[***]            Summary:            [***]

6 new OPEN, 39 new PRO (6 + 33). DTStealer, RemoteAdmin, CVE-2020-10173. Netlink GPON, Various Phish.

Thanks @James_inthe_box

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2030497 - ET TROJAN Win32/DTStealer CnC Activity (trojan.rules)
  2030498 - ET WEB_CLIENT FiercePhish Password Prompt Accessed on External
Server (web_client.rules)
  2030499 - ET WEB_SERVER FiercePhish Password Prompt Accessed on Internal
Server (web_server.rules)
  2030500 - ET WEB_CLIENT Generic Webshell Password Prompt Accessed on
External Compromised Server (web_client.rules)
  2030501 - ET WEB_SERVER Generic Webshell Password Prompt Accessed on
Internal Compromised Server (web_server.rules)
  2030502 - ET EXPLOIT Possible Authenticated Command Injection Inbound -
Comtrend VR-3033 (CVE-2020-10173) (exploit.rules)

Pro:

  2843472 - ETPRO MALWARE Plus500 Adware Activity (malware.rules)
  2843473 - ETPRO USER_AGENTS Observed Suspicious UA (Downloader500)
(user_agents.rules)
  2843474 - ETPRO EXPLOIT Netlink GPON Router 1.0.11 RCE Attempt (Inbound)
(exploit.rules)
  2843475 - ETPRO EXPLOIT Netlink GPON Router 1.0.11 RCE Attempt (Outbound)
(exploit.rules)
  2843476 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
(trojan.rules)
  2843477 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-11 1) (trojan.rules)
  2843478 - ETPRO TROJAN Win32/RemoteAdmin.NetCat.AM Variant CnC Host
Checkin (trojan.rules)
  2843479 - ETPRO TROJAN Win32/RemoteAdmin.NetCat.AM Variant CnC Activity
(trojan.rules)
  2843480 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-13 (current_events.rules)
  2843481 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-13 (current_events.rules)
  2843482 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-07-13 (current_events.rules)
  2843483 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2020-07-13 (current_events.rules)
  2843484 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-13
(current_events.rules)
  2843485 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2020-07-13
(current_events.rules)
  2843486 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-07-13
(current_events.rules)
  2843487 - ETPRO CURRENT_EVENTS Successful Google Drive Phish 2020-07-13
(current_events.rules)
  2843488 - ETPRO CURRENT_EVENTS Successful Amazon JP Phish 2020-07-13
(current_events.rules)
  2843489 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-07-13 (current_events.rules)
  2843490 - ETPRO CURRENT_EVENTS Successful Naver Phish 2020-07-13
(current_events.rules)
  2843491 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2020-07-13 (current_events.rules)
  2843492 - ETPRO CURRENT_EVENTS Successful Generic Compromised Wordpress
Phish 2020-07-13 (current_events.rules)
  2843493 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-07-13 (current_events.rules)
  2843494 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-07-13 (current_events.rules)
  2843495 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-07-13
(current_events.rules)
  2843496 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-13 (current_events.rules)
  2843497 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-07-13
(current_events.rules)
  2843498 - ETPRO TROJAN Win32/Spy.VB.EH Variant CnC Activity M1
(trojan.rules)
  2843499 - ETPRO TROJAN Win32/Spy.VB.EH Variant CnC Activity M2
(trojan.rules)
  2843500 - ETPRO TROJAN Win32/Spy.VB.EH Variant CnC Activity M3
(trojan.rules)
  2843501 - ETPRO TROJAN Win64/Agent.IQ Variant Checkin (trojan.rules)
  2843502 - ETPRO TROJAN Win32/Remcos RAT Checkin 481 (trojan.rules)
  2843503 - ETPRO TROJAN Win32/Remcos RAT Checkin 482 (trojan.rules)
  2843504 - ETPRO TROJAN Win32/Remcos RAT Checkin 483 (trojan.rules)

Date:
Summary title:
6 new OPEN, 39 new PRO (6 + 33). DTStealer, RemoteAdmin, CVE-2020-10173. Netlink GPON, Various Phish.