[***] Summary: [***]

20 new OPEN, 28 new PRO (20 + 8) Collector Stealer, MICROPSIA,
MosaiqueRAT, and MoserPass.

Thanks @travisbgreen and @MichalKoczwara

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2032805 - ET TROJAN Win32/CollectorStealer CnC Exfil M2 (trojan.rules)
2032806 - ET TROJAN Observed DNS Query to MoserPass Download Domain
(passwordstate-18ed2 .kxcdn .com) (trojan.rules)
2032807 - ET TROJAN MSIL/MosaiqueRAT CnC Checkin (trojan.rules)
2032808 - ET MOBILE_MALWARE Possible Phenakite User-Agent
(mobile_malware.rules)
2032809 - ET MOBILE_MALWARE Phenakite Audio Upload CnC
(mobile_malware.rules)
2032810 - ET MOBILE_MALWARE Phenakite Image Upload CnC activity
(mobile_malware.rules)
2032811 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(linda-callaghan .icu) (trojan.rules)
2032812 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(mikkelbourke .pro) (trojan.rules)
2032813 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(scorerabbate .site) (trojan.rules)
2032814 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(overingtonray .info) (trojan.rules)
2032815 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(marwapetersson .info) (trojan.rules)
2032816 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(belcherjacky .info) (trojan.rules)
2032817 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(gallant-william .icu) (trojan.rules)
2032818 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(ansonwhitmore .live) (trojan.rules)
2032819 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(irenewansley .icu) (trojan.rules)
2032820 - ET TROJAN APT-C-23 MICROPSIA Variant CnC Domain in DNS Lookup
(norayowell .info) (trojan.rules)
2032821 - ET TROJAN MICROPSIA CnC Checkin M2 (trojan.rules)
2032822 - ET TROJAN MICROPSIA Screenshot Upload M2 (trojan.rules)
2032823 - ET TROJAN MICROPSIA Screenshot Upload M3 (trojan.rules)
2032824 - ET TROJAN Cobalt Strike Beacon Activity (Wordpress Profile)
(trojan.rules)

Pro:

2848290 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-23 1) (trojan.rules)
2848291 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-23 2) (trojan.rules)
2848292 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-23 3) (trojan.rules)
2848293 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-23 4) (trojan.rules)
2848294 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-04-23 5) (trojan.rules)
2848295 - ETPRO TROJAN Win32/Phorpiex.V CnC Activity M3 (trojan.rules)
2848296 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-04-23
(current_events.rules)
2848297 - ETPRO CURRENT_EVENTS Successful Instagram (FR) Phish 2021-04-23
(current_events.rules)

[///] Modified active rules: [///]

2841180 - ETPRO TROJAN Win32/Phorpiex.V CnC Activity M2 (trojan.rules)
2843421 - ETPRO TROJAN RedLine - GetUsers Request (trojan.rules)

Date:
Summary title:
20 new OPEN, 28 new PRO (20 + 8) Collector Stealer, MICROPSIA, MosaiqueRAT, and MoserPass.