[***] Summary: [***]

7 new OPEN, 11 new PRO (7 + 4). MosesStaff, Win32/QuasarRAT, Various
Phish, Others.

Thanks @BushidoToken, @Jane_0stin, @James_inthe_box, @FortiGuardLabs

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035209 - ET TROJAN MosesStaff APT Related Domain in DNS Lookup
(techzenspace .com) (trojan.rules)
2035210 - ET TROJAN MosesStaff APT Related Activity (POST) (trojan.rules)
2035211 - ET TROJAN Win32/QuasarRAT CnC Traffic (trojan.rules)
2035212 - ET CURRENT_EVENTS Successful Monzo Credential Phish M1
2022-02-17 (current_events.rules)
2035213 - ET CURRENT_EVENTS Successful Monzo Credential Phish M2
2022-02-17 (current_events.rules)
2035214 - ET CURRENT_EVENTS Successful Monzo Credential Phish M3
2022-02-17 (current_events.rules)
2035215 - ET CURRENT_EVENTS Monzo Credential Phish Landing Page
2022-02-17 (current_events.rules)

Pro:

2851129 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-17 1) (trojan.rules)
2851130 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-17 2) (trojan.rules)
2851131 - ETPRO TROJAN FinderBot Checkin/Requesting Payload M2
(trojan.rules)
2851132 - ETPRO TROJAN Win32/Trojan.Agent.FTEZ Downloader Activity
(trojan.rules)

[///] Modified active rules: [///]

2842411 - ETPRO TROJAN Suspected MEDUSA RAT CnC Response (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
7 new OPEN, 11 new PRO (7 + 4). MosesStaff, Win32/QuasarRAT, Various Phish, Others.