[***] Summary: [***]

6 new OPEN, 18 new PRO (6 + 12). Multiple CVE, NSO Group,
Win32/a310Logger, Android/Bahamut.

Thanks @James_inthe_box

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033775 - ET EXPLOIT Microsoft Edge Chakra -
InjectJsBuiltInLibraryCode Use-After-Free Inbound (CVE-2019-0568)
(exploit.rules)
2033776 - ET TROJAN NSO Group Pegasus Related Data Exfil (POST) (trojan.rules)
2033777 - ET TROJAN NSO Group Pegasus Related Data Exfil (POST) M2
(trojan.rules)
2033778 - ET TROJAN NSO Group Pegasus Related Data Exfil (POST) M3
(trojan.rules)
2033779 - ET TROJAN Win32/a310Logger Clipboard Exfil via SMTP (trojan.rules)
2033780 - ET TROJAN Win32/a310Logger Data Exfil via SMTP (trojan.rules)

Pro:

2849739 - ETPRO EXPLOIT Use-After-Free in QuickTimePluginReplacement
(CVE-2021-1879) (exploit.rules)
2849740 - ETPRO MALWARE Suspicious Domain (flow .lavasoft .com) in
TLS SNI (malware.rules)
2849741 - ETPRO MALWARE Suspicious Domain (sos .adaware .com) in TLS
SNI (malware.rules)
2849742 - ETPRO TROJAN Observed Malicious SSL Cert (Possible
Brushaloader CnC) (trojan.rules)
2849743 - ETPRO TROJAN Observed Malicious SSL Cert (Possible
Brushaloader CnC) (trojan.rules)
2849744 - ETPRO MOBILE_MALWARE Android/Bahamut (TLS SNI)
(mobile_malware.rules)
2849745 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.ef (TLS SNI)
(mobile_malware.rules)
2849746 - ETPRO MOBILE_MALWARE Android/Bahamut (TLS SNI) 2
(mobile_malware.rules)
2849747 - ETPRO TROJAN Observed Malicious SSL Cert (OrcusRAT) (trojan.rules)
2849748 - ETPRO CURRENT_EVENTS Successful Outlook Credential Phish
2021-08-24 (current_events.rules)
2849749 - ETPRO CURRENT_EVENTS Successful Navy Federal Credit Union
Phish 2021-08-24 (current_events.rules)
2849750 - ETPRO TROJAN Win32/Remcos RAT Checkin 744 (trojan.rules)

[///] Modified active rules: [///]

2033167 - ET TROJAN a310Logger Stealer Exfil (SMTP) (trojan.rules)

[---] Disabled rules: [---]

2849725 - ETPRO TROJAN Win32/StormKitty/a310Logger Exfil via SMTP
(trojan.rules)

[---] Removed rules: [---]

2848991 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-17 4) (trojan.rules)

Date:
Summary title:
6 new OPEN, 18 new PRO (6 + 12). Multiple CVE, NSO Group, Win32/a310Logger, Android/Bahamut.