[***] Summary: [***]
0 new OPEN, 6 new PRO (0 + 6). Redline Stealer.
Thanks @amnesty
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Pro:
2850139 - ETPRO INFO Fake BMP Request Retrieving MZ Payload (info.rules)
2850140 - ETPRO TROJAN Redline Stealer TCP CnC - CheckConnect M2
(trojan.rules)
2850141 - ETPRO TROJAN Redline Stealer TCP CnC -
ExtensionInstalledSoftwares (trojan.rules)
2850142 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionDiscord
(trojan.rules)
2850143 - ETPRO TROJAN Redline Stealer TCP CnC -
ExtensionColdWallets (trojan.rules)
2850144 - ETPRO TROJAN Redline Stealer TCP CnC - ExtensionProcess
(trojan.rules)
[+++] Enabled and modified rules: [+++]
2009083 - ET INFO Set flow on bmp file get (info.rules)
[///] Modified active rules: [///]
2808644 - ETPRO TROJAN Win32/Hupigon.NYK Checkin (trojan.rules)
2814778 - ETPRO TROJAN TinyLoader.D CnC Initiial Beacon x86 (trojan.rules)
2820586 - ETPRO TROJAN Win32/TrojanDownloader.IndigoRose.R Checkin
(trojan.rules)
2826991 - ETPRO TROJAN Win32/Agent.SCO Variant CnC Activity (trojan.rules)
2837546 - ETPRO TROJAN Netwire RAT Check-in (trojan.rules)
2843205 - ETPRO TROJAN Malicious Encoded EXE Inbound (trojan.rules)
2849753 - ETPRO TROJAN Redline Stealer TCP CnC - EnvironmentSettings
(trojan.rules)
2849754 - ETPRO TROJAN Redline Stealer TCP CnC - Init (trojan.rules)
[---] Disabled and modified rules: [---]
2018283 - ET TROJAN Possible Netwire RAT Client HeartBeat C2 (trojan.rules)
[---] Removed rules: [---]
2841233 - ETPRO TROJAN DiplomatLoader CnC (GET) (trojan.rules)