[***] Summary: [***]

5 new OPEN, 16 new PRO (5 + 11) Zoho ManagedEngine CVE-2021-44515,
W32/Witch.3FA0!tr, Raccoon Stealer, Gitlab Command injection
CVE-2021-24563, Remcos and Valyria.

Thanks @slash30Miata

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034957 - ET EXPLOIT Zoho ManagedEngine Desktop Central
Authentication Bypass - File Upload Attempt (CVE-2021-44515)
(exploit.rules)
2034958 - ET EXPLOIT Zoho ManagedEngine Desktop Central
Authentication Bypass - Administrator Password Reset Attempt
(CVE-2021-44515) (exploit.rules)
2034959 - ET TROJAN W32/Witch.3FA0!tr CnC Activity M3 (trojan.rules)
2034960 - ET TROJAN Win32.Raccoon Stealer Checkin M6 (trojan.rules)
2034961 - ET EXPLOIT GitLab Unauthenticated Remote ExifTool Command
Injection (CVE-2021-24563) (exploit.rules)

Pro:

2850909 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-23 1) (trojan.rules)
2850910 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-23 2) (trojan.rules)
2850911 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-23 3) (trojan.rules)
2850912 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-23 4) (trojan.rules)
2850913 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-23 5) (trojan.rules)
2850914 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-23 6) (trojan.rules)
2850915 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-23 7) (trojan.rules)
2850916 - ETPRO TROJAN Win32/Remcos RAT Checkin 767 (trojan.rules)
2850917 - ETPRO TROJAN VB:Trojan.Valyria CnC Activity (trojan.rules)

[///] Modified active rules: [///]

2847027 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-10 3) (trojan.rules)
2847351 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-26 7) (trojan.rules)

[---] Removed rules: [---]

2850477 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M6 (trojan.rules)