[***] Summary: [***]
6 new OPEN, 18 new PRO (6 + 12). Various NSO Pegasus, Win32/NitroStealer,
CHIYU IoT Devices, Win32/Remcos RAT, Various Phish, Coinminers.
Thanks: @ThingzEye
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2033357 - ET MOBILE_MALWARE NSO Pegasus iOS Activity (GET)
(mobile_malware.rules)
2033358 - ET MOBILE_MALWARE NSO Pegasus iOS CnC Domain in DNS Lookup
(opposedarrangement .net) (mobile_malware.rules)
2033359 - ET MOBILE_MALWARE NSO Pegasus iOS Megalodon Activity (GET)
(mobile_malware.rules)
2033360 - ET MOBILE_MALWARE NSO Pegasus iOS Megalodon Gatekeeper Activity
(GET) (mobile_malware.rules)
2033361 - ET TROJAN Win32/NitroStealer CnC Exfil M2 (trojan.rules)
2033362 - ET EXPLOIT CHIYU IoT Devices - Denial of Service (exploit.rules)
Pro:
2849323 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-07-19
(current_events.rules)
2849324 - ETPRO TROJAN Likely Evil Request for External IP Address
(trojan.rules)
2849325 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-15 1) (trojan.rules)
2849326 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-15 2) (trojan.rules)
2849327 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-15 3) (trojan.rules)
2849328 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-15 4) (trojan.rules)
2849329 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-15 5) (trojan.rules)
2849330 - ETPRO TROJAN Win32/Remcos RAT Checkin 732 (trojan.rules)
2849331 - ETPRO TROJAN Win32/Remcos RAT Checkin 733 (trojan.rules)
2849332 - ETPRO CURRENT_EVENTS Successful Credit Union West Phish
2021-07-19 (current_events.rules)
2849333 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-07-19
(current_events.rules)
2849334 - ETPRO TROJAN Possible MalDoc Retrieving Payload 2021-07-19
(trojan.rules)
[///] Modified active rules: [///]
2026040 - ET TROJAN CobaltStrike DNS Beacon Response (trojan.rules)