[***] Summary: [***]
7 new OPEN, 32 new PRO (7 + 25). Various SAP NetWeaver CVE-2020-6287, Win32/Fujacks, Likely Evil Powershell Inbound, Jacard Banker, Various Large DNS over TCP Inbound, Win32/Alyak.G, VARIOUS PHISH.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2030574 - ET CURRENT_EVENTS Possible Successful Phish - Saved Website
Comment Observed (current_events.rules)
2030575 - ET POLICY EXE File Downloaded from Discord (policy.rules)
2030576 - ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Probe
(exploit.rules)
2030577 - ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Vulnerable
Response (exploit.rules)
2030578 - ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Exploit Attempt
(exploit.rules)
2030579 - ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Exploit Success
(exploit.rules)
2030580 - ET TROJAN Win32/Fujacks Variant CnC Activity (trojan.rules)
Pro:
2843620 - ETPRO TROJAN Likely Evil Powershell Inbound (.DownloadString)
(trojan.rules)
2843621 - ETPRO TROJAN Likely Evil Powershell Inbound (Invoke-Expression)
(trojan.rules)
2843622 - ETPRO TROJAN Likely Evil Powershell Inbound (Invoke-Mimikatz)
(trojan.rules)
2843623 - ETPRO TROJAN Likely Evil Powershell Inbound
(System.Net.FTPWebRequest) (trojan.rules)
2843624 - ETPRO TROJAN Likely Evil Powershell Inbound
(.System.Net.NetworkCredential) (trojan.rules)
2843625 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-07-22
(current_events.rules)
2843626 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-22 (current_events.rules)
2843627 - ETPRO CURRENT_EVENTS Successful Made in China Phish 2020-07-22
(current_events.rules)
2843628 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-07-22
(current_events.rules)
2843629 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-07-22
(current_events.rules)
2843630 - ETPRO CURRENT_EVENTS Successful Office Product Key Phish
2020-07-22 (current_events.rules)
2843631 - ETPRO CURRENT_EVENTS Successful Yahoo Phish 2020-07-22
(current_events.rules)
2843632 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-07-22
(current_events.rules)
2843633 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-07-22 (current_events.rules)
2843634 - ETPRO TROJAN Jacard Banker Variant CnC Host Checkin
(trojan.rules)
2843635 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-22 1) (trojan.rules)
2843636 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-07-22 2) (trojan.rules)
2843637 - ETPRO POLICY Large DNS over TCP Inbound - ELF Header Observed
(policy.rules)
2843638 - ETPRO POLICY Large DNS over TCP Inbound - DOC Header Observed
(policy.rules)
2843639 - ETPRO POLICY Large DNS over TCP Inbound - PDF Header Observed
(policy.rules)
2843640 - ETPRO POLICY Large DNS over TCP Inbound - ZIP Header Observed
(policy.rules)
2843641 - ETPRO TROJAN Win32/Alyak.G Variant CnC Activity (trojan.rules)
2843642 - ETPRO TROJAN Win32/Alyak.G Variant CnC Activity (Server
Response) (trojan.rules)
2843643 - ETPRO TROJAN Observed SocGholish Domain in TLS SNI
(trojan.rules)
2843644 - ETPRO TROJAN Win32/Remcos RAT Checkin 500 (trojan.rules)
[///] Modified active rules: [///]
2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules)
2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules)
2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules)
2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules)
2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules)
2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules)
2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules)
2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules)
2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules)
2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules)
2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules)
2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules)
2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules)
2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules)
2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules)
2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules)
2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules)
2828069 - ETPRO TROJAN Oiram CnC Beacon (trojan.rules)
2830822 - ETPRO TROJAN Observed MalDoc Retrieving EXE Payload 2018-05-14
(trojan.rules)