[***] Summary: [***]

2 new OPEN, 9 new PRO (2 + 7) Gamaredon,
Trojan-Banker.AndroidOS.Xenomorph, Various Coinminer sigs and Post
Zerologon Activity.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035283 - ET TROJAN Gamaredon APT Related Activity (GET) (trojan.rules)
2035284 - ET INFO Observed URL Shortening Service Domain in TLS SNI
(litby .us) (info.rules)

Pro:

2851157 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Xenomorph Checkin
(mobile_malware.rules)
2851158 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Xenomorph Checkin
2 (mobile_malware.rules)
2851159 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-24 1) (trojan.rules)
2851160 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-24 2) (trojan.rules)
2851161 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-02-24 3) (trojan.rules)
2851162 - ETPRO INFO Observed DNS Query for Ukraine Domain (.ua)
(info.rules)
2851163 - ETPRO EXPLOIT CreateService via SMB to
Reset-ComputerMachinePassword - Observed Post Zerologon Activity
(exploit.rules)

[///] Modified active rules: [///]

2012647 - ET POLICY Dropbox.com Offsite File Backup in Use (policy.rules)
2013659 - ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
(policy.rules)
2019387 - ET POLICY SSL Certificate IRC GEEKS Likely Encrypted IRC or CnC
(policy.rules)

[---] Disabled and modified rules: [---]

2019628 - ET TROJAN AnubisNetworks Sinkhole SSL Cert lolcat - specific
IPs (trojan.rules)
2020888 - ET INFO invalid.cab domain in SNI (info.rules)

Date:
Summary title:
2 new OPEN, 9 new PRO (2 + 7) Gamaredon, Trojan-Banker.AndroidOS.Xenomorph, Various Coinminer sigs and Post Zerologon Activity.