[***] Summary: [***]
9 new OPEN, 21 new PRO (9 + 12). MetInfo SQL Injection, LinkedIn Phish, CoinMiners
Thanks @ViriBack
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.
[+++] Added rules: [+++]
Open:
2035015 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2 (trojan.rules)
2035016 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2 (trojan.rules)
2035017 - ET TROJAN Win32.SpyEyes.bllw CnC Exfil (trojan.rules)
2035018 - ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-17418) (exploit.rules)
2035019 - ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-16997) (exploit.rules)
2035020 - ET POLICY 3proxy Domain Domain in DNS Lookup (3proxy .ru) (policy.rules)
2035021 - ET POLICY 3proxy Domain Domain in DNS Lookup (3proxy .org) (policy.rules)
2035022 - ET CURRENT_EVENTS LinkedIn Phish Landing Page 2022-01-31 (current_events.rules)
2035023 - ET INFO URL Shortener Service Domain in DNS Lookup (yourls .org) (info.rules)
Pro:
2850963 - ETPRO INFO Active Directory IdP SSO Signin Request (info.rules)
2850964 - ETPRO USER_AGENTS Suspicious User-Agent (UA3) (user_agents.rules)
2850965 - ETPRO USER_AGENTS Suspicious User-Agent (UA4) (user_agents.rules)
2850967 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 1) (trojan.rules)
2850968 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 2) (trojan.rules)
2850969 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 3) (trojan.rules)
2850970 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 4) (trojan.rules)
2850971 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 5) (trojan.rules)
2850972 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 6) (trojan.rules)
2850973 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 7) (trojan.rules)
2850974 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 8) (trojan.rules)
2850975 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-01-29 9) (trojan.rules)
[---] Removed rules: [---]
2843854 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2 (trojan.rules)
2843956 - ETPRO TROJAN Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2 (trojan.rules)
2848327 - ETPRO TROJAN Win32.SpyEyes.bllw CnC Exfil (trojan.rules)