[***] Summary: [***]
18 Open, 35 Pro (18 + 17). Echelon/Mist, Buer Loader, TROY Stealer, Various Webshell, Various Phishing.
Thanks: @James_inthe_Box
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030316 - ET TROJAN Echelon/Mist Stealer CnC Activity (trojan.rules)
2030317 - ET EXPLOIT LG SuperSign EZ CMS 2.5 Remote Code Execution
CVE-2018-17173 (exploit.rules)
2030318 - ET WEB_CLIENT Generic Webshell Accessed on External Server
(web_client.rules)
2030319 - ET WEB_SERVER Generic Webshell Accessed on Internal Server
(web_server.rules)
2030320 - ET WEB_CLIENT Generic Webshell Accessed on External Server
(web_client.rules)
2030321 - ET WEB_SERVER Generic Webshell Accessed on Internal Server
(web_server.rules)
2030322 - ET WEB_CLIENT Generic Webshell Accessed on External Server
(web_client.rules)
2030323 - ET WEB_SERVER Generic Webshell Accessed on Internal Server
(web_server.rules)
2030324 - ET WEB_CLIENT Generic Webshell Password Prompt Accessed on
External Compromised Server (web_client.rules)
2030325 - ET WEB_SERVER Generic Webshell Password Prompt Accessed on
Internal Compromised Server (web_server.rules)
2030326 - ET WEB_CLIENT Generic Webshell Password Prompt Accessed on
External Compromised Server (web_client.rules)
2030327 - ET WEB_SERVER Generic Webshell Password Prompt Accessed on
Internal Compromised Server (web_server.rules)
2030328 - ET WEB_CLIENT Generic Mailer Accessed on External Server
(web_client.rules)
2030329 - ET WEB_CLIENT Generic Mailer Accessed on External Server
(web_client.rules)
2030330 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
2030331 - ET TROJAN DonotGroup Staging Domain in DNS Query (trojan.rules)
2030332 - ET TROJAN DonotGroup Staging Domain in DNS Query (trojan.rules)
2030333 - ET TROJAN DonotGroup Staging Domain in DNS Query (trojan.rules)
Pro:
2843002 - ETPRO TROJAN Observed WebMonitor RAT User-Agent (trojan.rules)
2843003 - ETPRO TROJAN WebMonitor RAT CnC Activity (trojan.rules)
2843004 - ETPRO INFO Likely Scam Callback Domain M2 (info.rules)
2843005 - ETPRO INFO Likely Scam Callback Domain M3 (info.rules)
2843006 - ETPRO TROJAN Win32/Presenoker CnC Checkin (trojan.rules)
2843007 - ETPRO TROJAN Buer Loader CnC Activity (trojan.rules)
2843008 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-12 1) (trojan.rules)
2843009 - ETPRO CURRENT_EVENTS Successful Shaw Webmail Phish 2020-06-12
(current_events.rules)
2843010 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish
2020-06-12 (current_events.rules)
2843011 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish
2020-06-12 (current_events.rules)
2843012 - ETPRO CURRENT_EVENTS Successful Verizon Security Questions
Phish 2020-06-12 (current_events.rules)
2843013 - ETPRO TROJAN Win32/Trojan.TR/Crypt.XPACK CnC Activity
(trojan.rules)
2843014 - ETPRO CURRENT_EVENTS Successful Mountain America Phish
2020-06-12 (current_events.rules)
2843015 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2843016 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
2843017 - ETPRO TROJAN Win32/Remcos RAT Checkin 459 (trojan.rules)
2843018 - ETPRO TROJAN TROY Stealer SMTP Exfil (trojan.rules)
[///] Modified active rules: [///]
2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
2015708 - ET INFO Applet Tag In Edwards Packed JavaScript (info.rules)
2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
2834630 - ETPRO INFO Likely Scam Callback Domain M1 (info.rules)
2842132 - ETPRO TROJAN Win32/Vollgar RAT CnC Keep-Alive (Inbound)
(trojan.rules)
2842152 - ETPRO TROJAN Win32/Vollgar RAT CnC Checkin (trojan.rules)