[***] Summary: [***]

0 new OPEN, 6 new PRO (0 + 6). Redline Stealer.

Thanks @amnesty

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Pro:

2850139 - ETPRO INFO Fake BMP Request Retrieving MZ Payload (info.rules)
2850140 - ETPRO TROJAN Redline Stealer TCP CnC - CheckConnect M2
(trojan.rules)
2850141 - ETPRO TROJAN Redline Stealer TCP CnC -
ExtensionInstalledSoftwares (trojan.rules)
2850142 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionDiscord
(trojan.rules)
2850143 - ETPRO TROJAN Redline Stealer TCP CnC -
ExtensionColdWallets (trojan.rules)
2850144 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionProcess
(trojan.rules)

[+++] Enabled and modified rules: [+++]

2009083 - ET INFO Set flow on bmp file get (info.rules)

[///] Modified active rules: [///]

2808644 - ETPRO TROJAN Win32/Hupigon.NYK Checkin (trojan.rules)
2814778 - ETPRO TROJAN TinyLoader.D CnC Initiial Beacon x86 (trojan.rules)
2820586 - ETPRO TROJAN Win32/TrojanDownloader.IndigoRose.R Checkin
(trojan.rules)
2826991 - ETPRO TROJAN Win32/Agent.SCO Variant CnC Activity (trojan.rules)
2837546 - ETPRO TROJAN Netwire RAT Check-in (trojan.rules)
2843205 - ETPRO TROJAN Malicious Encoded EXE Inbound (trojan.rules)
2849753 - ETPRO TROJAN Redline Stealer TCP CnC - EnvironmentSettings
(trojan.rules)
2849754 - ETPRO TROJAN Redline Stealer TCP CnC - Init (trojan.rules)

[---] Disabled and modified rules: [---]

2018283 - ET TROJAN Possible Netwire RAT Client HeartBeat C2 (trojan.rules)

[---] Removed rules: [---]

2841233 - ETPRO TROJAN DiplomatLoader CnC (GET) (trojan.rules)