[***] Summary: [***]
5 new OPEN, 17 new PRO (5 + 12). Kimsuky, CVE-2015-4852 T3, Coin Miners,
Others.
Thanks @ShadowChasing1, @c_APT_ure
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2035204 - ET EXPLOIT Oracle Weblogic Server Deserialization RCE T3
(CVE-2015-4852) (exploit.rules)
2035205 - ET MALWARE Win32/2144FlashPlayer.E Checkin (malware.rules)
2035206 - ET TROJAN Kimsuky APT Related Activity (GET) (trojan.rules)
2035207 - ET TROJAN MSIL/GenKryptik.FQRH Download Request (trojan.rules)
2035208 - ET INFO Namecheap URL Forward (info.rules)
Pro:
2851117 - ETPRO ATTACK_RESPONSE Suspicious PowerShell File Inbound -
Win32_Processor Queries (attack_response.rules)
2851118 - ETPRO ATTACK_RESPONSE Suspicious PowerShell File Inbound -
ExecutionPolicy Bypass (attack_response.rules)
2851119 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 1) (trojan.rules)
2851120 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 2) (trojan.rules)
2851121 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 3) (trojan.rules)
2851122 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 4) (trojan.rules)
2851123 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 5) (trojan.rules)
2851124 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 6) (trojan.rules)
2851125 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 7) (trojan.rules)
2851126 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-16 8) (trojan.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team