[***] Summary: [***]

9 new OPEN, 18 new PRO (9 + 9). MooBot/Mirai, CobaltStrike, BazarLoader,
Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034638 - ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M3
(trojan.rules)
2034639 - ET TROJAN ELF/MooBot Mirai DDoS Variant Server Keep Alive
(trojan.rules)
2034640 - ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response M2
(trojan.rules)
2034641 - ET INFO Base64 Encoded ipconfig sent via HTTP POST M1
(info.rules)
2034642 - ET INFO Base64 Encoded ipconfig sent via HTTP POST M2
(info.rules)
2034643 - ET INFO Base64 Encoded ipconfig sent via HTTP POST M3
(info.rules)
2034644 - ET MALWARE Win32/RemoteUtilities Checkin via SMTP M2
(malware.rules)
2034645 - ET TROJAN APT15/NICKEL Related CnC Activity (POST)
(trojan.rules)
2034646 - ET TROJAN Cobalt Strike Beacon Activity (GET) (trojan.rules)

Pro:

2850656 - ETPRO TROJAN MSIL/Spy.Keylogger.DVQ Checkin (trojan.rules)
2850657 - ETPRO TROJAN Valyria Maldoc/BazarLoader Activity (GET)
(trojan.rules)

[///] Modified active rules: [///]

2025659 - ET INFO Suspicious Dropbox Page - Possible Phishing Landing
(info.rules)
2034577 - ET EXPLOIT [CISA AA21-336A] Zoho ManageEngine ServiceDesk
Possible Exploitation Activity (CVE-2021-44077) (exploit.rules)
2829700 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2018-02-16
(current_events.rules)
2837560 - ETPRO CURRENT_EVENTS Successful DHL Phish 2019-07-17
(current_events.rules)
2846941 - ETPRO CURRENT_EVENTS Successful Generic Secure Message Center
Phish 2021-02-05 (current_events.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team