[***] Summary: [***]
6 new OPEN, 14 new PRO (6 + 8). Sn0wsLogger, TeamTNT, AsyncRAT, AZORult.
Thanks: @suprn8.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031582 - ET TROJAN Sn0wsLogger CnC Exfil M1 (trojan.rules)
2031583 - ET TROJAN Sn0wsLogger CnC Exfil M2 (trojan.rules)
2031584 - ET POLICY External Host Creating Docker Image (policy.rules)
2031585 - ET TROJAN TeamTnT Gattling Gun AWS Creds Exfil (trojan.rules)
2031586 - ET TROJAN TeamTNT Gattling Gun CnC Domain in DNS Lookup
(trojan.rules)
2031587 - ET POLICY External Host Sending Docker Swarm Join Command
(policy.rules)
Pro:
2846808 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846809 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846810 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2846811 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-27 1) (trojan.rules)
2846812 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-27 2) (trojan.rules)
2846813 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-01-27 3) (trojan.rules)
2846814 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC)
(trojan.rules)
2846815 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish
2021-01-28 (current_events.rules)
[///] Modified active rules: [///]
2020381 - ET TROJAN DDoS.XOR Checkin (trojan.rules)