[***] Summary: [***]
8 new OPEN, 16 new PRO (8 + 8) ReverseRAT 2.0, APT10, TOTOLINK Realtek
SDK RCE (CVE-2019-19824), Koadic and VARIOUS Phishing sigs.
Thanks @malwrhunterteam and @JAMESWT_MHT
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2035275 - ET TROJAN ReverseRat 2.0 CnC Checkin M2 (trojan.rules)
2035276 - ET TROJAN APT10 Related Domain in DNS Lookup (microsofts .cc)
(trojan.rules)
2035277 - ET TROJAN APT10 Related Domain in DNS Lookup (08mma .com)
(trojan.rules)
2035278 - ET TROJAN APT10 Related Domain in DNS Lookup (microsofts .top)
(trojan.rules)
2035279 - ET TROJAN APT10 Related Domain in DNS Lookup (3mmlq .com)
(trojan.rules)
2035280 - ET TROJAN APT10 Related Domain in DNS Lookup (7cnbo .com)
(trojan.rules)
2035281 - ET INFO URL Shortener Service Domain in DNS Lookup (u .to)
(info.rules)
2035282 - ET EXPLOIT TOTOLINK Realtek SDK RCE (CVE-2019-19824)
(exploit.rules)
Pro:
2851149 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-23 1) (trojan.rules)
2851150 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-23 2) (trojan.rules)
2851151 - ETPRO TROJAN VBS/TrojanDownloader.Agent Successful Payload
Download (trojan.rules)
2851152 - ETPRO TROJAN Koadic CnC Activity (POST) (trojan.rules)
2851153 - ETPRO CURRENT_EVENTS Successful Generic Credential Phish
2022-02-23 (current_events.rules)
2851154 - ETPRO CURRENT_EVENTS Generic Credential Phish Landing Page
2022-02-23 (current_events.rules)
2851155 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Credential
Phishing 2022-02-23 (current_events.rules)
2851156 - ETPRO CURRENT_EVENTS Successful Microsoft Office 365 Credential
Phishing 2022-02-23 (current_events.rules)
[///] Modified active rules: [///]
2849149 - ETPRO TROJAN ReverseRat 2.0 CnC Checkin (trojan.rules)