[***] Summary: [***]
12 new OPEN, 36 new PRO (12 + 24). CoinMiners, Jasper, Parallax, Raccoon Stealer, NGLite
Thanks: @ffforward
Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034427 - ET TROJAN Jasper URI Path Observed M3 (trojan.rules)
2034428 - ET TROJAN Jasper URI Path Observed M4 (trojan.rules)
2034429 - ET TROJAN Observed Malicious SSL/TLS Certificate (Jasper CnC) (trojan.rules)
2034430 - ET TROJAN Parallax CnC Activity (set) M15 (trojan.rules)
2034431 - ET TROJAN Parallax CnC Response Activity M15 (trojan.rules)
2034432 - ET TROJAN Parallax CnC Activity (set) M16 (trojan.rules)
2034433 - ET TROJAN Parallax CnC Response Activity M16 (trojan.rules)
2034437 - ET TROJAN Win32/Trojan.Nymeria CnC (trojan.rules)
2034438 - ET TROJAN Possible NGLite Backdoor C2 Traffic (NKN) (trojan.rules)
Pro:
2850420 - ETPRO MALWARE MSIL/DrakiBot Checkin (malware.rules)
2850421 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-10 1) (trojan.rules)
2850422 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-10 2) (trojan.rules)
2850423 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-10 3) (trojan.rules)
2850424 - ETPRO TROJAN Unknown Spambot - Russian Language Targeting (Outbound Spam Template 1 - Email Body M1) (trojan.rules)
2850425 - ETPRO TROJAN Unknown Spambot - Russian Language Targeting (Outbound Spam Template 1 - Email Body M2) (trojan.rules)
2850426 - ETPRO TROJAN Unknown Spambot - Russian Language Targeting (Outbound Spam Template 1 - Email Body M3) (trojan.rules)
2850427 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-11 1) (trojan.rules)
2850428 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-11 2) (trojan.rules)
2850429 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-11-11 3) (trojan.rules)
2850433 - ETPRO INFO Suspicious Domain Status Check to changeip .com (info.rules)
2850434 - ETPRO INFO Suspicious LinkedIn Login M1 (info.rules)
2850435 - ETPRO INFO Suspicious LinkedIn Login M2 (info.rules)
2850436 - ETPRO INFO Suspicious LinkedIn Login M3 (info.rules)
2850437 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (teleliver .top) (trojan.rules)
2850438 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (livetelive .top) (trojan.rules)
2850439 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (tgrampro .top) (trojan.rules)
2850440 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (teleghost .top) (trojan.rules)
2850441 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (teleroom .top) (trojan.rules)
2850442 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (telemir .top) (trojan.rules)
2850443 - ETPRO TROJAN Win32.Raccoon Stealer - Telegram Mirror Checkin (teletelo .top) (trojan.rules)
[///] Modified active rules: [///]
2032526 - ET TROJAN Parallax CnC Activity (set) M14 (trojan.rules)
2032527 - ET TROJAN Parallax CnC Response Activity M14 (trojan.rules)