[***]            Summary:            [***]

3 new OPEN, 23 new PRO (3 + 20).  Joomla CVE-2020-35616, Lemon_Duck, NuggetPhantom, Various Phishing  

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031466 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI Struct Jpg
Request (current_events.rules)
  2031467 - ET TROJAN NuggetPhantom Module Download Request (trojan.rules)
  2031468 - ET CURRENT_EVENTS Successful Clydesdale Bank Phish 2020-12-30
(current_events.rules)

Pro:

  2846295 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
  2846296 - ETPRO EXPLOIT Joomla CMS 1.7.0-3.9.22 ACL Write/Privilege
Escalation (CVE-2020-35616) (exploit.rules)
  2846297 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-30 1) (trojan.rules)
  2846298 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-30 2) (trojan.rules)
  2846299 - ETPRO CURRENT_EVENTS Successful SFR Phish 2020-12-30
(current_events.rules)
  2846300 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-30 (current_events.rules)
  2846301 - ETPRO CURRENT_EVENTS Successful University of Alabama Phish
2020-12-30 (current_events.rules)
  2846302 - ETPRO CURRENT_EVENTS Successful Generic Cryptocurrency Wallet
000webhostapp Hosted Phish 2020-12-30 (current_events.rules)
  2846303 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-12-30
(current_events.rules)
  2846304 - ETPRO CURRENT_EVENTS Successful My JCB Phish 2020-12-30
(current_events.rules)
  2846305 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-12-30 (current_events.rules)
  2846306 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-12-30
(current_events.rules)
  2846307 - ETPRO CURRENT_EVENTS PurpleFox Exploit Kit Landing Page
(current_events.rules)
  2846308 - ETPRO CURRENT_EVENTS Successful ePayBank Phish 2020-12-30
(current_events.rules)
  2846309 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M11
(trojan.rules)
  2846310 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M12
(trojan.rules)
  2846311 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M13
(trojan.rules)
  2846312 - ETPRO TROJAN Lemon_Duck Powershell CnC Checkin M5 (trojan.rules)
  2846314 - ETPRO TROJAN Win32/Remcos RAT Checkin 637 (trojan.rules)

[///]     Modified active rules:     [///]

  2031198 - ET TROJAN Win32/HunterStealer/AlfonsoStealer CnC Exfil
(trojan.rules)
  2031464 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)
  2031465 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)
  2845555 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M3 (trojan.rules)
  2846289 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-29 (current_events.rules)

Date:
Summary title:
3 new OPEN, 23 new PRO (3 + 20). Joomla CVE-2020-35616, Lemon_Duck, NuggetPhantom, Various Phishing