[***] Summary: [***]

3 new OPEN, 12 new PRO (3 + 9). Win32/WinDealer, Domenus JS
Downloader, Win32/Remcos, Redline Stealer, MSIL/Kryptik.ACNA and
Various Phish

Thanks to @jpcert

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034253 - ET SCAN FTPSync Settings Disclosure Attempt (scan.rules)
2034254 - ET TROJAN Win32/WinDealer CnC Activity (Checkin) (trojan.rules)
2034255 - ET CURRENT_EVENTS Successful CSIS Credential Phish
(current_events.rules)

Pro:

2850286 - ETPRO TROJAN Redline Stealer TCP CnC Activity (trojan.rules)
2850287 - ETPRO TROJAN Win32/Remcos RAT Checkin 761 (trojan.rules)
2850288 - ETPRO TROJAN Domenus JS Downloader Activity (POST) (trojan.rules)
2850289 - ETPRO TROJAN JS RAT Sending System Information (POST) (trojan.rules)
2850291 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-26
(current_events.rules)
2850292 - ETPRO TROJAN MSIL/TrojanDownloader.Age CnC (trojan.rules)
2850293 - ETPRO MALWARE MSIL/Kryptik.ACNA Variant SMTP Exfil
Activity M1 (malware.rules)
2850294 - ETPRO MALWARE MSIL/Kryptik.ACNA Variant SMTP Exfil
Activity M2 (malware.rules)
2850295 - ETPRO MALWARE MSIL/Kryptik.ACNA Variant SMTP Exfil
Activity M3 (malware.rules)

[///] Modified active rules: [///]

2830844 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-05-14 15) (trojan.rules)
2833045 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2018-10-10 2) (trojan.rules)
2850027 - ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init (trojan.rules)
2850206 - ETPRO TROJAN Sainbox Checkin (trojan.rules)
2850207 - ETPRO TROJAN Sainbox Keepalive (trojan.rules)