[***] Summary: [***]

6 new OPEN, 11 new PRO (6 + 5). CVE-2022-27925, Remcos, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038502 - ET EXPLOIT Possible Zavio IP Camera OS Command Injection
Attempt Inbound (CVE-2013-2568) (exploit.rules)
2038503 - ET HUNTING Outbound POST Request with Zipped Directory
Traversal Filename (hunting.rules)
2038504 - ET EXPLOIT Possible Zimbra RCE Attempt Inbound (CVE-2022-27925)
(exploit.rules)
2038505 - ET INFO File Sharing Service Domain in DNS Lookup (link
.storjshare .io) (info.rules)
2038506 - ET INFO Observed File Sharing Service Domain (link .storjshare
.io in TLS SNI) (info.rules)
2038507 - ET USER_AGENTS Suspicious User-Agent (Hello World)
(user_agents.rules)

Pro:

2852080 - ETPRO MALWARE Win32/Remcos RAT Checkin 825 (malware.rules)
2852081 - ETPRO MALWARE Win32/Remcos RAT Checkin 826 (malware.rules)
2852082 - ETPRO MALWARE MSIL/Kryptik.AFZC CnC Activity (malware.rules)

[---] Removed rules: [---]

2807470 - ETPRO MALWARE Win32/Dokstormac.B Checkin 2 (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
6 new OPEN, 11 new PRO (6 + 5). CVE-2022-27925, Remcos, Others.