[***] Summary: [***]

13 new OPEN, 15 new PRO (13 + 2). Various Let's Encrypt Cert States,
Go/Anubis, Win32/DarkWatchman, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035184 - ET TROJAN Go/Anubis Registration Activity (trojan.rules)
2035185 - ET TROJAN Go/Anubis CnC Activity (POST) (trojan.rules)
2035186 - ET TROJAN Win32/DarkWatchman Activity (POST) (trojan.rules)
2035187 - ET TROJAN Suspected RULER.Hacktool HTML Payload (trojan.rules)
2035188 - ET TROJAN Win32/Spy.Socelars.S CnC Activity M4 (GET)
(trojan.rules)
2035189 - ET INFO Observed Let's Encrypt Certificate from Retired
Intermediate (info.rules)
2035190 - ET INFO Observed Let's Encrypt Certificate from Active
Intermediate, R3 (info.rules)
2035191 - ET INFO Observed Let's Encrypt Certificate from Active
Intermediate, E1 (info.rules)
2035192 - ET INFO Observed Let's Encrypt Certificate from Backup
Intermediate, R4 (info.rules)
2035193 - ET INFO Observed Let's Encrypt Certificate from Backup
Intermediate, E2 (info.rules)
2035194 - ET EXPLOIT Possible Moxa MxView RCE Attempt (CVE-2021-38454)
(exploit.rules)
2035195 - ET TROJAN Suspicious Domain (judgebryantweekes .com) in TLS SNI
(trojan.rules)
2035196 - ET TROJAN Suspicious Domain (lawyeryouwant .com) in TLS SNI
(trojan.rules)

Pro:

[///] Modified active rules: [///]

2034192 - ET TROJAN Win32/Spy.Socelars.S CnC Activity M3 (trojan.rules)
2034745 - ET TROJAN Win32/DarkWatchman Checkin Activity (POST)
(trojan.rules)
2841528 - ETPRO TROJAN MSIL/Agent.TQA CnC Checkin (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team