[***] Summary: [***]

6 new OPEN, 15 new PRO (6 + 9). Cobalt Strike, Datoploader, CoinMiners, Raccoon Stealer.

Thanks: @Max_Mal_, @ffforward, @CERT_FR

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034355 - ET TROJAN Datoploader Activity (GET) (trojan.rules)

2034356 - ET TROJAN Malicious Cobalt Strike SSL Certificate (cloudflace-network .digital) (trojan.rules)

2034357 - ET TROJAN Observed Cobalt Strike Domain in TLS SNI (stackpatc-technologies .digital) (trojan.rules)

2034358 - ET TROJAN Cobalt Strike Activity (GET) (trojan.rules)

2034359 - ET TROJAN Win32/LNK/Agent.GX Javascript Downloader M1 (trojan.rules)

2034360 - ET TROJAN Win32/LNK/Agent.GX Javascript Downloader M2 (trojan.rules)

Pro:

2850380 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-05 1) (trojan.rules)

2850381 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-05 2) (trojan.rules)

2850382 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 1) (trojan.rules)

2850383 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 2) (trojan.rules)

2850384 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 3) (trojan.rules)

2850385 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 4) (trojan.rules)

2850386 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-08 5) (trojan.rules)

2850387 - ETPRO TROJAN Win32.Raccoon Stealer Checkin M5 (trojan.rules)

2850388 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telestrong .top) (trojan.rules)

[///] Modified active rules: [///]

2019378 - ET TROJAN Gozi/BlackNet Checkin (trojan.rules)