro (info.rules)
  2022283 - ET TROJAN FAKBEN Ransomware (trojan.rules)
  2022289 - ET MOBILE_MALWARE Android/SlemBunk.Banker Phished Credentials
Upload (mobile_malware.rules)
  2026040 - ET TROJAN CobaltStrike DNS Beacon Response (trojan.rules)
  2030253 - ET TROJAN Win32/Avaddon Ransomware Style External IP Address
Check (trojan.rules)
  2805718 - ETPRO TROJAN Win32/Mitglieder.BN Checkin (trojan.rules)
  2814992 - ETPRO TROJAN fake .jpg encrypted binary download by VBA macro
(trojan.rules)
  2815324 - ETPRO TROJAN Andromeda CnC Beacon Fake UA 1 (trojan.rules)
  2815328 - ETPRO TROJAN Possible Win32/Ranbyus Checkin (trojan.rules)
  2815340 - ETPRO TROJAN Win32/TrojanDownloader.Autoit.OAR Retrieving
Compressed Files (trojan.rules)
  2815353 - ETPRO TROJAN Win32/Spy.Banker Variant Checkin (trojan.rules)
  2815359 - ETPRO TROJAN Win32/Unknown.OutlookStealer CnC Beacon
(trojan.rules)
  2815366 - ETPRO TROJAN MSIL/Spammer.Agent.X CnC Checkin 1 (trojan.rules)
  2815367 - ETPRO TROJAN MSIL/Spammer.Agent.X CnC Checkin 2 (trojan.rules)
  2815380 - ETPRO TROJAN TrojanDropper MSIL/Habbo.A Checkin (trojan.rules)
  2815386 - ETPRO MOBILE_MALWARE Android/Agent.KH Checkin
(mobile_malware.rules)
  2815396 - ETPRO TROJAN Linux/Fysbis or Sofacy/CHOPSTICK CnC Beacon M3
(trojan.rules)
  2815397 - ETPRO TROJAN Linux/Fysbis or Sofacy/CHOPSTICK CnC Beacon M4
(trojan.rules)
  2815399 - ETPRO TROJAN Linux/Fysbis or Sofacy/CHOPSTICK CnC Beacon M6
(trojan.rules)
  2815407 - ETPRO TROJAN Win32/CryptRedol.Gen.3 Checkin 1 (trojan.rules)
  2815408 - ETPRO TROJAN Win32/CryptRedol.Gen.3 Checkin 2 (trojan.rules)
  2842646 - ETPRO TROJAN Win32/Valak CnC Activity (trojan.rules)

[---]         Removed rules:         [---]

  2832333 - ETPRO TROJAN Suspicious Terse HTTP Headers IP Check
(trojan.rules)

Date:
Summary title:
5 Open, 31 Pro (5 + 26). FRat, OSHOO, Blacksky, Android Hangten, Various Phishing.