[***] Summary: [***]
6 new OPEN, 24 new PRO (6 + 18). CVE-2020-14882, Blackmoon, Remcos, Various Phishing, Ruleset cleanup.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031245 - ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M6
(CVE-2020-14882) (web_specific_apps.rules)
2031246 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
2031247 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
2031248 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
2031249 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
2031250 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
Pro:
2845751 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-02 1) (trojan.rules)
2845752 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-02 2) (trojan.rules)
2845753 - ETPRO TROJAN Win32/Chorme Variant CnC Activity (trojan.rules)
2845754 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-02 (current_events.rules)
2845755 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
BR Phish 2020-12-02 (current_events.rules)
2845756 - ETPRO CURRENT_EVENTS Successful ICS International Card Services
Phish 2020-12-02 (current_events.rules)
2845757 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-12-02
(current_events.rules)
2845758 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-12-02
(current_events.rules)
2845759 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-12-02
(current_events.rules)
2845760 - ETPRO TROJAN Win32/Flooder.Agent.NAS Activity (trojan.rules)
2845761 - ETPRO INFO Suspicious Request to VBS on Cloudflare (info.rules)
2845762 - ETPRO TROJAN Win32/Packed.BlackMoon.A Variant Checkin
(trojan.rules)
2845763 - ETPRO TROJAN Win32/Remcos RAT Checkin 624 (trojan.rules)
2845764 - ETPRO CURRENT_EVENTS Successful Citi Credential Phish
2020-12-02 (current_events.rules)
2845765 - ETPRO CURRENT_EVENTS Successful Facebook (VN) Credential Phish
2020-12-02 (current_events.rules)
2845766 - ETPRO CURRENT_EVENTS Successful Xfinity Credential Phish
2020-12-02 (current_events.rules)
2845767 - ETPRO CURRENT_EVENTS Successful Facebook Credential Phish
2020-12-02 (current_events.rules)
2845768 - ETPRO CURRENT_EVENTS Successful Netflix Credential Phish
2020-12-02 (current_events.rules)
[///] Modified active rules: [///]
2026047 - ET CURRENT_EVENTS Generic Multi-Email Phishing Landing
2018-08-30 (current_events.rules)
2839715 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-03 (current_events.rules)
[---] Disabled and modified rules: [---]
2812688 - ETPRO CURRENT_EVENTS Successful Navy Credit Union Account Phish
Aug 25 2015 (current_events.rules)
[---] Disabled rules: [---]
2024423 - ET TROJAN x0Proto File Contents Exfil Request (trojan.rules)
2024433 - ET TROJAN Observed Malicious SSL Cert (HiddenTear Variant CnC)
(trojan.rules)
2825041 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
2825074 - ETPRO TROJAN Kovter Soceng SSL Certificate Detected
(trojan.rules)
2825095 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ff Checkin via
FTP 2 (mobile_malware.rules)
2825134 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac Contact
Exfil via SMTP 2 (mobile_malware.rules)
2825203 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact
Exfil via SMTP (mobile_malware.rules)
2825204 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact
Exfil via SMTP 2 (mobile_malware.rules)
2825224 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eo
SMS/Contacts Exfil via SMTP 2 (mobile_malware.rules)
2825568 - ETPRO TROJAN Powershell Downloader Domain in SNI (trojan.rules)
2825589 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello
(trojan.rules)
2825590 - ETPRO TROJAN Samsam Ransomware Domain in SSL Client Hello
(trojan.rules)
2825683 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.gd SMS Exfil
via SMTP (mobile_malware.rules)
2826052 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
2826073 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
2826074 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
2826083 - ETPRO TROJAN Docm File Autolaunching from PDF via JS - Possible
Locky/Dridex M1 (trojan.rules)
2826084 - ETPRO TROJAN Docm File Autolaunching from PDF via JS - Possible
Locky/Dridex M2 (trojan.rules)
2826085 - ETPRO TROJAN Docm File Autolaunching from PDF via JS - Possible
Locky/Dridex M3 (trojan.rules)
2826145 - ETPRO TROJAN Malicious SSL Certificate Detected (CobaltStrike
Dropper) (trojan.rules)
2826207 - ETPRO TROJAN SMSDocu SSL Cert (trojan.rules)
2826539 - ETPRO TROJAN Core Bot Injects SSL Certificate Detected
(trojan.rules)
2826540 - ETPRO TROJAN Core Bot Injects SSL Certificate Detected
(trojan.rules)
2826643 - ETPRO TROJAN Win32/IRCBot.AVI Command (Keylog) (trojan.rules)
2826644 - ETPRO TROJAN Win32/IRCBot.AVI Command Complete (Flood)
(trojan.rules)
2826645 - ETPRO TROJAN Win32/IRCBot.AVI Command Complete (Keylog)
(trojan.rules)
2826646 - ETPRO TROJAN Win32/IRCBot.AVI Command Complete (HTTP DoS)
(trojan.rules)
2826647 - ETPRO TROJAN Win32/IRCBot.AVI Command Complete (DDoS)
(trojan.rules)
2826648 - ETPRO TROJAN Win32/IRCBot.AVI Joinning IRC Channel
(trojan.rules)
2826821 - ETPRO TROJAN Malicious SSL certificate detected (Ursnif
Injects) (trojan.rules)
2826955 - ETPRO TROJAN TTIger Tech Keylogger Reporting Infection via SMTP
(trojan.rules)
2827230 - ETPRO TROJAN Win32.Reconyc.iddk Receiving Payload (trojan.rules)
2827490 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.kk
SMS/Contact Exfil via SMTP (mobile_malware.rules)