Daily Ruleset Update Summary
Daily Ruleset Update Summary 2020/12/04

[***]            Summary:            [***]

3 new OPEN, 34 new PRO (3 + 31). CVE-2020-14882, DarkIRC, Blacktech, Various Mobile, Various Phishing.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031185 - ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M3
(CVE-2020-14882) (web_specific_apps.rules)
  2031259 - ET EXPLOIT OpenMRS Deserialization Vulnerability CVE-2018-19276
M2 (exploit.rules)
  2031260 - ET TROJAN DarkIRC Bot CnC Domain Lookup (trojan.rules)

Pro:

  2845798 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAT Checkin
(mobile_malware.rules)
  2845799 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BAT Response
(mobile_malware.rules)
  2845800 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Loozfon.a Checkin
(mobile_malware.rules)
  2845801 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Wroba.l Checkin
(mobile_malware.rules)
  2845802 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Hiddapp.ay (DNS Lookup)
(mobile_malware.rules)
  2845803 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.ib Checkin
(mobile_malware.rules)
  2845804 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.Resharer.n Checkin
(mobile_malware.rules)
  2845805 - ETPRO MOBILE_MALWARE Android BooYou Reporting Contact List
(mobile_malware.rules)
  2845806 - ETPRO MOBILE_MALWARE Android Downloader Earthasquare Checkin
(mobile_malware.rules)
  2845807 - ETPRO MOBILE_MALWARE AndroidOS/Trojan.ASOJ-0 Checkin
(mobile_malware.rules)
  2845808 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.g Checkin
(mobile_malware.rules)
  2845809 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.g Checkin 2
(mobile_malware.rules)
  2845810 - ETPRO MOBILE_MALWARE Android Downloader XiJinst Checkin
(mobile_malware.rules)
  2845811 - ETPRO MOBILE_MALWARE Android AutoSense Checkin
(mobile_malware.rules)
  2845812 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.aw Checkin
(mobile_malware.rules)
  2845813 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.846 Checkin
(mobile_malware.rules)
  2845814 - ETPRO TROJAN Win32/Blacktech Plead CnC Activity (trojan.rules)
  2845815 - ETPRO MOBILE_MALWARE Android/Clicker.KN Checkin
(mobile_malware.rules)
  2845816 - ETPRO MOBILE_MALWARE Android/Plankton.I Checkin
(mobile_malware.rules)
  2845817 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-04 1) (trojan.rules)
  2845818 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-04 2) (trojan.rules)
  2845819 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-04 3) (trojan.rules)
  2845820 - ETPRO CURRENT_EVENTS Successful Suntrust Bank Phish 2020-12-04
(current_events.rules)
  2845821 - ETPRO CURRENT_EVENTS Successful Desjardins Phish 2020-12-04
(current_events.rules)
  2845822 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish
2020-12-04 (current_events.rules)
  2845823 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish
2020-12-04 (current_events.rules)
  2845824 - ETPRO CURRENT_EVENTS Successful Outlook Voicemail Phish
2020-12-04 (current_events.rules)
  2845825 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-12-04
(current_events.rules)
  2845826 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-12-04
(current_events.rules)
  2845827 - ETPRO CURRENT_EVENTS Successful Bank of Montreal Phish
2020-12-04 (current_events.rules)
  2845828 - ETPRO CURRENT_EVENTS Successful Nest Phish 2020-12-04
(current_events.rules)

[///]     Modified active rules:     [///]

  2009375 - ET CHAT General MSN Chat Activity (chat.rules)
  2023466 - ET EXPLOIT D-Link DSL-2740R Remote DNS Change Attempt
(exploit.rules)
  2023687 - ET SCAN Acunetix scan in progress acunetix_wvs_security_test in
http_uri (scan.rules)
  2023688 - ET SCAN Acunetix scan in progress acunetix variable in http_uri
(scan.rules)
  2025736 - ET EXPLOIT AsusWRT RT-AC750GF Cross-Site Request Forgery
(exploit.rules)
  2027908 - ET EXPLOIT DSLink 260E Router DNS Changer Exploit Attempt
(exploit.rules)
  2031234 - ET TROJAN Observed DNS Query to Blackrota Domain (trojan.rules)
  2031246 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
  2031247 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
  2031248 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
  2031249 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
  2031250 - ET TROJAN Observed DNS Query to WHO Themed Malware Delivery
Domain (trojan.rules)
  2806156 - ETPRO TROJAN Variant.Graftor.75738 Checkin (trojan.rules)
  2808833 - ETPRO POLICY Proxy.pac Download (policy.rules)
  2819972 - ETPRO EXPLOIT Dlink dns_320l_327l Remote Code Execution Attempt
(exploit.rules)
  2824134 - ETPRO CURRENT_EVENTS Successful Generic Phish (Meta HTTP-Equiv
Refresh) Dec 29 2016 (current_events.rules)
  2833559 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router
Compromise M1 (exploit.rules)
  2834630 - ETPRO INFO Likely Scam Callback Domain M1 (info.rules)
  2834946 - ETPRO CURRENT_EVENTS Successful Itscom Phish 2019-02-20
(current_events.rules)
  2845681 - ETPRO MOBILE_MALWARE Android Spy Easyphonetrack TLS SNI
(mobile_malware.rules)

Date:
Summary title:
3 new OPEN, 34 new PRO (3 + 31). CVE-2020-14882, DarkIRC, Blacktech, Various Mobile, Various Phishing.