[***] Summary: [***]
6 new OPEN, 13 new PRO (6 + 7)
Thanks ThingzEye!
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2032778 - ET TROJAN Observed Win32/Wacapew.A!ml Domain in TLS SNI (zytrox
.tk) (trojan.rules)
2032779 - ET INFO Malformed Domain Name in DNS Query (Domain Length
Exceeds 253 Bytes) (info.rules)
2032780 - ET EXPLOIT ZBL EPON ONU Broadband Router Remote Privilege
Escalation Inbound M1 (exploit.rules)
2032781 - ET EXPLOIT ZBL EPON ONU Broadband Router Remote Privilege
Escalation Inbound M2 (exploit.rules)
2032782 - ET EXPLOIT ZBL EPON ONU Broadband Router Remote Privilege
Escalation - Responding with Superuser Credentials (exploit.rules)
2032783 - ET TROJAN Remcos Builder License Check (trojan.rules)
Pro:
2848225 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848226 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848227 - ETPRO TROJAN Observed Malicious AsyncRAT Style SSL Cert
(trojan.rules)
2848228 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2848229 - ETPRO TROJAN Possible Gamaredon MalDoc CnC Exfil (trojan.rules)
2848230 - ETPRO TROJAN Observed Malicious SSL Cert (OrcusRAT)
(trojan.rules)
2848232 - ETPRO TROJAN Win32/BackstageStealer CnC Activity M3
(trojan.rules)
[///] Modified active rules: [///]
2032342 - ET TROJAN Win32/Unk Downloader CnC Activity (trojan.rules)