[***] Summary: [***]

4 new OPEN, 13 new PRO (4 + 9). Muhstik, Mirai, DarkWatchman,
Multiple Android, and Loozer Stealer.

Thanks @360Netlab, @prevailion, @TheDFIRReport

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034743 - ET TROJAN ELF/Muhstik Botnet CnC Activity (trojan.rules)
2034744 - ET TROJAN ELF/Mirai Botnet CnC Activity (trojan.rules)
2034745 - ET TROJAN Win32/DarkWatchman C2 CheckIn (trojan.rules)
2034746 - ET TROJAN Octopus Backdoor Related Domain in DNS Lookup
(trojan.rules)

Pro:

2850697 - ETPRO MOBILE_MALWARE Android/Monitor.MobileTracker.P
Checkin (mobile_malware.rules)
2850698 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.aah
Checkin (mobile_malware.rules)
2850699 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.aah
Checkin 2 (mobile_malware.rules)
2850700 - ETPRO TROJAN RedLine Stealer Related Activity (GET) (trojan.rules)
2850701 - ETPRO TROJAN Loozer Stealer Activity M3 (trojan.rules)
2850702 - ETPRO TROJAN Loozer Stealer Activity M4 (trojan.rules)
2850703 - ETPRO TROJAN Loozer Stealer Activity M5 (trojan.rules)
2850704 - ETPRO TROJAN Loozer Stealer Activity M6 (trojan.rules)
2850705 - ETPRO CURRENT_EVENTS Generic Bank Phish Activity
2021-12-16 (current_events.rules)

[///] Modified active rules: [///]

2003055 - ET POLICY Suspicious FTP 220 Banner on Local Port (-) (policy.rules)
2034718 - ET POLICY RMI Request Outbound (policy.rules)
2833611 - ETPRO CURRENT_EVENTS Inbound JS Downloader Using
Wscript.Shell with Bitsadmin Transfer M1 (current_events.rules)
2850685 - ETPRO TROJAN Loozer Stealer Activity M1 (trojan.rules)
2850686 - ETPRO TROJAN Loozer Stealer Activity M2 (trojan.rules)