[***] Summary: [***]
4 new OPEN, 18 new PRO (4 + 14). Gamaredon, StrifeWater, Remcos, Coinminers
Thanks @malwareforme
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.
[+++] Added rules: [+++]
Open:
2035038 - ET INFO Doc Requesting Remote Template (.dot) (info.rules)
2035039 - ET TROJAN Gamaredon Related VBS Activity (GET) (trojan.rules)
2035040 - ET TROJAN StrifeWater RAT CnC Activity M2 (trojan.rules)
2035041 - ET TROJAN Win32/Variant.Zusy.402698 Checkin (trojan.rules)
Pro:
2851044 - ETPRO ATTACK_RESPONSE Suspicious Batch File Inbound - Repeated taskkill (attack_response.rules)
2851045 - ETPRO ATTACK_RESPONSE Suspicious Batch File Inbound - Repeated net stop (attack_response.rules)
2851046 - ETPRO ATTACK_RESPONSE Suspicious Batch File Inbound - Repeated Service Startup Disabled (attack_response.rules)
2851047 - ETPRO TROJAN Win32/Remcos RAT Checkin 769 (trojan.rules)
2851048 - ETPRO TROJAN Win32/Remcos RAT Checkin 770 (trojan.rules)
2851049 - ETPRO POLICY URL Shortening Domain in DNS Lookup (policy.rules)
2851050 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-02-02 1) (trojan.rules)
2851051 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-02-02 2) (trojan.rules)
2851052 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-02-02 3) (trojan.rules)
2851053 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-02-02 4) (trojan.rules)
2851054 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-02-02 5) (trojan.rules)
2851055 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-02-02 6) (trojan.rules)
2851056 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-02-02 7) (trojan.rules)
2851057 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-02-02 8) (trojan.rules)
[///] Modified active rules: [///]
2027832 - ET TROJAN HVNC BOT Detected (trojan.rules)
[---] Disabled rules: [---]
2851038 - ETPRO USER_AGENTS Websocket-Sharp User-Agent (websocket-sharp) (user_agents.rules)