[***] Summary: [***]

5 new OPEN, 11 new PRO (5 + 6). Active Directory Federation Services (AD
FS) Replication Attempt, SupremeLogger, Win32/TrojanDropper.Agent.RLO,
Coinminers, Phish.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032883 - ET INFO Base64 Encoded Server Response (success) (info.rules)
2032884 - ET EXPLOIT Possible Local Active Directory Federation Services
(AD FS) Replication Attempt (exploit.rules)
2032885 - ET TROJAN SupremeLogger CnC Checkin (trojan.rules)
2032886 - ET MALWARE Malicious AutoIT File Upload (malware.rules)
2032887 - ET TROJAN Win32/TrojanDropper.Agent.RLO CnC Acitivty
(trojan.rules)

Pro:

2848338 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-27 1) (trojan.rules)
2848339 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-27 2) (trojan.rules)
2848340 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-27 3) (trojan.rules)
2848341 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-27 4) (trojan.rules)
2848342 - ETPRO POLICY Sordum Windows Defender Control Inbound
(policy.rules)
2848343 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2021-04-28
(current_events.rules)

[///] Modified active rules: [///]

2029334 - ET TROJAN Mimikatz x86 Executable Download Over HTTP
(trojan.rules)
2029335 - ET TROJAN Mimikatz x64 Executable Download Over HTTP
(trojan.rules)
2032523 - ET EXPLOIT Possible Zyxel Authentication Bypass Inbound
(CVE-2021-3297) (exploit.rules)
2032592 - ET CURRENT_EVENTS Successful Bank of America Phish (set) M3
2016-10-14 (current_events.rules)
2032644 - ET CURRENT_EVENTS Successful Paypal Phish M2 2016-11-29
(current_events.rules)
2032652 - ET CURRENT_EVENTS Successful Gmail Phish 2016-12-06
(current_events.rules)
2032667 - ET CURRENT_EVENTS Successful Discover Phish M3 2016-12-14
(current_events.rules)
2842516 - ETPRO TROJAN Possible More_eggs CnC Activity M2 (trojan.rules)