[***] Summary: [***]

7 new OPEN, 8 new PRO (7 + 1) MSIL/Revenge-RAT (Moved to Open),
Linux/Denonia, CVE-2022-0778.

Thanks @CadoSecurity, @switchingtoguns

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035885 - ET MALWARE MSIL/Revenge-RAT Keep-Alive Activity (Outbound)
M2 (malware.rules)
2035886 - ET MALWARE Linux/Denonia DNS Request Over HTTPS (denonia
.xyz) M2 (malware.rules)
2035887 - ET EXPLOIT Possible OpenSSL Infinite Loop Inducing Cert
Inbound via TCP (CVE-2022-0778) (exploit.rules)
2035888 - ET EXPLOIT Possible OpenSSL Infinite Loop Inducing Cert
Inbound via UDP (CVE-2022-0778) (exploit.rules)
2035889 - ET INFO Observed Commonly Abused Domain in DNS Lookup
(blogattach .naver .com) (info.rules)
2035890 - ET INFO Observed Commonly Abused Domain (blogattach .naver
.com in TLS SNI) (info.rules)
2035891 - ET MALWARE Linux/Denonia DNS Request Over HTTPS (denonia
.xyz) M1 (malware.rules)

Pro:

2851424 - ETPRO MALWARE Win32/Remcos RAT Checkin 789 (malware.rules)

[///] Modified active rules: [///]

2018244 - ET MALWARE Havex RAT CnC Server Response HTML Tag (malware.rules)
2018284 - ET MALWARE Self-Signed Cert Observed in Various Zbot
Strains (malware.rules)
2035124 - ET PHISHING Standard Bank Login Phish 2022-02-04 (phishing.rules)
2035604 - ET MALWARE Observed DNS Query to
Win32/TrojanDownloader.Agent.GEM Domain (malware.rules)
2035606 - ET MALWARE Win32/TrojanDownloader.Agent.GEM CnC Domain
Fetch (malware.rules)
2805998 - ETPRO MALWARE W32/Rodecap.BA connectivity Check (malware.rules)

[---] Removed rules: [---]

2035780 - ET MALWARE Pegasus Domain in DNS Lookup (alrai .com) (malware.rules)
2841114 - ETPRO MALWARE MSIL/Revenge-RAT Keep-Alive Activity
(Outbound) M2 (malware.rules)
2851412 - ETPRO PHISHING Sidewinder Credential Phish Landing Page M1
2022-04-07 (phishing.rules)