Daily Ruleset Update Summary 2022/02/21

[***] Summary: [***]

5 new OPEN, 10 new PRO (5 + 5). Gamaredon, CoinMiners, Android PiSMS.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035253 - ET TROJAN Gamaredon APT Related Maldoc Activity (GET)
(trojan.rules)
2035254 - ET TROJAN Gamaredon APT Related Maldoc Activity (GET)
(trojan.rules)
2035255 - ET TROJAN Gamaredon APT Related Maldoc Activity (GET)
(trojan.rules)
2035256 - ET TROJAN Gamaredon APT Related Maldoc Activity (GET)
(trojan.rules)
2035257 - ET TROJAN Gamaredon APT Related Maldoc Activity (GET)
(trojan.rules)

Pro:

2851134 - ETPRO MOBILE_MALWARE Android PiSMS Reporting Location
(mobile_malware.rules)
2851135 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-19 1) (trojan.rules)
2851136 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-19 2) (trojan.rules)
2851137 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-19 3) (trojan.rules)
2851138 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-19 4) (trojan.rules)

[///] Modified active rules: [///]

2033908 - ET TROJAN Maldoc OneDrive Download Activity (GET) (trojan.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Monday, February 21, 2022

Summary title:

5 new OPEN, 10 new PRO (5 + 5). Gamaredon, CoinMiners, Android PiSMS.