[***] Summary: [***]

11 new OPEN, 32 new PRO (11 + 21). MysterySnail, Limbozar, Interactsh, PixStealer, PCRat/Gh0st, Various phishing

Thanks: @James_inthe_box, @Jane_0stin, @Securelist

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034192 - ET TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin (trojan.rules)

2034193 - ET TROJAN Win32/Agent.RTQ CnC Activity (trojan.rules)

2034194 - ET TROJAN DCRAT Activity (GET) (trojan.rules)

2034195 - ET TROJAN Win32/Limbozar Ransomware Activity (POST) (trojan.rules)

2034196 - ET INFO External IP Lookup Domain DNS Lookup (my-ip .io) (info.rules)

2034197 - ET TROJAN Win32/MysterySnail RAT CnC Domain in DNS Lookup (trojan.rules)

2034198 - ET INFO Interactsh Domain in DNS Lookup (.interact .sh) (info.rules)

2034199 - ET EXPLOIT Oracle BI Publisher Authentication Bypass (CVE-2019-2616) (exploit.rules)

2034200 - ET TROJAN Interactsh CnC Activity (trojan.rules)

2034201 - ET TROJAN Interactsh Control Panel (DNS) (trojan.rules)

2034202 - ET TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin M2 (trojan.rules)

Pro:

2850201 - ETPRO MOBILE_MALWARE Android Spy TA453 Checkin (mobile_malware.rules)

2850202 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BRS (TLS SNI) (mobile_malware.rules)

2850203 - ETPRO MOBILE_MALWARE AndroidOS/PixStealer.A (DNS Lookup) (mobile_malware.rules)

2850204 - ETPRO MOBILE_MALWARE AndroidOS/PixStealer.A (TLS SNI) (mobile_malware.rules)

2850205 - ETPRO MOBILE_MALWARE AndroidOS/PixStealer.A Checkin (mobile_malware.rules)

2850206 - ETPRO TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 109 (trojan.rules)

2850207 - ETPRO TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 109 KeepAlive (trojan.rules)

2850208 - ETPRO CURRENT_EVENTS Successful Chase Phish 2021-10-15 (current_events.rules)

2850209 - ETPRO CURRENT_EVENTS Successful First Financial Credit Union Phish 2021-10-15 (current_events.rules)

2850210 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-10-15 (current_events.rules)

[---] Removed rules: [---]

2850014 - ETPRO TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin (trojan.rules)

2850129 - ETPRO TROJAN Win32/Unk.HRESQ! MultiDownloader Checkin M2 (trojan.rules)

Date:
Summary title:
11 new OPEN, 32 new PRO (11 + 21). MysterySnail, Limbozar, Interactsh, PixStealer, PCRat/Gh0st, Various phishing