[***] Summary: [***]
1 new OPEN, 9 new PRO (1 + 8). BazarLoader, CoinMiners, Phishing, SmokeLoader
Thanks @ShadowChasing1, @twinwavesec
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034342 - ET TROJAN Lazarus Related Maldoc Activity (trojan.rules)
Pro:
2850359 - ETPRO TROJAN Valyria Maldoc/BazarLoader Activity (GET) (trojan.rules)
2850360 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-04 1) (trojan.rules)
2850361 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-04 2) (trojan.rules)
2850364 - ETPRO TROJAN Suspected Inception Related Domain in DNS Lookup (trojan.rules)
2850365 - ETPRO TROJAN Maldoc Activity (GET) (trojan.rules)
2850366 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-11-04 (current_events.rules)
2850367 - ETPRO CURRENT_EVENTS Successful Generic Phish 2021-11-04 (current_events.rules)
2850368 - ETPRO MALWARE Observed SmokeLoader CnC Activity (malware.rules)
[///] Modified active rules: [///]
2837803 - ETPRO TROJAN ELF/AmendMiner CnC Activity (trojan.rules)
2848908 - ETPRO TROJAN Valyria Maldoc/BazarLoader Activity (GET) (trojan.rules)
[---] Removed rules: [---]
2848945 - ETPRO TROJAN Valyria Maldoc Activity (GET) (trojan.rules)