[***] Summary: [***]
16 new OPEN, 21 new PRO (16 + 5). Win32/AZORult, S400 RAT, Win32/VERTEX
Stealer, Others.
Thanks @RecordedFuture
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034050 - ET TROJAN Win32/AZORult V3.2 Client Checkin M22 (trojan.rules)
2034051 - ET TROJAN Win32/AZORult V3.2 Client Checkin M23 (trojan.rules)
2034052 - ET TROJAN Win32/AZORult V3.2 Client Checkin M24 (trojan.rules)
2034053 - ET TROJAN Win32/AZORult V3.3 Client Checkin M22 (trojan.rules)
2034054 - ET TROJAN Win32/AZORult V3.3 Client Checkin M23 (trojan.rules)
2034055 - ET TROJAN Win32/AZORult V3.3 Client Checkin M24 (trojan.rules)
2034056 - ET TROJAN Megalodon/Gomorrah/CosaNostra HTTP Bot CnC Exfil
(trojan.rules)
2034057 - ET TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2034058 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.me) (trojan.rules)
2034059 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.site) (trojan.rules)
2034060 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.info) (trojan.rules)
2034061 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.website) (trojan.rules)
2034062 - ET TROJAN TAG28 Associated CnC Domain in DNS Lookup (samuelblog
.xyz) (trojan.rules)
2034063 - ET TROJAN S400 RAT Client Checkin (trojan.rules)
2034064 - ET TROJAN S400 RAT Server Response (trojan.rules)
2034065 - ET TROJAN S400 RAT Client Checkin via Discord (trojan.rules)
Pro:
2850087 - ETPRO TROJAN Win32/VERTEX Stealer CnC Activity (GET)
(trojan.rules)
2850088 - ETPRO CURRENT_EVENTS BulletProofLink Form POST M1
(current_events.rules)
2850089 - ETPRO CURRENT_EVENTS BulletProofLink Form POST M2
(current_events.rules)
2850090 - ETPRO TROJAN Win32/Remcos RAT Checkin 754 (trojan.rules)
2850091 - ETPRO TROJAN Win32/Remcos RAT Checkin 755 (trojan.rules)
[///] Modified active rules: [///]
2018243 - ET TROJAN Havex RAT CnC Server Response (trojan.rules)
2018244 - ET TROJAN Havex RAT CnC Server Response HTML Tag (trojan.rules)
2027325 - ET TROJAN CobaltStrike SMB P2P Default Msagent Named Pipe
Interaction (trojan.rules)
2810655 - ETPRO TROJAN Trojan.Win32.SchwarzeSonne CnC Beacon
(trojan.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team