[***] 概括: [***]
7个新的OPEN, 28个新的PRO(7 + 21)。各种偷窃者,Cobalt Strike,
BazaLoader,各种网络钓鱼。
请分享问题,反馈和请求
https://fedback.emergingThreats.net/fedback.
[+++]添加规则:[+++]
开放:
2032333 - ET恶意软件X-Files Stealer CnC Exfil活动(MALWARE .rules)
2032334 - et Trojan Win32.RAccoon偷窃机CNC域在TLS SNI中
(直videomart上)(trojan.rules)
2032335 ET木马钴打击信标活动(GET)(木马.rules)
2032336 ET木马钴打击信标活动(GET)(木马.rules)
2032337 - ET木马钴打击信标活动(GET)(木马.rules)
2032338 - 等特洛伊木马钴罢工信标活动(Get)(Trojan.rules)
2032339 - 等特洛伊钴罢工信标活动(WordPress
配置文件)(Trojan.rules)
正方观点:
2847830 - ETPRO信息可疑POST to .exe Without Referer (INFO .rules)
2847831 - ETPRO木马BazaLoader MalDoc CnC Checkin(木马.rules)
2847832 - ETPRO木马BazaLoader MalDoc检索有效载荷(木马.rules)
2847833 - ETPRO木马观察恶意SSL证书(BazaLoader CnC)
(trojan.rules)
2847834 - ETPRO USER_AGENTS观察到可疑用户代理
(user_agents.rules)
2847835 - etpro特洛伊木马巴萨瓦莱克数控活动(Trojan.rules)
2847836 - ETPRO木马观察恶意SSL证书(AsyncRAT)(木马.rules)
2847837 - ETPRO木马观察恶意SSL证书(AsyncRAT)(木马.rules)
2847838 - ETPRO木马观察恶意SSL证书(AsyncRAT)(木马.rules)
2847839 - etpro木马观察恶意SSL Cert(Asyncrat)(Trojan.rules)
2847840 - ETPRO CURRENT_EVENTS成功的Liberbank钓鱼21-03-26
(current_events.rules)
2847841 - ETPRO CURRENT_EVENTS成功SMBC JP Phish 21-03-26
(current_events.rules)
2847842 - etpro current_events成功的Outlook Web App Phish
2021-03-26(current_events.rules)
2847843 - ETPRO CURRENT_EVENTS成功的通用电子邮件更新钓鱼
2021-03-26(current_events.rules)
2847844 - ETPRO Trojan Coinminer已知的恶意Stratum authline
(2021-03-26 1) (trojan.rules)
2847845 - ETPRO木马CoinMiner已知恶意层Authline
(2021-03-26 2) (trojan.rules)
2847846 - ETPRO Trojan Coinminer已知的恶意Stratum authline
(2021-03-26 3)(Trojan.rules)
2847847 - etpro恶意软件win32 / spy.prelf.pr变体CNC活动
(malware.rules)
2847848 - ETPRO木马MSIL/PSW.Agent。QIM变体报告
通过SMTP(Trojan.rules)感染
2847849 - etpro木马im-cheater抢救通过smtp报告日志
(trojan.rules)
2847850 - etpro特洛伊木马未知的Pl窃贼通过SMTP报告日志
(trojan.rules)