[***] Summary: [***]

12 new OPEN, 36 new PRO (12 + 24). CoinMiners, Jasper, Parallax, Raccoon Stealer, NGLite

Thanks: @ffforward

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034427 - ET TROJAN Jasper URI Path Observed M3 (trojan.rules)

2034428 - ET TROJAN Jasper URI Path Observed M4 (trojan.rules)

2034429 - ET TROJAN Observed Malicious SSL/TLS Certificate (Jasper CnC) (trojan.rules)

2034430 - ET TROJAN Parallax CnC Activity (set) M15 (trojan.rules)

2034431 - ET TROJAN Parallax CnC Response Activity M15 (trojan.rules)

2034432 - ET TROJAN Parallax CnC Activity (set) M16 (trojan.rules)

2034433 - ET TROJAN Parallax CnC Response Activity M16 (trojan.rules)

2034437 - ET TROJAN Win32/Trojan.Nymeria CnC (trojan.rules)

2034438 - ET TROJAN Possible NGLite Backdoor C2 Traffic (NKN) (trojan.rules)

Pro:

2850420 - ETPRO MALWARE MSIL/DrakiBot Checkin (malware.rules)

2850421 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-10 1) (trojan.rules)

2850422 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-10 2) (trojan.rules)

2850423 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-10 3) (trojan.rules)

2850424 - ETPRO TROJAN Unknown Spambot - Russian Language Targeting (Outbound Spam Template 1 - Email Body M1) (trojan.rules)

2850425 - ETPRO TROJAN Unknown Spambot - Russian Language Targeting (Outbound Spam Template 1 - Email Body M2) (trojan.rules)

2850426 - ETPRO TROJAN Unknown Spambot - Russian Language Targeting (Outbound Spam Template 1 - Email Body M3) (trojan.rules)

2850427 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-11 1) (trojan.rules)

2850428 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-11 2) (trojan.rules)

2850429 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-11 3) (trojan.rules)

2850433 - ETPRO INFO Suspicious Domain Status Check to changeip .com (info.rules)

2850434 - ETPRO INFO Suspicious LinkedIn Login M1 (info.rules)

2850435 - ETPRO INFO Suspicious LinkedIn Login M2 (info.rules)

2850436 - ETPRO INFO Suspicious LinkedIn Login M3 (info.rules)

2850437 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (teleliver .top) (trojan.rules)

2850438 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (livetelive .top) (trojan.rules)

2850439 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (tgrampro .top) (trojan.rules)

2850440 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (teleghost .top) (trojan.rules)

2850441 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (teleroom .top) (trojan.rules)

2850442 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telemir .top) (trojan.rules)

2850443 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (teletelo .top) (trojan.rules)

[///] Modified active rules: [///]

2032526 - ET TROJAN Parallax CnC Activity (set) M14 (trojan.rules)

2032527 - ET TROJAN Parallax CnC Response Activity M14 (trojan.rules)