[***] Summary: [***]

3 new OPEN, 8 new PRO (3 + 5). PurpleFox, Phishing, VBS Dropper

Proofpoint is looking to hire a Product Manager to oversee the Emerging Threats products group. Interested? Check out the posting here<https://proofpoint.wd5.myworkdayjobs.com/ProofpointCareers/job/Sunnyval…;, and reach out with any questions.

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.

[+++] Added rules: [+++]

Open:

2034856 - ET TROJAN PurpleFox Backdoor/Rootkit Download Server Response (trojan.rules)

2034857 - ET INFO RDP Authentication Bypass Attempt (info.rules)

2034858 - ET INFO Observed URL Shortening Service Domain (s .id in TLS SNI) (info.rules)

Pro:

2850795 - ETPRO INFO BAT File Download Request via Powershell (info.rules)

2850796 - ETPRO INFO BatchGotAdmin Script Downloaded (info.rules)

2850797 - ETPRO CURRENT_EVENTS TrustWallet Phish Landing Page 2021-12-31 M1 (current_events.rules)

2850798 - ETPRO INFO VBS Dropper Suspicious Request M1 (info.rules)

2850799 - ETPRO INFO VBS Dropper Suspicious Request M2 (info.rules)

[///] Modified active rules: [///]

2850718 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2021-12-21 11) (trojan.rules)

[---] Disabled and modified rules: [---]

2021013 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC) (trojan.rules)

2022535 - ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules)