[***] Summary: [***]
6 new OPEN, 41 new PRO (6 + 35). CVE-2021-25646, Babydraco, Exchange
Webshell, Various AsyncRAT, Adamantium Thief, Remcos, Coinminers, VARIOUS
PHISH.
tks: @travisbgreen
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2032340 - ET EXPLOIT Possible Apache Druid RCE Inbound (CVE-2021-25646)
(exploit.rules)
2032341 - ET TROJAN Observed Malicious SSL Cert (Win32/Unk Downloader
CnC) (trojan.rules)
2032342 - ET TROJAN Win32/Unk Downloader CnC Activity (trojan.rules)
2032343 - ET TROJAN Maldoc Checkin Activity (GET) (trojan.rules)
2032344 - ET WEB_SERVER Babydraco WebShell Activity (web_server.rules)
2032345 - ET WEB_CLIENT Exchange Webshell CnC Domain in DNS Lookup
(web_client.rules)
Pro:
2847851 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847852 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847853 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847854 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847855 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847857 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847858 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847859 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847860 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2847856 - ETPRO INFO Observed Suspicious SSL Cert (TEST) (info.rules)
2847861 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-27 1) (trojan.rules)
2847862 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-27 2) (trojan.rules)
2847863 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-27 3) (trojan.rules)
2847864 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-29 1) (trojan.rules)
2847865 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-29 2) (trojan.rules)
2847866 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-29 3) (trojan.rules)
2847867 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-29 4) (trojan.rules)
2847868 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-03-29 5) (trojan.rules)
2847869 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2021-03-29 (current_events.rules)
2847870 - ETPRO CURRENT_EVENTS Successful Lifecard JP Phish 2021-03-29
(current_events.rules)
2847871 - ETPRO CURRENT_EVENTS Successful Idaho Central Credit Union
Phish 2021-03-29 (current_events.rules)
2847872 - ETPRO CURRENT_EVENTS Successful Netease 163 Webmail Phish
2021-03-29 (current_events.rules)
2847873 - ETPRO CURRENT_EVENTS Successful Telekom / Tmobile Phish
2021-03-29 (current_events.rules)
2847874 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish
2021-03-29 (current_events.rules)
2847875 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-03-29
(current_events.rules)
2847876 - ETPRO CURRENT_EVENTS Successful Barclays Phish 2021-03-29
(current_events.rules)
2847877 - ETPRO CURRENT_EVENTS Successful Generic Banking Phish
2021-03-29 (current_events.rules)
2847878 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2021-03-29
(current_events.rules)
2847879 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2021-03-29
(current_events.rules)
2847880 - ETPRO TROJAN Adamantium Thief Variant CnC Checkin (trojan.rules)
2847881 - ETPRO TROJAN Adamantium Thief Variant CnC Activity
(trojan.rules)
2847883 - ETPRO TROJAN Win32/Remcos RAT Checkin 697 (trojan.rules)
2847884 - ETPRO TROJAN Win32/Remcos RAT Checkin 698 (trojan.rules)
2847885 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2021-03-29 (current_events.rules)
[---] Disabled and modified rules: [---]
2845074 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-10-21
(current_events.rules)
2845639 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-11-24
(current_events.rules)