[***] Summary: [***]

16 new OPEN, 21 new PRO (16 + 5). Win32/AZORult, S400 RAT, Win32/VERTEX
Stealer, Others.

Thanks @RecordedFuture

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034050 - ET TROJAN Win32/AZORult V3.2 Client Checkin M22 (trojan.rules)
2034051 - ET TROJAN Win32/AZORult V3.2 Client Checkin M23 (trojan.rules)
2034052 - ET TROJAN Win32/AZORult V3.2 Client Checkin M24 (trojan.rules)
2034053 - ET TROJAN Win32/AZORult V3.3 Client Checkin M22 (trojan.rules)
2034054 - ET TROJAN Win32/AZORult V3.3 Client Checkin M23 (trojan.rules)
2034055 - ET TROJAN Win32/AZORult V3.3 Client Checkin M24 (trojan.rules)
2034056 - ET TROJAN Megalodon/Gomorrah/CosaNostra HTTP Bot CnC Exfil
(trojan.rules)
2034057 - ET TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2034058 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.me) (trojan.rules)
2034059 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.site) (trojan.rules)
2034060 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.info) (trojan.rules)
2034061 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.website) (trojan.rules)
2034062 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.xyz) (trojan.rules)
2034063 - ET TROJAN S400 RAT Client Checkin (trojan.rules)
2034064 - ET TROJAN S400 RAT Server Response (trojan.rules)
2034065 - ET TROJAN S400 RAT Client Checkin via Discord (trojan.rules)

Pro:

2850087 - ETPRO TROJAN Win32/VERTEX Stealer CnC Activity (GET)
(trojan.rules)
2850088 - ETPRO CURRENT_EVENTS BulletProofLink Form POST M1
(current_events.rules)
2850089 - ETPRO CURRENT_EVENTS BulletProofLink Form POST M2
(current_events.rules)
2850090 - ETPRO TROJAN Win32/Remcos RAT Checkin 754 (trojan.rules)
2850091 - ETPRO TROJAN Win32/Remcos RAT Checkin 755 (trojan.rules)

[///] Modified active rules: [///]

2018243 - ET TROJAN Havex RAT CnC Server Response (trojan.rules)
2018244 - ET TROJAN Havex RAT CnC Server Response HTML Tag (trojan.rules)
2027325 - ET TROJAN CobaltStrike SMB P2P Default Msagent Named Pipe
Interaction (trojan.rules)
2810655 - ETPRO TROJAN Trojan.Win32.SchwarzeSonne CnC Beacon
(trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
16 new OPEN, 21 new PRO (16 + 5). Win32/AZORult, S400 RAT, Win32/VERTEX Stealer, Others.