[***] Summary: [***]

8 new OPEN, 15 new PRO (8 + 7). Win32/Grimagent (PRO -> OPEN),
CobaltStrike (ICECANDLE, WHITEDAGGER, WEIRDLOOP), Remcos, COINMINERS.

Proofpoint is looking to hire a Product Manager to oversee the Emerging
Threats products group. Interested? Check out the posting here
<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;,
and reach out with any questions.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034179 - ET TROJAN Win32/Grimagent CnC Activity (trojan.rules)
2034180 - ET TROJAN Observed FIN12 Related Cobalt Strike Domain (netrie
.com in TLS SNI) (trojan.rules)
2034181 - ET TROJAN FIN12 Related ICECANDLE/Cobalt Strike Activity (GET)
(trojan.rules)
2034182 - ET TROJAN Observed FIN12 Related Domain (hdhuge .com in TLS
SNI) (trojan.rules)
2034183 - ET ATTACK_RESPONSE Obfuscated Batch Script Inbound M1
(attack_response.rules)
2034184 - ET ATTACK_RESPONSE Obfuscated Batch Script Inbound M2
(attack_response.rules)
2034185 - ET TROJAN FIN12 Related WHITEDAGGER/Cobalt Strike Beacon
Activity (GET) (trojan.rules)
2034186 - ET TROJAN FIN12 Related WEIRDLOOP/Cobalt Strike Beacon Activity
(GET) (trojan.rules)

Pro:

2850183 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-13 2) (trojan.rules)
2850184 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-13 3) (trojan.rules)
2850185 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-13 4) (trojan.rules)
2850186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-13 5) (trojan.rules)
2850187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-13 6) (trojan.rules)
2850188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-13 7) (trojan.rules)
2850189 - ETPRO TROJAN Win32/Remcos RAT Checkin 758 (trojan.rules)

[///] Modified active rules: [///]

2031133 - ET TROJAN Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert
Inbound (lol) (trojan.rules)
2031134 - ET TROJAN Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert
Inbound (office) (trojan.rules)
2031135 - ET TROJAN Possible UNC1878/FIN12 Cobalt Strike CnC SSL Cert
Inbound (Texsa) (trojan.rules)
2848299 - ETPRO TROJAN Win32/NitroStealer Variant CnC Exfil (trojan.rules)
2849219 - ETPRO TROJAN PCShare RAT Heartbeat from CnC (trojan.rules)
2849913 - ETPRO TROJAN Generic AsyncRAT Style SSL Cert (trojan.rules)

[---] Disabled rules: [---]

2850146 - ETPRO CURRENT_EVENTS Generic Redirect to Password Form
(current_events.rules)

[---] Removed rules: [---]

2845226 - ETPRO TROJAN Win32/Grimagent CnC Activity (trojan.rules)

Date:
Summary title:
8 new OPEN, 15 new PRO (8 + 7). Win32/Grimagent (PRO -> OPEN), CobaltStrike (ICECANDLE, WHITEDAGGER, WEIRDLOOP), Remcos, COINMINERS.