[***] Summary: [***]
6 new OPEN, 15 new PRO (6 + 9). Cobalt Strike, Datoploader, CoinMiners, Raccoon Stealer.
Thanks: @Max_Mal_, @ffforward, @CERT_FR
Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034355 - ET TROJAN Datoploader Activity (GET) (trojan.rules)
2034356 - ET TROJAN Malicious Cobalt Strike SSL Certificate (cloudflace-network .digital) (trojan.rules)
2034357 - ET TROJAN Observed Cobalt Strike Domain in TLS SNI (stackpatc-technologies .digital) (trojan.rules)
2034358 - ET TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2034359 - ET TROJAN Win32/LNK/Agent.GX Javascript Downloader M1 (trojan.rules)
2034360 - ET TROJAN Win32/LNK/Agent.GX Javascript Downloader M2 (trojan.rules)
Pro:
2850380 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-05 1) (trojan.rules)
2850381 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-05 2) (trojan.rules)
2850382 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 1) (trojan.rules)
2850383 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 2) (trojan.rules)
2850384 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 3) (trojan.rules)
2850385 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 4) (trojan.rules)
2850386 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 5) (trojan.rules)
2850387 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M5 (trojan.rules)
2850388 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telestrong .top) (trojan.rules)
[///] Modified active rules: [///]
2019378 - ET TROJAN Gozi/BlackNet Checkin (trojan.rules)