[***] Summary: [***]

4 new OPEN, 39 new PRO (4 + 35). Various Phishing, Konni Group

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.

[+++] Added rules: [+++]

Open:

2034852 - ET INFO URL Shortener Service Domain in DNS Lookup (s .id) (info.rules)

2034853 - ET TROJAN Konni Group CnC Domain in DNS Lookup (trojan.rules)

2034854 - ET TROJAN Konni Group CnC Domain in DNS Lookup (trojan.rules)

2034855 - ET TROJAN Konni Group CnC Domain in DNS Lookup (trojan.rules)

Pro:

2850792 - ETPRO CURRENT_EVENTS TrustWallet Phish Landing Page (current_events.rules)

2850793 - ETPRO INFO Request for Resource with APX Extension (info.rules)

2850794 - ETPRO CURRENT_EVENTS TrustWallet Phish Landing Page 2021-12-31 M2 (current_events.rules)

[///] Modified active rules: [///]

2031194 - ET TROJAN Suspected Snugy DNS Backdoor CnC Activity (Hostname Send) (trojan.rules)

2034829 - ET POLICY DNS Query for Observed CVE-2021-44228 Security Scanner Domain (dns .cyberwar .nl) (policy.rules)

2034831 - ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Security Scanner Domain (log4j. leakix .net) (attack_response.rules)

2810655 - ETPRO TROJAN Trojan.Win32.SchwarzeSonne CnC Beacon (trojan.rules)

2811967 - ETPRO TROJAN ReactorBot CnC Beacon (trojan.rules)

2849378 - ETPRO TROJAN Suspected DonotGroup Pult Downloader Activity M2 (trojan.rules)

[---] Disabled rules: [---]

2019203 - ET TROJAN Backdoor.Win32.PcClient.bal CnC (OUTBOUND) 3 (trojan.rules)

2807685 - ETPRO TROJAN Win32/Meredrop CnC (OUTBOUND) (trojan.rules)

2815143 - ETPRO TROJAN Bergard Checkin 2 (trojan.rules)

2850350 - ETPRO TROJAN MSIL/Agent.DPU Reverse Shell M3 (trojan.rules)