[***] Summary: [***]
6 new OPEN, 11 new PRO (6 + 5). CVE-2022-27925, Remcos, Others.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2038502 - ET EXPLOIT Possible Zavio IP Camera OS Command Injection
Attempt Inbound (CVE-2013-2568) (exploit.rules)
2038503 - ET HUNTING Outbound POST Request with Zipped Directory
Traversal Filename (hunting.rules)
2038504 - ET EXPLOIT Possible Zimbra RCE Attempt Inbound (CVE-2022-27925)
(exploit.rules)
2038505 - ET INFO File Sharing Service Domain in DNS Lookup (link
.storjshare .io) (info.rules)
2038506 - ET INFO Observed File Sharing Service Domain (link .storjshare
.io in TLS SNI) (info.rules)
2038507 - ET USER_AGENTS Suspicious User-Agent (Hello World)
(user_agents.rules)
Pro:
2852080 - ETPRO MALWARE Win32/Remcos RAT Checkin 825 (malware.rules)
2852081 - ETPRO MALWARE Win32/Remcos RAT Checkin 826 (malware.rules)
2852082 - ETPRO MALWARE MSIL/Kryptik.AFZC CnC Activity (malware.rules)
[---] Removed rules: [---]
2807470 - ETPRO MALWARE Win32/Dokstormac.B Checkin 2 (malware.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team