Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/06/12

[***]            Summary:            [***]

18 Open, 35 Pro (18 + 17). Echelon/Mist, Buer Loader, TROY Stealer, Various Webshell, Various Phishing.

Thanks: @James_inthe_Box

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030316 - ET TROJAN Echelon/Mist Stealer CnC Activity (trojan.rules)
  2030317 - ET EXPLOIT LG SuperSign EZ CMS 2.5 Remote Code Execution
CVE-2018-17173 (exploit.rules)
  2030318 - ET WEB_CLIENT Generic Webshell Accessed on External Server
(web_client.rules)
  2030319 - ET WEB_SERVER Generic Webshell Accessed on Internal Server
(web_server.rules)
  2030320 - ET WEB_CLIENT Generic Webshell Accessed on External Server
(web_client.rules)
  2030321 - ET WEB_SERVER Generic Webshell Accessed on Internal Server
(web_server.rules)
  2030322 - ET WEB_CLIENT Generic Webshell Accessed on External Server
(web_client.rules)
  2030323 - ET WEB_SERVER Generic Webshell Accessed on Internal Server
(web_server.rules)
  2030324 - ET WEB_CLIENT Generic Webshell Password Prompt Accessed on
External Compromised Server (web_client.rules)
  2030325 - ET WEB_SERVER Generic Webshell Password Prompt Accessed on
Internal Compromised Server (web_server.rules)
  2030326 - ET WEB_CLIENT Generic Webshell Password Prompt Accessed on
External Compromised Server (web_client.rules)
  2030327 - ET WEB_SERVER Generic Webshell Password Prompt Accessed on
Internal Compromised Server (web_server.rules)
  2030328 - ET WEB_CLIENT Generic Mailer Accessed on External Server
(web_client.rules)
  2030329 - ET WEB_CLIENT Generic Mailer Accessed on External Server
(web_client.rules)
  2030330 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2030331 - ET TROJAN DonotGroup Staging Domain in DNS Query (trojan.rules)
  2030332 - ET TROJAN DonotGroup Staging Domain in DNS Query (trojan.rules)
  2030333 - ET TROJAN DonotGroup Staging Domain in DNS Query (trojan.rules)

Pro:

  2843002 - ETPRO TROJAN Observed WebMonitor RAT User-Agent (trojan.rules)
  2843003 - ETPRO TROJAN WebMonitor RAT CnC Activity (trojan.rules)
  2843004 - ETPRO INFO Likely Scam Callback Domain M2 (info.rules)
  2843005 - ETPRO INFO Likely Scam Callback Domain M3 (info.rules)
  2843006 - ETPRO TROJAN Win32/Presenoker CnC Checkin (trojan.rules)
  2843007 - ETPRO TROJAN Buer Loader CnC Activity (trojan.rules)
  2843008 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-12 1) (trojan.rules)
  2843009 - ETPRO CURRENT_EVENTS Successful Shaw Webmail Phish 2020-06-12
(current_events.rules)
  2843010 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish
2020-06-12 (current_events.rules)
  2843011 - ETPRO CURRENT_EVENTS Successful Generic Session Expired Phish
2020-06-12 (current_events.rules)
  2843012 - ETPRO CURRENT_EVENTS Successful Verizon Security Questions
Phish 2020-06-12 (current_events.rules)
  2843013 - ETPRO TROJAN Win32/Trojan.TR/Crypt.XPACK CnC Activity
(trojan.rules)
  2843014 - ETPRO CURRENT_EVENTS Successful Mountain America Phish
2020-06-12 (current_events.rules)
  2843015 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2843016 - ETPRO TROJAN Observed Malicious SSL Cert (MageCart CnC)
(trojan.rules)
  2843017 - ETPRO TROJAN Win32/Remcos RAT Checkin 459 (trojan.rules)
  2843018 - ETPRO TROJAN TROY Stealer SMTP Exfil (trojan.rules)

[///]     Modified active rules:     [///]

  2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
  2015708 - ET INFO Applet Tag In Edwards Packed JavaScript (info.rules)
  2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
  2834630 - ETPRO INFO Likely Scam Callback Domain M1 (info.rules)
  2842132 - ETPRO TROJAN Win32/Vollgar RAT CnC Keep-Alive (Inbound)
(trojan.rules)
  2842152 - ETPRO TROJAN Win32/Vollgar RAT CnC Checkin (trojan.rules)

Date:
Summary title:
18 Open, 35 Pro (18 + 17). Echelon/Mist, Buer Loader, TROY Stealer, Various Webshell, Various Phishing.