[Emerging-updates] Daily Ruleset Update Summary 2020/06/11

Jason Williams jwilliams at emergingthreats.net
Thu Jun 11 13:41:14 HDT 2020


[***]            Summary:            [***]

  36 Open, 58 Pro (36 + 22). Cisco AnyConnect CVE-2020-3153, LODEINFO,
Bagz, Various Phishing.

  Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

 [+++]          Added rules:          [+++]

 Open:

  2030280 - ET EXPLOIT Cisco AnyConnect Path Traversal Priv Esc
(CVE-2020-3153) (exploit.rules)
  2030281 - ET CURRENT_EVENTS Common Form POST - CenturyLink Phishing
Landing 2020-06-11 (current_events.rules)
  2030282 - ET CURRENT_EVENTS Common Form POST - Chase Phishing Landing
2020-06-11 (current_events.rules)
  2030283 - ET CURRENT_EVENTS Generic T.Goe Phishing Landing
(current_events.rules)
  2030284 - ET CURRENT_EVENTS Common Form POST - SunTrust Phishing Landing
2020-06-11 (current_events.rules)
  2030285 - ET CURRENT_EVENTS Common Form POST - Instagram Phishing Landing
2020-06-11 (current_events.rules)
  2030286 - ET CURRENT_EVENTS Common Form POST - Facebook Phishing Landing
2020-06-11 (current_events.rules)
  2030287 - ET CURRENT_EVENTS Common Form POST - Facebook Phishing Landing
2020-06-11 (current_events.rules)
  2030288 - ET CURRENT_EVENTS Common Form POST - Webmail Mini Phishing
Landing 2020-06-11 (current_events.rules)
  2030289 - ET CURRENT_EVENTS Common Form POST - Chase Phishing Landing
2020-06-11 (current_events.rules)
  2030290 - ET CURRENT_EVENTS Common Form POST - Yahoo Phishing Landing
2020-06-11 (current_events.rules)
  2030291 - ET CURRENT_EVENTS Common Form POST - Cox Phishing Landing
2020-06-11 (current_events.rules)
  2030292 - ET CURRENT_EVENTS Common Form POST - Linkedin Phishing Landing
2020-06-11 (current_events.rules)
  2030293 - ET CURRENT_EVENTS Common Form POST - SunTrust Phishing Landing
2020-06-11 (current_events.rules)
  2030294 - ET CURRENT_EVENTS Common Form POST - Whatsapp/Facebook Phishing
Landing 2020-06-11 (current_events.rules)
  2030295 - ET CURRENT_EVENTS Common Form POST - M&T Bank Phishing Landing
2020-06-11 (current_events.rules)
  2030296 - ET CURRENT_EVENTS Common Form POST - Yahoo Phishing Landing
2020-06-11 (current_events.rules)
  2030297 - ET CURRENT_EVENTS Common Form POST - Paypal Phishing Landing
2020-06-11 (current_events.rules)
  2030298 - ET CURRENT_EVENTS Common Form POST - Multibrand Phishing
Landing 2020-06-11 (current_events.rules)
  2030299 - ET CURRENT_EVENTS Common Form POST - Instagram Phishing Landing
2020-06-11 (current_events.rules)
  2030300 - ET CURRENT_EVENTS Common Form POST - SunTrust Phishing Landing
2020-06-11 (current_events.rules)
  2030301 - ET CURRENT_EVENTS Common Form POST - VK Phishing Landing
2020-06-11 (current_events.rules)
  2030302 - ET INFO Common Form POST - Possible Generic Phishing Landing
2020-06-11 (info.rules)
  2030303 - ET CURRENT_EVENTS Common Form POST - Chase Phishing Landing
2020-06-11 (current_events.rules)
  2030304 - ET CURRENT_EVENTS Common Form POST - Instagram Phishing Landing
2020-06-11 (current_events.rules)
  2030305 - ET CURRENT_EVENTS Common Form POST - Netease Webmail Phishing
Landing 2020-06-11 (current_events.rules)
  2030306 - ET CURRENT_EVENTS Common Form POST - Paypal Phishing Landing
2020-06-11 (current_events.rules)
  2030307 - ET CURRENT_EVENTS Common Form POST - Microsoft Account Phishing
Landing 2020-06-11 (current_events.rules)
  2030308 - ET CURRENT_EVENTS Common Form POST - Yahoo Phishing Landing
2020-06-11 (current_events.rules)
  2030309 - ET EXPLOIT Wireless IP Camera (P2) WIFICAM Remote Code
Execution (exploit.rules)
  2030310 - ET EXPLOIT ASUS RT-N56U/RT-AC66U Remote Code Execution
(exploit.rules)
  2030311 - ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023
(exploit.rules)
  2030312 - ET EXPLOIT Mi TV Integration Remote Code Execution
CVE-2018???16130 (exploit.rules)
  2030313 - ET TROJAN Win32/LODEINFO v0.3.6 CnC Checkin (trojan.rules)
  2030314 - ET TROJAN Win32/LODEINFO v0.3.5 CnC Checkin (trojan.rules)
  2030315 - ET TROJAN Downloader Retrieving Malicious Powershell in DNS
Response (trojan.rules)

 Pro:

  2842979 - ETPRO MOBILE_MALWARE Trojan.Ewind.Android.365 Checkin
(mobile_malware.rules)
  2842980 - ETPRO MOBILE_MALWARE Android.HiddenAds.1994 Checkin
(mobile_malware.rules)
  2842981 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.Loader)
(trojan.rules)
  2842982 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.Loader)
(trojan.rules)
  2842983 - ETPRO TROJAN Observed Malicious SSL Cert (Unk.Loader)
(trojan.rules)
  2842984 - ETPRO TROJAN Unk.Loader Retrieving Payload 2020-06-11
(trojan.rules)
  2842985 - ETPRO TROJAN ELF/Mirai Variant CnC Server Reply (SC ON)
(trojan.rules)
  2842986 - ETPRO CURRENT_EVENTS Successful Generic Phish to .ga Domain
2020-06-11 (current_events.rules)
  2842987 - ETPRO CURRENT_EVENTS Successful UBI Banca Phish 2020-06-11
(current_events.rules)
  2842988 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-06-11 (current_events.rules)
  2842989 - ETPRO CURRENT_EVENTS Successful Ruralvia Phish 2020-06-11
(current_events.rules)
  2842990 - ETPRO TROJAN SSL/TLS Certificate Observed (Donot Group)
(trojan.rules)
  2842991 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-06-11 1) (trojan.rules)
  2842992 - ETPRO TROJAN High Volume Outbound SMTP - Repeated Space .exe
Filename (trojan.rules)
  2842993 - ETPRO TROJAN Win32/Bagz.F Malicious Email Spam Outbound
(trojan.rules)
  2842994 - ETPRO TROJAN Win32/Eqtonex.F Related HTTP Request (trojan.rules)
  2842996 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-06-11
(current_events.rules)
  2842997 - ETPRO CURRENT_EVENTS Successful Capital One Phish 2020-06-11
(current_events.rules)
  2842998 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2020-06-11 (current_events.rules)
  2842999 - ETPRO TROJAN Observed SocGholish Domain in TLS SNI
(trojan.rules)
  2843000 - ETPRO TROJAN Win32/Remcos RAT Checkin 457 (trojan.rules)
  2843001 - ETPRO TROJAN Win32/Remcos RAT Checkin 458 (trojan.rules)

 [///]     Modified active rules:     [///]

  2030252 - ET TROJAN Observed Malicious SSL Cert (CobaltStrike CnC)
(trojan.rules)
  2842926 - ETPRO CURRENT_EVENTS Successful PayPal Phish (FR) 2020-06-08
(current_events.rules)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20200611/6d6d6e2b/attachment.html>


More information about the Emerging-updates mailing list