[***] Summary: [***]

10 new OPEN, 35 new PRO (10 + 25). F5 CVE-2021-22986, Blue Eagle XPR,
Yealink RCE, Various PHISH.

Thanks: Jake Warren

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032086 - ET TROJAN W32/Photoloader.Downloader Request Cookie
(trojan.rules)
2032087 - ET WEB_SERVER Generic Mailer Accessed on Internal Compromised
Server (web_server.rules)
2032088 - ET WEB_CLIENT Generic Mailer Accessed on External Compromised
Server (web_client.rules)
2032089 - ET WEB_SERVER Generic Mailer Accessed on Internal Compromised
Server (web_server.rules)
2032090 - ET WEB_CLIENT Generic Mailer Accessed on External Compromised
Server (web_client.rules)
2032091 - ET SCAN DNS Query for allports.exposed (scan.rules)
2032092 - ET EXPLOIT F5 BIG-IP iControl REST Unauthenticated RCE Inbound
(CVE-2021-22986) (exploit.rules)
2032093 - ET TROJAN Observed Malicious SSL Cert (CopperStealer CnC)
(trojan.rules)
2032094 - ET TROJAN Observed Malicious SSL Cert (CopperStealer CnC)
(trojan.rules)
2032095 - ET EXPLOIT Yealink RCE Attempt (CVE-2021-27561) (exploit.rules)

Pro:

2847648 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847649 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847650 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847651 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847652 - ETPRO TROJAN ELF/Save.A CnC Keep-Alive (Outbound) (trojan.rules)
2847653 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2021-03-17
(current_events.rules)
2847654 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-03-17
(current_events.rules)
2847655 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-03-17 (current_events.rules)
2847656 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish
2021-03-17 (current_events.rules)
2847657 - ETPRO CURRENT_EVENTS Successful Standard Bank Online Phish
2021-03-17 (current_events.rules)
2847658 - ETPRO CURRENT_EVENTS Successful Aplus JP Phish 2021-03-17
(current_events.rules)
2847659 - ETPRO CURRENT_EVENTS Successful NetBank Phish 2021-03-17
(current_events.rules)
2847660 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-17 1) (trojan.rules)
2847661 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-17 2) (trojan.rules)
2847662 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-17 3) (trojan.rules)
2847663 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-17 4) (trojan.rules)
2847664 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-17 5) (trojan.rules)
2847665 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2021-03-17
(current_events.rules)
2847666 - ETPRO CURRENT_EVENTS Successful Cash App Phish 2021-03-17
(current_events.rules)
2847667 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2021-03-17
(current_events.rules)
2847668 - ETPRO TROJAN Jacard Variant CnC Host Checkin (trojan.rules)
2847669 - ETPRO TROJAN Jacard Variant CnC Activity (trojan.rules)
2847673 - ETPRO TROJAN Win32/Remcos RAT Checkin 692 (trojan.rules)
2847674 - ETPRO TROJAN Blue Eagle XPR RAT Checkin (Java) (trojan.rules)
2847675 - ETPRO MALWARE Blue Eagle XPR RAT Checkin (VB) (malware.rules)

[///] Modified active rules: [///]

2030496 - ET TROJAN ELF/BASHLITE vbot Variant CnC (trojan.rules)
2032080 - ET TROJAN ELF/BASHLITE CnC Activity (Response) (trojan.rules)
2807561 - ETPRO TROJAN Bunitu Covert Channel Session Init (trojan.rules)
2839489 - ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response
(trojan.rules)
2839490 - ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (x86)
(trojan.rules)
2839491 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin M2 (trojan.rules)
2839492 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin M3 (trojan.rules)
2840333 - ETPRO TROJAN ELF/BASHLITE Variant CnC Activity (trojan.rules)
2840334 - ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response
(trojan.rules)
2840435 - ETPRO TROJAN ELF/BASHLITE Variant Checkin (trojan.rules)
2840436 - ETPRO TROJAN ELF/BASHLITE Variant CnC Server Response
(trojan.rules)
2840514 - ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (i686)
(trojan.rules)
2840515 - ETPRO TROJAN ELF/BASHLITE Variant Reporting Arch Type (i586)
(trojan.rules)
2840516 - ETPRO TROJAN ELF/BASHLITE/Mirai Cayosin Variant CnC Server
Message (trojan.rules)
2841105 - ETPRO TROJAN ELF/BASHLITE Variant CnC Activity (trojan.rules)
2841512 - ETPRO TROJAN ELF/Various Mirai/BASHLITE Infected Device Checkin
(trojan.rules)
2842110 - ETPRO TROJAN ELF/BASHLITE CnC Response (trojan.rules)
2842175 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2842178 - ETPRO TROJAN ELF/BASHLITE Variant Malicious Bash Script Inbound
(trojan.rules)
2842256 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2842257 - ETPRO TROJAN ELF/BASHLITE Variant CnC Response (trojan.rules)
2842258 - ETPRO TROJAN ELF/BASHLITE Variant CnC Telscan Command Inbound
(trojan.rules)
2842453 - ETPRO TROJAN ELF/BASHLITE Variant CnC Activity Inbound
(trojan.rules)
2842454 - ETPRO TROJAN ELF/BASHLITE Variant CnC Scanner Status Inbound
(trojan.rules)
2844637 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2846080 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2846081 - ETPRO TROJAN ELF/BASHLITE Variant Server Response (trojan.rules)
2846082 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2846526 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2846527 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2847180 - ETPRO TROJAN ELF/BASHLITE Variant CnC Activity (trojan.rules)
2847206 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2847301 - ETPRO TROJAN ELF/BASHLITE Variant CnC Checkin (trojan.rules)
2847643 - ETPRO TROJAN Win32/Agent.RLQ Variant CnC Activity (trojan.rules)