[***] Summary: [***]

11 new OPEN, 11 new PRO (11 + 0). SoulSearcher, HermeticWizard,
Win32/Pripyat and Win32/ArmyOfUkraine Bot.

Thanks @3xp0rtblog

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2035412 - ET TROJAN SoulSearcher Malware Domain in DNS Lookup (gmy
.cimadlicks .net) (trojan.rules)
2035413 - ET TROJAN SoulSearcher Malware Domain in DNS Lookup
(community .weblives .net) (trojan.rules)
2035414 - ET TROJAN SoulSearcher Malware Domain in DNS Lookup (app
.tomelife .com) (trojan.rules)
2035415 - ET TROJAN SoulSearcher Checkin M1 (trojan.rules)
2035416 - ET TROJAN SoulSearcher Checkin M2 (trojan.rules)
2035417 - ET TROJAN HermeticWizard SMB Spread (trojan.rules)
2035418 - ET TROJAN HermeticWizard Remote Process Creation (trojan.rules)
2035419 - ET INFO Observed IP Tracking Domain (grabify .link in TLS
SNI) (info.rules)
2035420 - ET TROJAN Win32/Pripyat Activity (POST) (trojan.rules)
2035421 - ET TROJAN Win32/ArmyOfUkraine Bot Activity (trojan.rules)
2035422 - ET INFO Free Hosting Domain (*.freehostia .com in DNS
Lookup) (info.rules)

[///] Modified active rules: [///]

2014363 - ET TROJAN Lookup of Algorithm Generated Zeus CnC Domain
(DGA) (trojan.rules)
2018231 - ET INFO HTTP request for resource ending in .scr (info.rules)
2034200 - ET EXPLOIT Interactsh CnC Activity (exploit.rules)

[---] Removed rules: [---]

2851204 - ETPRO INFO Observed IP Tracking Domain (grabify .link in
TLS SNI) (info.rules)

Date:
Summary title:
11 new OPEN, 11 new PRO (11 + 0). SoulSearcher, HermeticWizard, Win32/Pripyat and Win32/ArmyOfUkraine Bot.