[***] Summary: [***]

7 new OPEN, 14 new PRO (7 + 7). DarkRATs, Cobalt Strike, and
44Cailber Stealer.

Thanks @mojoesec, @ESETresearch and @michalmalik

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033384 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)
2033385 - ET POLICY IP Check Domain (myexternalip .com in TLS SNI)
(policy.rules)
2033386 - ET POLICY IP Check Domain (freegeoip .live in TLS SNI)
(policy.rules)
2033387 - ET TROJAN Possible DarkRats Tor Traffic (trojan.rules)
2033388 - ET POLICY IPFS Domain (storage .snark .art in TLS SNI)
(policy.rules)
2033389 - ET TROJAN BOUNCEBEAM Backdoor CnC Activity (trojan.rules)
2033390 - ET TROJAN Observed BOUNCEBEAM Backdoor CnC Domain
(cloudflare .5156game .com in TLS SNI) (trojan.rules)

Pro:

2849369 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2849370 - ETPRO TROJAN MSIL/44CaliberStealer Zipped Data Exfil (trojan.rules)
2849373 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-22 1) (trojan.rules)
2849374 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-22 2) (trojan.rules)
2849375 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-22 3) (trojan.rules)
2849376 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-07-22 4) (trojan.rules)
2849377 - ETPRO CURRENT_EVENTS Successful Fifth Third Phish
2021-07-22 (current_events.rules)

[///] Modified active rules: [///]

2022550 - ET TROJAN Possible Malicious Macro DL EXE Feb 2016 (trojan.rules)
2022566 - ET TROJAN Possible Malicious Macro EXE DL AlphaNumL (trojan.rules)
2025766 - ET EXPLOIT CloudMe Sync Buffer Overflow (exploit.rules)
2030491 - ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M2
(Group String Len 2+) (trojan.rules)
2811721 - ETPRO TROJAN Banload Variant Download exe module (trojan.rules)

[---] Removed rules: [---]

2835193 - ETPRO POLICY Observed SSL Cert (External IP Lookup (www.
myexternalip .com)) (policy.rules)