[***] Summary: [***]

4 new OPEN, 18 new PRO (4 + 14). Win32/MiniMoose, MSIL/Black Hat,
Magniber, Cobalt Strike, others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033713 - ET TROJAN Cobalt Strike Beacon Observed (trojan.rules)
2033714 - ET TROJAN Observed Win32.Raccoon Stealer CnC Domain
(msresearchcenter .top in TLS SNI) (trojan.rules)
2033715 - ET TROJAN MSIL/Black Hat Worm Server Response (trojan.rules)
2033716 - ET TROJAN MSIL/Black Hat Worm Checkin (trojan.rules)

Pro:

2849599 - ETPRO TROJAN Win32/MiniMoose Checkin (GET) (trojan.rules)
2849600 - ETPRO TROJAN Win32/MiniMoose File Request (GET) (trojan.rules)
2849601 - ETPRO TROJAN Win32/MiniMoose CnC Activity (GetTask)
(trojan.rules)
2849602 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849603 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2849604 - ETPRO TROJAN Win32/SsStealer CnC Exfil (trojan.rules)
2849605 - ETPRO TROJAN Win32/Remcos Loader Requesting Payload
(trojan.rules)
2849606 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-12 1) (trojan.rules)
2849607 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-12 2) (trojan.rules)
2849608 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-12 3) (trojan.rules)
2849609 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-08-12 4) (trojan.rules)
2849610 - ETPRO TROJAN Win32/Vodkagats Loader Requesting Payload
(trojan.rules)
2849611 - ETPRO TROJAN Win32/Gminer CnC Checkin (trojan.rules)
2849612 - ETPRO TROJAN Suspected Magniber Ransomware Activity (GET)
(trojan.rules)

[///] Modified active rules: [///]

2033681 - ET EXPLOIT Microsoft Exchange Pre-Auth Path Confusion M1
(CVE-2021-31207) (exploit.rules)
2849149 - ETPRO TROJAN ReverseRat 2.0 CnC Checkin (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team