[***] Summary: [***]
6 new OPEN, 36 new PRO (6 + 30). Multiple CVE, Magecart,
Win32/Neshta.B, Win32/Thing1 Stealer, Various Phishing.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031588 - ET INFO Minimal HTTP GET Request to cl .ly (info.rules)
2031589 - ET INFO Minimal HTTP GET Request to rebrand .ly (info.rules)
2031590 - ET WEB_SPECIFIC_APPS Possible KLOG Server RCE Inbound
(CVE-2020-35729) (web_specific_apps.rules)
2031591 - ET WEB_SPECIFIC_APPS KLOG Server RCE Public POC Inbound -
Possible Scanning (CVE-2020-35729) (web_specific_apps.rules)
2031592 - ET WEB_SPECIFIC_APPS Liferay Unauthenticated RCE via
JSONWS Inbound (CVE-2020-7961) (web_specific_apps.rules)
2031593 - ET TROJAN Observed Malicious SSL Cert (Magecart/Skimmer
CnC) (trojan.rules)
Pro:
2846816 - ETPRO USER_AGENTS Observed Suspicious UA (WinClient)
(user_agents.rules)
2846817 - ETPRO TROJAN Win32/Neshta.B Variant CnC Exfil (trojan.rules)
2846818 - ETPRO TROJAN Win32/Thing1 Stealer CnC Exfil (trojan.rules)
2846819 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish
2021-01-29 (current_events.rules)
2846820 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-01-29
(current_events.rules)
2846821 - ETPRO CURRENT_EVENTS Successful American Express Phish
2021-01-29 (current_events.rules)
2846822 - ETPRO CURRENT_EVENTS Successful Advanzia Phish 2021-01-29
(current_events.rules)
2846823 - ETPRO CURRENT_EVENTS Successful Advanzia Phish 2021-01-29
(current_events.rules)
2846824 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-29
(current_events.rules)
2846825 - ETPRO CURRENT_EVENTS Successful Generic Credit Card
Information Phish 2021-01-29 (current_events.rules)
2846826 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-29
(current_events.rules)
2846827 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-01-29
(current_events.rules)
2846828 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-01-29
(current_events.rules)
2846829 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-01-29
(current_events.rules)
2846830 - ETPRO CURRENT_EVENTS Successful Office 365 Phish
2021-01-29 (current_events.rules)
2846831 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2021-01-29 (current_events.rules)
2846832 - ETPRO CURRENT_EVENTS Successful Protonmail Phish
2021-01-29 (current_events.rules)
2846833 - ETPRO TROJAN Win32/OptixPro CnC Activity (trojan.rules)
2846834 - ETPRO TROJAN W32/Snojan.ORE CnC Activity (trojan.rules)
2846835 - ETPRO MALWARE W32/Unknown Logger CnC Activity (malware.rules)
2846836 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-29 1) (trojan.rules)
2846837 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-29 2) (trojan.rules)
2846838 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-29 3) (trojan.rules)
2846839 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-29 4) (trojan.rules)
2846840 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-29 5) (trojan.rules)
2846841 - ETPRO TROJAN Magecart/Skimmer Data Exfil (trojan.rules)
2846842 - ETPRO TROJAN Magecart Credit Card Information JS Script M2
(trojan.rules)
2846843 - ETPRO CURRENT_EVENTS Successful Peoples Bank Phish
2021-01-29 (current_events.rules)
2846844 - ETPRO CURRENT_EVENTS Successful Equa Bank Phish 2021-01-29
(current_events.rules)
2846845 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-01-29 (current_events.rules)
[///] Modified active rules: [///]
2031585 - ET TROJAN TeamTNT Gattling Gun AWS Creds Exfil (trojan.rules)
2031586 - ET TROJAN TeamTNT Gattling Gun CnC Domain in DNS Lookup
(trojan.rules)
2839790 - ETPRO INFO Windows BITS UA Retrieving EXE (info.rules)
2840724 - ETPRO USER_AGENTS Suspicious User-Agent (Bootstrapper/)
(user_agents.rules)
2846351 - ETPRO USER_AGENTS Observed UA (WebSocket++/) (user_agents.rules)