[***] Summary: [***]
13 new OPEN, 20 new PRO (13 + 7). Trickbot, SunSeed, Gamaredon, MuddyWater, Daxin, PurpleFox, CoinMiners
Thanks @0xrb, @500mk500, @threatintel, @AhnLab_SecuInfo
Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.
Please note there will be no release on Friday, 3/4 due to a company planned PTO holiday.
[+++] Added rules: [+++]
Open:
2035356 - ET TROJAN Win32/Trickbot Data Exfiltration M2 (trojan.rules)
2035357 - ET TROJAN Win32/Trickbot Data Exfiltration M3 (trojan.rules)
2035358 - ET TROJAN Win32/Trickbot Data Exfiltration M4 (trojan.rules)
2035360 - ET TROJAN SunSeed Lua Downloader Activity (GET) (trojan.rules)
2035361 - ET TROJAN SunSeed Downloader Retrieving Binary (set) (trojan.rules)
2035362 - ET TROJAN SunSeed Download Retrieving Binary (trojan.rules)
2035363 - ET TROJAN Gamaredon APT Maldoc Related Activity (POST) (trojan.rules)
2035364 - ET TROJAN MuddyWater APT Related Telegram Activity (trojan.rules)
2035365 - ET TROJAN Win32/Backdoor.Daxin CnC Activity (trojan.rules)
2035366 - ET TROJAN Observed Malicious Filename in Outbound POST Request (Browsers/Cookies/Microsoft Edge_) (trojan.rules)
2035367 - ET INFO Observed Malicious Filename in Outbound POST Request (Information.txt) (info.rules)
2035368 - ET TROJAN MSIL/TrojanDownloader.Agent.JVN CnC Checkin (trojan.rules)
2035369 - ET CURRENT_EVENTS Generic Credential Phish Landing Page 2022-03-01 (current_events.rules)
Pro:
2851174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 1) (trojan.rules)
2851175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 2) (trojan.rules)
2851176 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 3) (trojan.rules)
2851177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 4) (trojan.rules)
2851178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 5) (trojan.rules)
2851179 - ETPRO TROJAN PurpleFox Backdoor/Rootkit Checkin M2 (trojan.rules)
2851180 - ETPRO TROJAN Trojan:Win32/Sabsik Payload Request M2 (trojan.rules)
[///] Modified active rules: [///]
2035308 - ET TROJAN Suspected PlugX Checkin Activity (udp) (trojan.rules)
2035312 - ET TROJAN Win32/Pterodo CnC Activity (POST) (trojan.rules)