[***] Summary: [***]

8 new OPEN, 16 new PRO (8 + 8) ReverseRAT 2.0, APT10, TOTOLINK Realtek
SDK RCE (CVE-2019-19824), Koadic and VARIOUS Phishing sigs.

Thanks @malwrhunterteam and @JAMESWT_MHT

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035275 - ET TROJAN ReverseRat 2.0 CnC Checkin M2 (trojan.rules)
2035276 - ET TROJAN APT10 Related Domain in DNS Lookup (microsofts .cc)
(trojan.rules)
2035277 - ET TROJAN APT10 Related Domain in DNS Lookup (08mma .com)
(trojan.rules)
2035278 - ET TROJAN APT10 Related Domain in DNS Lookup (microsofts .top)
(trojan.rules)
2035279 - ET TROJAN APT10 Related Domain in DNS Lookup (3mmlq .com)
(trojan.rules)
2035280 - ET TROJAN APT10 Related Domain in DNS Lookup (7cnbo .com)
(trojan.rules)
2035281 - ET INFO URL Shortener Service Domain in DNS Lookup (u .to)
(info.rules)
2035282 - ET EXPLOIT TOTOLINK Realtek SDK RCE (CVE-2019-19824)
(exploit.rules)

Pro:

2851149 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-23 1) (trojan.rules)
2851150 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-23 2) (trojan.rules)
2851151 - ETPRO TROJAN VBS/TrojanDownloader.Agent Successful Payload
Download (trojan.rules)
2851152 - ETPRO TROJAN Koadic CnC Activity (POST) (trojan.rules)
2851153 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2022-02-23 (current_events.rules)
2851154 - ETPRO CURRENT_EVENTS Generic Credential Phish Landing Page
2022-02-23 (current_events.rules)
2851155 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Credential
Phishing 2022-02-23 (current_events.rules)
2851156 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Credential
Phishing 2022-02-23 (current_events.rules)

[///] Modified active rules: [///]

2849149 - ETPRO TROJAN ReverseRat 2.0 CnC Checkin (trojan.rules)

Date:
Summary title:
8 new OPEN, 16 new PRO (8 + 8) ReverseRAT 2.0, APT10, TOTOLINK Realtek SDK RCE (CVE-2019-19824), Koadic and VARIOUS Phishing sigs.