[***] Summary: [***]

16 new OPEN, 35 new PRO (16 + 19). Multiple CVE, Win32/44Caliber
Stealer, AsyncRAT, Trojan.AndroidOS.Triada.ef, Redline Stealer.

Thanks @James_inthe_box and @Thingzeye

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033833 - ET MALWARE Win32/44Caliber Stealer Variant Activity (POST)
(malware.rules)
2033834 - ET EXPLOIT Microsoft Exchange - Information Disclosure
flowbit set (CVE-2021-33766) (exploit.rules)
2033835 - ET EXPLOIT Microsoft Exchange - Successful msExchEcpCanary
Disclosure (CVE-2021-33766) (exploit.rules)
2033836 - ET EXPLOIT Microsoft Exchange - InboxRules.svc Access
Observed Following Successful ProxyToken Attack (exploit.rules)
2033837 - ET EXPLOIT Possible Realtek SDK - formRebootCheck/formWsc
Stack Buffer Overflow Inbound (CVE-2021-35392) (exploit.rules)
2033838 - ET EXPLOIT Possible Realtek SDK - formWlSiteSurvey Stack
Buffer Overflow Inbound (CVE-2021-35393) (exploit.rules)
2033839 - ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access
Inbound (CVE-2021-35395) (exploit.rules)
2033840 - ET EXPLOIT Realtek SDK - Command Injection Inbound
(CVE-2021-35395) (exploit.rules)
2033841 - ET EXPLOIT Possible Realtek SDK - formStaticDHCP Stack
Buffer Overflow Inbound (CVE-2021-35393) (exploit.rules)
2033842 - ET EXPLOIT Possible Realtek SDK - formWlanMultipleAP Stack
Buffer Overflow Inbound (CVE-2021-35393) (exploit.rules)
2033843 - ET EXPLOIT Possible Realtek SDK - Stack Buffer Overflow
via UPnP SUBSCRIBE Callback Header Inbound (CVE-2021-35393)
(exploit.rules)
2033844 - ET INFO Suspicious Shellcode Request (info.rules)
2033845 - ET EXPLOIT TOTOLINK Router Cross-site Scripting
CVE-2021-34228 (boafrm) M1 (exploit.rules)
2033846 - ET EXPLOIT TOTOLINK Router Cross-site Scripting
CVE-2021-34228 (boafrm) M2 (exploit.rules)
2033847 - ET EXPLOIT TOTOLINK Router Cross-site Scripting
CVE-2021-34228 (boafrm) M3 (exploit.rules)
2033848 - ET EXPLOIT TOTOLINK Router Cross-site Scripting
CVE-2021-34228 (boafrm) M4 (exploit.rules)

Pro:

2849779 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849780 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849781 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.ef Checkin
(mobile_malware.rules)
2849782 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.ef Checkin 2
(mobile_malware.rules)
2849783 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.ef Checkin 3
(mobile_malware.rules)
2849784 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.ef Checkin 4
(mobile_malware.rules)
2849785 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.ef Checkin 5
(mobile_malware.rules)
2849786 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Triada.ef Checkin 6
(mobile_malware.rules)
2849787 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BUF Reporting
Contact List (mobile_malware.rules)
2849788 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-08-30
(current_events.rules)
2849789 - ETPRO MOBILE_MALWARE Android Spy Kaishi Checkin
(mobile_malware.rules)
2849790 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-08-30
(current_events.rules)
2849791 - ETPRO MOBILE_MALWARE Android Spy Kaishi Checkin 2
(mobile_malware.rules)
2849792 - ETPRO MOBILE_MALWARE Android Spy Kaishi Checkin 3
(mobile_malware.rules)
2849793 - ETPRO TROJAN Win32/Unk.DiscordGrabber CnC Activity (trojan.rules)
2849794 - ETPRO TROJAN Redline Stealer TCP CnC - PartColdWallets
(trojan.rules)
2849795 - ETPRO TROJAN Redline Stealer TCP CnC - PartHardwares (trojan.rules)
2849796 - ETPRO TROJAN Redline Stealer TCP CnC -
PartInstalledBrowsers (trojan.rules)
2849797 - ETPRO TROJAN Redline Stealer TCP CnC - PartProcesses (trojan.rules)

[///] Modified active rules: [///]

2024599 - ET CURRENT_EVENTS Possible Interac Phish Aug 18 2017
(current_events.rules)

[---] Disabled rules: [---]

2029674 - ET CURRENT_EVENTS Successful Interac Phish 2019-05-15
(current_events.rules)