[* * *]摘要:[* * *]

6新的OPEN, 43新的PRO(6 + 37)。DriverPack cve - 2021 - 3449、钴
罢工,
各种安卓/代理。BQ AsyncRAT, Win32 /偷窃者。公司,Win32 /代夫特陶器。BML,
各种RedLine, Coinminers,各种PHISH。

谢谢@z0ul_和@MichalKoczwara

请在以下网站分享问题、反馈和请求
https://feedback.emergingthreats.net/feedback

[+++]添加规则:[+++]

打开:

2032357 - 在DNS查询(Malware.rules)中的Malware驱动程序域域
2032358 - ET EXPLOIT Possible OpenSSL TLSv1.2 DoS Inbound (CVE-2021-3449)
(exploit.rules)
2032359 - ET INFO简短请求从DigitalOcean空间EXE
(info.rules)
2032360 - 等特洛伊木马钴罢工信标活动(Trojan.rules)
2032361 ET木马WebMonitor/RevCode RAT CnC域在DNS查找
(Trojan.rules)
2032362 - ET木马钴打击信标活动(木马.rules)

亲:

2847943 - etpro mobile_malware android piom checkin(mobile_malware.rules)
2847944 - etpro mobile_malware android.smforw.ff checkin
(mobile_malware.rules)
2847945 - etpro mobile_malware trojan-spy.androidos.agent.wj checkin
(mobile_malware.rules)
2847946 - etpro Mobile_Malware Android / Agent.BQX(TLS SNI)
(mobile_malware.rules)
2847947 - ETPRO MOBILE_MALWARE Android/Agent。BQX (tls sni
(mobile_malware.rules)
2847948 - ETPRO MOBILE_MALWARE Android/Agent。BQX (tls sni
(mobile_malware.rules)
2847949 - ETPRO MOBILE_MALWARE Android/Obfus。Rj (tls sni) 113
(mobile_malware.rules)
2847950 - ETPRO MOBILE_MALWARE Android/Agent。BQX (tls sni
(mobile_malware.rules)
2847951 - etpro mobile_malware android /代理.bqx(tls sni)5
(mobile_malware.rules)
2847952 - Atpro Current_Events可能的PII PHISH CABANOVA主持
2021-04-01 (current_events.rules)
2847953 - etpro信息http 200 stat代码,身体404(info.rules)
2847954 - ETPRO特洛伊钴击可锻C2(未知配置文件)
(Trojan.rules)
2847955 - ETPRO木马观察恶意SSL证书(AsyncRAT)
(Trojan.rules)
2847956 - etpro木马观察恶意SSL Cert(Asyncrat)
(Trojan.rules)
2847957 - ETPRO木马观察恶意SSL证书(AsyncRAT)
(Trojan.rules)
ETPRO CURRENT_EVENTS成功的区域银行钓鱼21-04-01
(current_events.rules)
ETPRO CURRENT_EVENTS可能PII Phish Cabanova托管
2021-04-01 (current_events.rules)
2847960 - etpro current_events成功的通用信用卡信息
网络钓鱼2021-04-01 (current_events.rules)
2847961 - ETPRO木马CoinMiner已知恶意层Authline
(2021-04-01 1)(Trojan.rules)
2847962 - ETPRO木马CoinMiner已知恶意层Authline
(2021-04-01 2) (trojan.rules)
2847963 - ETPRO木马CoinMiner已知恶意层Authline
(2021-04-01 3) (trojan.rules)
2847964 - ETPRO CURRENT_EVENTS成功的通用信用卡信息
网络钓鱼2021-04-01 (current_events.rules)
ETPRO CURRENT_EVENTS成功的美国银行钓鱼
2021-04-01 (current_events.rules)
2847966 - ETPRO CURRENT_EVENTS成功的美国银行钓鱼
2021-04-01 (current_events.rules)
2847967 - ETPRO木马Win32/Delf。BML变体心跳CnC活动
(Trojan.rules)
2847968 - ETPRO木马Win32/Delf。BML变体服务器列出CnC活动
(Trojan.rules)
2847969 - etpro木马win32 / delf.bml变体CNC活动(Trojan.rules)
2847970 - etpro木马MSIL / Agent.ul Variant CNC初始主机Checkin
(Trojan.rules)
2847971 - ETPRO木马MSIL/代理。UL变体CnC活动(木马。rules)
2847972 - etpro木马win32 / seareer.yec CNC活动M1(Trojan.rules)
2847973 - etpro木马win32 / stealer.yec CNC活动M2(Trojan.rules)
2847974 - etpro木马红线 - Requestsession(Trojan.rules)
2847975 - ETPRO木马RedLine - SubmitSession(木马.rules)
2847976 - etpro特洛伊红线 - 请求豪宅(Trojan.rules)
ETPRO TROJAN Observed Elysium Variant CnC Domain (powerins3rts .
.xyz在TLS SNI中)(troj .rules)
2847978 - etpro木马Win32 / Remcos Rat Checkin 701(Trojan.rules)
ETPRO木马Valyria Maldoc活动(GET)(木马.rules)

[---]残疾规则:[---]

2032343 - et Trojan valyria Maldoc活动(Get)(Trojan.rules)
2836902 - etpro木马怀疑apt33羽毛钓鱼相关的DNS查找
(Trojan.rules)
ETPRO木马Valyria Maldoc活动(GET)(木马.rules)

日期:
总结标题:
6新的OPEN, 43新的PRO(6 + 37)。DriverPack, CVE-2021-3449, Cobalt Strike,各种Android/Agent。BQ AsyncRAT, Win32 /偷窃者。公司,Win32 /代夫特陶器。BML,各种RedLine, Coinminers,各种PHISH。