[***] Summary: [***]

15 new OPEN, 16 new PRO (15 + 1) NetGear CVE-2017-6862, EvilProxy, and
ErbiumStealer.

Thanks @h2jazi, @twinwavesec, @moodYmOnster8

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038736 - ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound
(CVE-2017-6862) (exploit.rules)
2038737 - ET PHISHING [TW] EvilProxy AiTM Microsoft HTTP HOST Struct M1
(phishing.rules)
2038738 - ET PHISHING [TW] EvilProxy AiTM Microsoft HTTP HOST Struct M2
(phishing.rules)
2038739 - ET PHISHING [TW] EvilProxy AiTM Microsoft HTTP HOST Struct M3
(phishing.rules)
2038740 - ET MALWARE Evilnum APT Related Domain in DNS Lookup (image
.jamespage .net) (malware.rules)
2038741 - ET INFO URL Shortening Service Domain in DNS Lookup (www
.temporary-url .com) (info.rules)
2038742 - ET INFO Observed URL Shortening Service Domain (www
.temporary-url .com in TLS SNI) (info.rules)
2038743 - ET MALWARE Suspected Win32/TinyFluff/TinyNode Activity
(Outbound) (malware.rules)
2038744 - ET PHISHING Successful Generic Credential Phish (.ngrok .io)
(phishing.rules)
2038745 - ET MALWARE ErbiumStealer Response From Panel (malware.rules)
2038746 - ET MALWARE ErbiumStealer Response From CnC (malware.rules)
2038747 - ET MALWARE ErbiumStealer CnC Domain (ozaron .beget .tech) in
DNS Lookup (malware.rules)
2038748 - ET MALWARE Observed ErbiumStealer Domain (ozaron .beget .tech)
in TLS SNI (malware.rules)
2038749 - ET MALWARE ErbiumStealer CnC Domain (a0715952 .xsph .ru) in DNS
Lookup (malware.rules)
2038750 - ET MALWARE Trojan.Proxy.Small.Z CnC Checkin (malware.rules)

Pro:

2852299 - ETPRO MALWARE Generik.NAVLSNC Powershell Stealer CnC Activity
(malware.rules)

[///] Modified active rules: [///]

2026909 - ET PHISHING Suspicious CVV Parameter in HTTP POST - Possible
Phishing (phishing.rules)