[***] Summary: [***]
3 new OPEN, 23 new PRO (3 + 20). DonotGroup, Win32/Zpevdo, RedLine,
Smokeloader, Coinminers.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2033363 - ET TROJAN Suspected DonotGroup Dropper Activity (trojan.rules)
2033364 - ET TROJAN Suspected DonotGroup Dropper Telegram API Activity
(trojan.rules)
2033365 - ET INFO DYNAMIC_DNS Query to freemyip .com Domain (info.rules)
Pro:
2849335 - ETPRO POLICY [MS-RPRN/SPOOLSS] DCERPC Bind_ack (flowbit set)
(policy.rules)
2849336 - ETPRO TROJAN Win32/Zpevdo Variant Activity (GET) (trojan.rules)
2849337 - ETPRO TROJAN Win32/Zpevdo Variant Telegram API Activity
(trojan.rules)
2849338 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 1) (trojan.rules)
2849339 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 2) (trojan.rules)
2849340 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 3) (trojan.rules)
2849341 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 4) (trojan.rules)
2849342 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 5) (trojan.rules)
2849343 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 6) (trojan.rules)
2849344 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 7) (trojan.rules)
2849345 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 8) (trojan.rules)
2849346 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 9) (trojan.rules)
2849347 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 10) (trojan.rules)
2849348 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 11) (trojan.rules)
2849349 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 12) (trojan.rules)
2849350 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-20 13) (trojan.rules)
2849351 - ETPRO TROJAN RedLine - EnvironmentSettings Request
(trojan.rules)
2849352 - ETPRO TROJAN RedLine - SetEnvironment Request (trojan.rules)
2849353 - ETPRO TROJAN Observed SmokeLoader Style Connectivity Check M3
(trojan.rules)
2849354 - ETPRO TROJAN Remote Admin Backdoor Related Activity
(trojan.rules)
[///] Modified active rules: [///]
2019378 - ET TROJAN Gozi/BlackNet Checkin (trojan.rules)
2023349 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND)
106 (trojan.rules)
2032086 - ET TROJAN Win32/IcedID Request Cookie (trojan.rules)
2033114 - ET EXPLOIT Solr DataImport Handler RCE (CVE-2019-0193)
(exploit.rules)
2033260 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncInstallPrinterDriverFromPackage (policy.rules)
2033261 - ET POLICY [MS-PAR] Windows Printer Spooler Activity -
RpcAsyncUploadPrinterDriverPackage (policy.rules)
[///] Modified inactive rules: [///]
2849129 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcAddPrinterDriverEx (policy.rules)
2849173 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcAddPrinterDriver (policy.rules)
2849174 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcEnumPrinterDrivers (policy.rules)
2849175 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetPrinterDriver (policy.rules)
2849176 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetPrinterDriverDirectory (policy.rules)
2849177 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcDeletePrinterDriver (policy.rules)
2849178 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetPrinterDriver2 (policy.rules)
2849179 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcDeletePrinterDriverEx (policy.rules)
2849180 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetCorePrinterDrivers (policy.rules)
2849181 - ETPRO POLICY [MS-RPRN] Windows Printer Spooler Activity -
RpcGetPrinterDriverPackagePath (policy.rules)