[***] Summary: [***]

5 new OPEN, 29 new PRO (5 + 24). Parallax, Raccoon Stealer,
Molerats, AsyncRAT, PurpKeyLogger, Various PHISH.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032526 - ET TROJAN Parallax CnC Activity (set) M14 (trojan.rules)
2032527 - ET TROJAN Parallax CnC Response Activity M14 (trojan.rules)
2032528 - ET TROJAN Observed Malicious SSL Cert (Python RAT (Aurora
Campaign)) (trojan.rules)
2032529 - ET TROJAN Win32.Raccoon Stealer CnC Domain in TLS SNI
(heroofthe .top) (trojan.rules)
2032530 - ET TROJAN Molerats Related VBS Retrieval (trojan.rules)

Pro:

2848048 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848049 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848050 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848051 - ETPRO TROJAN Win32/PurpKeylogger CnC Activity (trojan.rules)
2848052 - ETPRO TROJAN Win32/PurpKeylogger CnC Checkin (trojan.rules)
2848053 - ETPRO CURRENT_EVENTS Successful SunTrust Phish 2021-04-07
(current_events.rules)
2848054 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-06 1) (trojan.rules)
2848055 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-06 2) (trojan.rules)
2848056 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-06 3) (trojan.rules)
2848057 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-06 4) (trojan.rules)
2848058 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-06 5) (trojan.rules)
2848059 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-06 6) (trojan.rules)
2848060 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-06 7) (trojan.rules)
2848061 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-06 8) (trojan.rules)
2848062 - ETPRO CURRENT_EVENTS Successful Blackboard Phish
2021-04-07 (current_events.rules)
2848063 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2021-04-07
(current_events.rules)
2848064 - ETPRO CURRENT_EVENTS Successful Generic Account Update
Phish 2021-04-07 (current_events.rules)
2848065 - ETPRO CURRENT_EVENTS Successful Linkedin Phish 2021-04-07
(current_events.rules)
2848066 - ETPRO USER_AGENTS Suspicious User-Agent (Some USER -
AGENT) (user_agents.rules)
2848067 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2848068 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2848069 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2848070 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules)
2848071 - ETPRO TROJAN Apollo/Mythic CnC Traffic (POST) (trojan.rules)

[---] Disabled and modified rules: [---]

2100327 - GPL MISC Finger remote command pipe execution attempt (misc.rules)

Date:
Summary title:
5 new OPEN, 29 new PRO (5 + 24). Parallax, Raccoon Stealer, Molerats, AsyncRAT, PurpKeyLogger, Various PHISH.