[***] Summary: [***]
6 new OPEN, 39 new PRO (6 + 33). DTStealer, RemoteAdmin, CVE-2020-10173. Netlink GPON, Various Phish.
Thanks @James_inthe_box
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030497 - ET TROJAN Win32/DTStealer CnC Activity (trojan.rules)
2030498 - ET WEB_CLIENT FiercePhish Password Prompt Accessed on External
Server (web_client.rules)
2030499 - ET WEB_SERVER FiercePhish Password Prompt Accessed on Internal
Server (web_server.rules)
2030500 - ET WEB_CLIENT Generic Webshell Password Prompt Accessed on
External Compromised Server (web_client.rules)
2030501 - ET WEB_SERVER Generic Webshell Password Prompt Accessed on
Internal Compromised Server (web_server.rules)
2030502 - ET EXPLOIT Possible Authenticated Command Injection Inbound -
Comtrend VR-3033 (CVE-2020-10173) (exploit.rules)
Pro:
2843472 - ETPRO MALWARE Plus500 Adware Activity (malware.rules)
2843473 - ETPRO USER_AGENTS Observed Suspicious UA (Downloader500)
(user_agents.rules)
2843474 - ETPRO EXPLOIT Netlink GPON Router 1.0.11 RCE Attempt (Inbound)
(exploit.rules)
2843475 - ETPRO EXPLOIT Netlink GPON Router 1.0.11 RCE Attempt (Outbound)
(exploit.rules)
2843476 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
2843477 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-11 1) (trojan.rules)
2843478 - ETPRO TROJAN Win32/RemoteAdmin.NetCat.AM Variant CnC Host
Checkin (trojan.rules)
2843479 - ETPRO TROJAN Win32/RemoteAdmin.NetCat.AM Variant CnC Activity
(trojan.rules)
2843480 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-13 (current_events.rules)
2843481 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-13 (current_events.rules)
2843482 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-13 (current_events.rules)
2843483 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2020-07-13 (current_events.rules)
2843484 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-13
(current_events.rules)
2843485 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-07-13
(current_events.rules)
2843486 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-07-13
(current_events.rules)
2843487 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2020-07-13
(current_events.rules)
2843488 - ETPRO CURRENT_EVENTS Successful Amazon JP Phish 2020-07-13
(current_events.rules)
2843489 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-07-13 (current_events.rules)
2843490 - ETPRO CURRENT_EVENTS Successful Naver Phish 2020-07-13
(current_events.rules)
2843491 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2020-07-13 (current_events.rules)
2843492 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2020-07-13 (current_events.rules)
2843493 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-07-13 (current_events.rules)
2843494 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-07-13 (current_events.rules)
2843495 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-13
(current_events.rules)
2843496 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-13 (current_events.rules)
2843497 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-07-13
(current_events.rules)
2843498 - ETPRO TROJAN Win32/Spy.VB.EH Variant CnC Activity M1
(trojan.rules)
2843499 - ETPRO TROJAN Win32/Spy.VB.EH Variant CnC Activity M2
(trojan.rules)
2843500 - ETPRO TROJAN Win32/Spy.VB.EH Variant CnC Activity M3
(trojan.rules)
2843501 - ETPRO TROJAN Win64/Agent.IQ Variant Checkin (trojan.rules)
2843502 - ETPRO TROJAN Win32/Remcos RAT Checkin 481 (trojan.rules)
2843503 - ETPRO TROJAN Win32/Remcos RAT Checkin 482 (trojan.rules)
2843504 - ETPRO TROJAN Win32/Remcos RAT Checkin 483 (trojan.rules)