[***] Summary: [***]
39 new OPEN, 51 new PRO (39 + 12). Multiple Android droppers, Cobalt Strike, CEELOADER, Various Vulnerabilities.
Thanks: Kevin Ross
Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2034591 - ET MOBILE_MALWARE Trojan-Dropper.AndroidOS.Anatsa Checkin (mobile_malware.rules)
2034592 - ET MOBILE_MALWARE Android Brunhilda Dropper (protectionguardapp .club in DNS Lookup) (mobile_malware.rules)
2034593 - ET MOBILE_MALWARE Android Brunhilda Dropper (protectionguardapp .club in TLS SNI) (mobile_malware.rules)
2034594 - ET MOBILE_MALWARE Android Brunhilda Dropper (readyqrscanner .club in DNS Lookup) (mobile_malware.rules)
2034595 - ET MOBILE_MALWARE Android Brunhilda Dropper (readyqrscanner .club in TLS SNI) (mobile_malware.rules)
2034596 - ET MOBILE_MALWARE Android Brunhilda Dropper (flowdivison .club in DNS Lookup) (mobile_malware.rules)
2034597 - ET MOBILE_MALWARE Android Brunhilda Dropper (flowdivison .club in TLS SNI) (mobile_malware.rules)
2034598 - ET MOBILE_MALWARE Android Brunhilda Dropper (multifuctionscanner .club in DNS Lookup) (mobile_malware.rules)
2034599 - ET MOBILE_MALWARE Android Gymdrop Dropper (onlinefitnessanalysis .com in DNS Lookup) (mobile_malware.rules)
2034600 - ET MOBILE_MALWARE Android Brunhilda Dropper (multifuctionscanner .club in TLS SNI) (mobile_malware.rules)
2034601 - ET MOBILE_MALWARE Android Gymdrop Dropper (onlinefitnessanalysis .com in TLS SNI) (mobile_malware.rules)
2034602 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034603 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034604 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034605 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034606 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034607 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034608 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034609 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034610 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034611 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034612 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034613 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034614 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034615 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034616 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034617 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034618 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034619 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034620 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034621 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2034622 - ET TROJAN NOBELIUM (TA421) CnC Domain in DNS Lookup (trojan.rules)
2034623 - ET TROJAN NOBELIUM (TA421) CnC Domain in DNS Lookup (trojan.rules)
2034624 - ET TROJAN NOBELIUM (TA421) CEELOADER CnC Domain in DNS Lookup (trojan.rules)
2034625 - ET TROJAN NOBELIUM (TA421) CEELOADER CnC Domain in DNS Lookup (trojan.rules)
2034626 - ET EXPLOIT Exiftool RCE Inbound (CVE-2021-22204) (exploit.rules)
2034627 - ET EXPLOIT MS-Officecmd Remote Code Execution Attempt (exploit.rules)
2034628 - ET INFO Suspicious Response (MS-Officecmd) (info.rules)
2034629 - ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798) (exploit.rules)
Pro:
2850637 - ETPRO INFO Unusually Small PDF Upload (info.rules)
2850647 - ETPRO TROJAN Win32/Lmbmiad .ps1 Backdoor (trojan.rules)
[///] Modified active rules: [///]
2033050 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2033051 - ET TROJAN NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (trojan.rules)
2033052 - ET TROJAN NOBELIUM (TA421) EnvyScout Fingerprint Checkin (trojan.rules)
2034590 - ET EXPLOIT NodeBB Path Traversal (CVE-2021-43788) (exploit.rules)
2810607 - ETPRO TROJAN Upatre Retrieving encoded payload (Common Header Struct) (trojan.rules)