[***] Summary: [***]
11 new OPEN, 32 new PRO (11 + 21). MysterySnail, Limbozar, Interactsh, PixStealer, PCRat/Gh0st, Various phishing
Thanks: @James_inthe_box, @Jane_0stin, @Securelist
Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034192 - ET TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin (trojan.rules)
2034193 - ET TROJAN Win32/Agent.RTQ CnC Activity (trojan.rules)
2034194 - ET TROJAN DCRAT Activity (GET) (trojan.rules)
2034195 - ET TROJAN Win32/Limbozar Ransomware Activity (POST) (trojan.rules)
2034196 - ET INFO External IP Lookup Domain DNS Lookup (my-ip .io) (info.rules)
2034197 - ET TROJAN Win32/MysterySnail RAT CnC Domain in DNS Lookup (trojan.rules)
2034198 - ET INFO Interactsh Domain in DNS Lookup (.interact .sh) (info.rules)
2034199 - ET EXPLOIT Oracle BI Publisher Authentication Bypass (CVE-2019-2616) (exploit.rules)
2034200 - ET TROJAN Interactsh CnC Activity (trojan.rules)
2034201 - ET TROJAN Interactsh Control Panel (DNS) (trojan.rules)
2034202 - ET TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin M2 (trojan.rules)
Pro:
2850201 - ETPRO MOBILE_MALWARE Android Spy TA453 Checkin (mobile_malware.rules)
2850202 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRS (TLS SNI) (mobile_malware.rules)
2850203 - ETPRO MOBILE_MALWARE AndroidOS/PixStealer.A (DNS Lookup) (mobile_malware.rules)
2850204 - ETPRO MOBILE_MALWARE AndroidOS/PixStealer.A (TLS SNI) (mobile_malware.rules)
2850205 - ETPRO MOBILE_MALWARE AndroidOS/PixStealer.A Checkin (mobile_malware.rules)
2850206 - ETPRO TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 109 (trojan.rules)
2850207 - ETPRO TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 109 KeepAlive (trojan.rules)
2850208 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-10-15 (current_events.rules)
2850209 - ETPRO CURRENT_EVENTS Successful First Financial Credit Union Phish 2021-10-15 (current_events.rules)
2850210 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-15 (current_events.rules)
[---] Removed rules: [---]
2850014 - ETPRO TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin (trojan.rules)
2850129 - ETPRO TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin M2 (trojan.rules)