[***] Summary: [***]
3 new OPEN, 23 new PRO (3 + 20). Joomla CVE-2020-35616, Lemon_Duck, NuggetPhantom, Various Phishing
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031466 - ET CURRENT_EVENTS Possible PurpleFox EK Framework URI Struct Jpg
Request (current_events.rules)
2031467 - ET TROJAN NuggetPhantom Module Download Request (trojan.rules)
2031468 - ET CURRENT_EVENTS Successful Clydesdale Bank Phish 2020-12-30
(current_events.rules)
Pro:
2846295 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846296 - ETPRO EXPLOIT Joomla CMS 1.7.0-3.9.22 ACL Write/Privilege
Escalation (CVE-2020-35616) (exploit.rules)
2846297 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-30 1) (trojan.rules)
2846298 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-12-30 2) (trojan.rules)
2846299 - ETPRO CURRENT_EVENTS Successful SFR Phish 2020-12-30
(current_events.rules)
2846300 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-30 (current_events.rules)
2846301 - ETPRO CURRENT_EVENTS Successful University of Alabama Phish
2020-12-30 (current_events.rules)
2846302 - ETPRO CURRENT_EVENTS Successful Generic Cryptocurrency Wallet
000webhostapp Hosted Phish 2020-12-30 (current_events.rules)
2846303 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-12-30
(current_events.rules)
2846304 - ETPRO CURRENT_EVENTS Successful My JCB Phish 2020-12-30
(current_events.rules)
2846305 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-12-30 (current_events.rules)
2846306 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-12-30
(current_events.rules)
2846307 - ETPRO CURRENT_EVENTS PurpleFox Exploit Kit Landing Page
(current_events.rules)
2846308 - ETPRO CURRENT_EVENTS Successful ePayBank Phish 2020-12-30
(current_events.rules)
2846309 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M11
(trojan.rules)
2846310 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M12
(trojan.rules)
2846311 - ETPRO TROJAN Lemon_Duck Powershell CnC Activity M13
(trojan.rules)
2846312 - ETPRO TROJAN Lemon_Duck Powershell CnC Checkin M5 (trojan.rules)
2846314 - ETPRO TROJAN Win32/Remcos RAT Checkin 637 (trojan.rules)
[///] Modified active rules: [///]
2031198 - ET TROJAN Win32/HunterStealer/AlfonsoStealer CnC Exfil
(trojan.rules)
2031464 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)
2031465 - ET POLICY Win32/Ymacco.AA2F Checking (Multiple OS)
(policy.rules)
2845555 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M3 (trojan.rules)
2846289 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-12-29 (current_events.rules)