[***] Summary: [***]

3 new OPEN, 25 new PRO (3 + 22). CVE-2021-26411, SUPERNOVA
WebShell, AsyncRAT, Various Phish, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2031879 - ET WEB_SERVER Suspected SUPERNOVA Webshell Command
(External) (web_server.rules)
2031880 - ET WEB_SERVER Suspected SUPERNOVA Webshell Command
(Internal) (web_server.rules)
2031881 - ET TROJAN Cobalt Strike Beacon (WooCommerce Profile) (trojan.rules)

Pro:

2847482 - ETPRO MOBILE_MALWARE Android/SnowDrip Checkin (mobile_malware.rules)
2847483 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847484 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2847485 - ETPRO TROJAN Elysium Variant Stealer CnC Exfil (trojan.rules)
2847486 - ETPRO TROJAN Observed Elysium Variant CnC Domain in TLS
SNI (musicislife .xyz) (trojan.rules)
2847487 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 1) (trojan.rules)
2847488 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 3) (trojan.rules)
2847489 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 4) (trojan.rules)
2847490 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 5) (trojan.rules)
2847491 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 6) (trojan.rules)
2847492 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 7) (trojan.rules)
2847493 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 8) (trojan.rules)
2847494 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 9) (trojan.rules)
2847495 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 10) (trojan.rules)
2847496 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 11) (trojan.rules)
2847497 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-09 12) (trojan.rules)
2847498 - ETPRO CURRENT_EVENTS Successful Regions Bank Phish
2021-03-09 (current_events.rules)
2847499 - ETPRO CURRENT_EVENTS Successful SF Express Phish
2021-03-09 (current_events.rules)
2847500 - ETPRO CURRENT_EVENTS Successful HSBC Phish 2021-03-09
(current_events.rules)
2847501 - ETPRO CURRENT_EVENTS Successful Generic Mail Settings
Phish 2021-03-09 (current_events.rules)
2847502 - ETPRO EXPLOIT Possible Internet Explorer Memory
Corruption/UAF (CVE-2021-26411) (exploit.rules)
2847503 - ETPRO TROJAN DTLoader Variant Activity (trojan.rules)

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
3 new OPEN, 25 new PRO (3 + 22). CVE-2021-26411, SUPERNOVA WebShell, AsyncRAT, Various Phish, Others.