This March, malware researcher Kafeine found a new version of Astrum that exploited CVE-2017-0022. Using CVE-2017-0022, attackers were able to test for the presence of antivirus and malware analysis tools on a victim's computer by exploiting a vulnerability in Microsoft's XML Core Services (MSXML).
It was also updated in April to further evade security researchers by preventing them from replaying malicious network traffic for analysis.
Research suggests that the Astrum EK is not currently being used to target the general public, as the amount of traffic is very low and the payloads are not from well-known malware families.
Enabling any of these new targets to your user policy will add protection against the associated threat to your ThreatSTOP DNS and IP Firewall Services. If you do not have a ThreatSTOP account for a free trial.