[***] Summary: [***]
37 new OPEN, 38 new PRO (37 + 1). NOBELIUM CS Profile, Gamaredon
Activity, Various URL Shorteners, Various Others.
Thanks @Anomali
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2035216 - ET TROJAN NOBELIUM - Cobalt Strike Malleable Profile M2
(trojan.rules)
2035217 - ET TROJAN test CnC Domain in DNS Lookup (trojan.rules)
2035218 - ET TROJAN Suspected Gamaredon APT Related Maldoc Activity (GET)
(trojan.rules)
2035219 - ET TROJAN Win32/Pterodo Activity (POST) (trojan.rules)
2035220 - ET TROJAN Win32/Pterodo Activity (POST) (trojan.rules)
2035221 - ET TROJAN Gamaredon APT Related Maldoc Activity (GET)
(trojan.rules)
2035222 - ET TROJAN Gamaredon APT Related Maldoc Activity (GET)
(trojan.rules)
2035223 - ET TROJAN Win32/Trojan.Valyria.6015 CnC Activity (GET)
(trojan.rules)
2035224 - ET INFO URL Shortener Service Domain in DNS Lookup (wa .sv)
(info.rules)
2035225 - ET INFO URL Shortener Service Domain in DNS Lookup (in .sv)
(info.rules)
2035226 - ET INFO URL Shortener Service Domain in DNS Lookup (fl .sv)
(info.rules)
2035227 - ET INFO URL Shortener Service Domain in DNS Lookup (vk .sv)
(info.rules)
2035228 - ET INFO URL Shortener Service Domain in DNS Lookup (2 .ua)
(info.rules)
2035229 - ET INFO URL Shortener Service Domain in DNS Lookup (fb .sv)
(info.rules)
2035230 - ET INFO URL Shortener Service Domain in DNS Lookup (lc .sv)
(info.rules)
2035231 - ET INFO URL Shortener Service Domain in DNS Lookup (cli .co)
(info.rules)
2035232 - ET INFO URL Shortener Service Domain in DNS Lookup (tg .sv)
(info.rules)
2035233 - ET INFO URL Shortener Service Domain in DNS Lookup (dl .sv)
(info.rules)
2035234 - ET INFO URL Shortener Service Domain in DNS Lookup (qq .sv)
(info.rules)
2035235 - ET INFO URL Shortener Service Domain in DNS Lookup (tt .sv)
(info.rules)
2035236 - ET INFO URL Shortener Service Domain in DNS Lookup (ai .sv)
(info.rules)
2035237 - ET INFO URL Shortener Service Domain in DNS Lookup (do .sv)
(info.rules)
2035238 - ET INFO URL Shortener Service Domain in DNS Lookup (youlinkto
.com) (info.rules)
2035239 - ET INFO URL Shortener Service Domain in DNS Lookup (me .sv)
(info.rules)
2035240 - ET INFO URL Shortener Service Domain in DNS Lookup (bd .sv)
(info.rules)
2035241 - ET INFO URL Shortener Service Domain in DNS Lookup (link .sv)
(info.rules)
2035242 - ET INFO URL Shortener Service Domain in DNS Lookup (go .sv)
(info.rules)
2035243 - ET INFO URL Shortener Service Domain in DNS Lookup (tra-ta-ta.it
.com) (info.rules)
2035244 - ET INFO URL Shortener Service Domain in DNS Lookup (id .sv)
(info.rules)
2035245 - ET INFO URL Shortener Service Domain in DNS Lookup (to .sv)
(info.rules)
2035246 - ET INFO URL Shortener Service Domain in DNS Lookup (rt .sv)
(info.rules)
2035247 - ET INFO URL Shortener Service Domain in DNS Lookup (wc .sv)
(info.rules)
2035248 - ET INFO URL Shortener Service Domain in DNS Lookup (4 .fo)
(info.rules)
2035249 - ET INFO URL Shortener Service Domain in DNS Lookup (ya .sv)
(info.rules)
2035250 - ET INFO URL Shortener Service Domain in DNS Lookup (sa .sv)
(info.rules)
2035251 - ET INFO URL Shortener Service Domain in DNS Lookup (tw .sv)
(info.rules)
2035252 - ET INFO URL Shortener Service Domain in DNS Lookup (yt .sv)
(info.rules)
Pro:
2851133 - ETPRO EXPLOIT Possible Cisco AnyConnect VPN Unauthenticated RCE
(exploit.rules)
[///] Modified active rules: [///]
2814797 - ETPRO TROJAN Win32.Maica.A Checkin (trojan.rules)
[---] Removed rules: [---]
2850975 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-29 9) (trojan.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team