[***] Summary: [***]
6 new OPEN, 17 new PRO (6 + 11). Raccoon Stealer, SUNSHUTTLE, Multiple
CVE, SPORTSBALL, Remcos, Various Phish.
NOTE: Due to a company holiday there will be no rule push on 2021-03-05.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2031807 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(teastycandycoffe .top) (trojan.rules)
2031808 - ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt
M2 (exploit.rules)
2031809 - ET EXPLOIT D-Link DI-804HV DNS Changer Exploit Attempt
(exploit.rules)
2031810 - ET TROJAN Cobalt Strike Beacon CnC (trojan.rules)
2031811 - ET TROJAN SUNSHUTTLE CnC Activity (trojan.rules)
2031812 - ET WEB_CLIENT APT/Hafnium SPORTSBALL Webshell Observed
Outbound (web_client.rules)
Pro:
2847440 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-04 1) (trojan.rules)
2847441 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-04 2) (trojan.rules)
2847442 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-04 3) (trojan.rules)
2847443 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-04 4) (trojan.rules)
2847444 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-04 5) (trojan.rules)
2847445 - ETPRO CURRENT_EVENTS Successful Mercado Pago Phish
2021-03-04 (current_events.rules)
2847446 - ETPRO EXPLOIT Windows DirectWrite Heap-Based Buffer
Overflow Inbound (CVE-2021-24093) (exploit.rules)
2847447 - ETPRO TROJAN Win32/Remcos RAT Checkin 682 (trojan.rules)
2847448 - ETPRO TROJAN Win32/Remcos RAT Checkin 683 (trojan.rules)
2847449 - ETPRO TROJAN Win32/Remcos RAT Checkin 684 (trojan.rules)
2847450 - ETPRO TROJAN Win32/Remcos RAT Checkin 685 (trojan.rules)
[///] Modified active rules: [///]
2027249 - ET POLICY Request for Possible Adobe Phishing Hosted on
Github.io (policy.rules)
2027907 - ET EXPLOIT ARG-W4 ASDL Router DNS Changer Exploit Attempt
(exploit.rules)
[---] Removed rules: [---]
2847438 - ETPRO EXPLOIT Windows DirectWrite Heap-Based Buffer
Overflow Inbound (CVE-2021-24093) (exploit.rules)