[***] Summary: [***]

8 new OPEN, 13 new PRO (8 + 5). BazaLoader, CoinMiners, Android, and more.

Thanks: @JAMESWT_MHT, @Jane_0stin, @malwareforme

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034334 - ET TROJAN APT-C-59 Related Domain in DNS Lookup (trojan.rules)

2034335 - ET POLICY Observed Connection Manager Administration Kit (cmdl32.exe) User-Agent (policy.rules)

2034336 - ET WEB_CLIENT Suspicious PHP UNZIP Tool Accessed on External Possibly Compromised Server (web_client.rules)

2034337 - ET WEB_SERVER Suspicious PHP UNZIP Tool Accessed on Internal Possibly Compromised Server (web_server.rules)

2034338 - ET TROJAN Downloaded .bat Disables Windows Defender (trojan.rules)

2034339 - ET TROJAN Downloaded .bat Disables Real Time Monitoring (trojan.rules)

2034340 - ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET (malware.rules)

2034341 - ET MALWARE Trojan-Dropper.MSIL CnC Traffic - POST (malware.rules)

Pro:

2850354 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BVW Reporting Location (mobile_malware.rules)

2850355 - ETPRO POLICY Android Device Connectivity Check (policy.rules)

2850356 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-02 1) (trojan.rules)

2850357 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-02 2) (trojan.rules)

2850358 - ETPRO TROJAN BazaLoader Activity (POST) (trojan.rules)

[///] Modified active rules: [///]

2019232 - ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers (web_server.rules)

2849219 - ETPRO TROJAN PCShare RAT Heartbeat from CnC (trojan.rules)

[///] Modified inactive rules: [///]

2033733 - ET EXPLOIT Microsoft Windows VBScript Engine VbsErase Memory Corruption (CVE-2019-0667) (exploit.rules)

[---] Removed rules: [---]

2832603 - ETPRO POLICY Android Device Connectivity Check (policy.rules)

Date:
Summary title:
8 new OPEN, 13 new PRO (8 + 5). BazaLoader, CoinMiners, Android, and more.