[***] Summary: [***]
36 Open, 58 Pro (36 + 22). Cisco AnyConnect CVE-2020-3153, LODEINFO, Bagz, Various Phishing.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030280 - ET EXPLOIT Cisco AnyConnect Path Traversal Priv Esc
(CVE-2020-3153) (exploit.rules)
2030281 - ET CURRENT_EVENTS Common Form POST - CenturyLink Phishing
Landing 2020-06-11 (current_events.rules)
2030282 - ET CURRENT_EVENTS Common Form POST - Chase Phishing Landing
2020-06-11 (current_events.rules)
2030283 - ET CURRENT_EVENTS Generic T.Goe Phishing Landing
(current_events.rules)
2030284 - ET CURRENT_EVENTS Common Form POST - SunTrust Phishing Landing
2020-06-11 (current_events.rules)
2030285 - ET CURRENT_EVENTS Common Form POST - Instagram Phishing Landing
2020-06-11 (current_events.rules)
2030286 - ET CURRENT_EVENTS Common Form POST - Facebook Phishing Landing
2020-06-11 (current_events.rules)
2030287 - ET CURRENT_EVENTS Common Form POST - Facebook Phishing Landing
2020-06-11 (current_events.rules)
2030288 - ET CURRENT_EVENTS Common Form POST - Webmail Mini Phishing
Landing 2020-06-11 (current_events.rules)
2030289 - ET CURRENT_EVENTS Common Form POST - Chase Phishing Landing
2020-06-11 (current_events.rules)
2030290 - ET CURRENT_EVENTS Common Form POST - Yahoo Phishing Landing
2020-06-11 (current_events.rules)
2030291 - ET CURRENT_EVENTS Common Form POST - Cox Phishing Landing
2020-06-11 (current_events.rules)
2030292 - ET CURRENT_EVENTS Common Form POST - Linkedin Phishing Landing
2020-06-11 (current_events.rules)
2030293 - ET CURRENT_EVENTS Common Form POST - SunTrust Phishing Landing
2020-06-11 (current_events.rules)
2030294 - ET CURRENT_EVENTS Common Form POST - Whatsapp/Facebook Phishing
Landing 2020-06-11 (current_events.rules)
2030295 - ET CURRENT_EVENTS Common Form POST - M&T Bank Phishing Landing
2020-06-11 (current_events.rules)
2030296 - ET CURRENT_EVENTS Common Form POST - Yahoo Phishing Landing
2020-06-11 (current_events.rules)
2030297 - ET CURRENT_EVENTS Common Form POST - Paypal Phishing Landing
2020-06-11 (current_events.rules)
2030298 - ET CURRENT_EVENTS Common Form POST - Multibrand Phishing
Landing 2020-06-11 (current_events.rules)
2030299 - ET CURRENT_EVENTS Common Form POST - Instagram Phishing Landing
2020-06-11 (current_events.rules)
2030300 - ET CURRENT_EVENTS Common Form POST - SunTrust Phishing Landing
2020-06-11 (current_events.rules)
2030301 - ET CURRENT_EVENTS Common Form POST - VK Phishing Landing
2020-06-11 (current_events.rules)
2030302 - ET INFO Common Form POST - Possible Generic Phishing Landing
2020-06-11 (info.rules)
2030303 - ET CURRENT_EVENTS Common Form POST - Chase Phishing Landing
2020-06-11 (current_events.rules)
2030304 - ET CURRENT_EVENTS Common Form POST - Instagram Phishing Landing
2020-06-11 (current_events.rules)
2030305 - ET CURRENT_EVENTS Common Form POST - Netease Webmail Phishing
Landing 2020-06-11 (current_events.rules)
2030306 - ET CURRENT_EVENTS Common Form POST - Paypal Phishing Landing
2020-06-11 (current_events.rules)
2030307 - ET CURRENT_EVENTS Common Form POST - Microsoft Account Phishing
Landing 2020-06-11 (current_events.rules)
2030308 - ET CURRENT_EVENTS Common Form POST - Yahoo Phishing Landing
2020-06-11 (current_events.rules)
2030309 - ET EXPLOIT Wireless IP Camera (P2) WIFICAM Remote Code
Execution (exploit.rules)
2030310 - ET EXPLOIT ASUS RT-N56U/RT-AC66U Remote Code Execution
(exploit.rules)
2030311 - ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023
(exploit.rules)
2030312 - ET EXPLOIT Mi TV Integration Remote Code Execution
CVE-2018???16130 (exploit.rules)
2030313 - ET TROJAN Win32/LODEINFO v0.3.6 CnC Checkin (trojan.rules)
2030314 - ET TROJAN Win32/LODEINFO v0.3.5 CnC Checkin (trojan.rules)
2030315 - ET TROJAN Downloader Retrieving Malicious Powershell in DNS
Response (trojan.rules)
Pro:
2842979 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.365 Checkin
(mobile_malware.rules)
2842980 - ETPRO MOBILE_MALWARE Android.HiddenAds.1994 Checkin
(mobile_malware.rules)
2842981 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.Loader)
(trojan.rules)
2842982 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.Loader)
(trojan.rules)
2842983 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.Loader)
(trojan.rules)
2842984 - ETPRO TROJAN Unk.Loader Retrieving Payload 2020-06-11
(trojan.rules)
2842985 - ETPRO TROJAN ELF/Mirai Variant CnC Server Reply (SC ON)
(trojan.rules)
2842986 - ETPRO CURRENT_EVENTS Successful Generic Phish to .ga Domain
2020-06-11 (current_events.rules)
2842987 - ETPRO CURRENT_EVENTS Successful UBI Banca Phish 2020-06-11
(current_events.rules)
2842988 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-06-11 (current_events.rules)
2842989 - ETPRO CURRENT_EVENTS Successful Ruralvia Phish 2020-06-11
(current_events.rules)
2842990 - ETPRO TROJAN SSL/TLS Certificate Observed (Donot Group)
(trojan.rules)
2842991 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-11 1) (trojan.rules)
2842992 - ETPRO TROJAN High Volume Outbound SMTP - Repeated Space .exe
Filename (trojan.rules)
2842993 - ETPRO TROJAN Win32/Bagz.F Malicious Email Spam Outbound
(trojan.rules)
2842994 - ETPRO TROJAN Win32/Eqtonex.F Related HTTP Request (trojan.rules)
2842996 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-06-11
(current_events.rules)
2842997 - ETPRO CURRENT_EVENTS Successful Capital One Phish 2020-06-11
(current_events.rules)
2842998 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2020-06-11 (current_events.rules)
2842999 - ETPRO TROJAN Observed SocGholish Domain in TLS SNI
(trojan.rules)
2843000 - ETPRO TROJAN Win32/Remcos RAT Checkin 457 (trojan.rules)
2843001 - ETPRO TROJAN Win32/Remcos RAT Checkin 458 (trojan.rules)
[///] Modified active rules: [///]
2030252 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
2842926 - ETPRO CURRENT_EVENTS Successful PayPal Phish (FR) 2020-06-08
(current_events.rules)