[***] Summary: [***]

3 new OPEN, 14 new PRO (3 + 11). TA410, Ursnif, Various Phish, Others.

Thanks @ESETresearch

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036411 - ET MALWARE MoneroOcean Installer Batch Script Inbound
(malware.rules)
2036412 - ET MALWARE TA410 APT LookBack Client HTTP Activity (POST)
(malware.rules)
2036413 - ET MALWARE [ESET] TA410 APT LookBack HTTP Server Response
(malware.rules)

Pro:

2851534 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-04-27 1) (coinminer.rules)
2851535 - ETPRO MALWARE Win32/Ursnif CnC Payload Request (malware.rules)
2851536 - ETPRO PHISHING Landbank Credential Phish Landing Page M1
2022-04-28 (phishing.rules)
2851537 - ETPRO PHISHING Landbank Credential Phish Landing Page M3
2022-04-28 (phishing.rules)
2851538 - ETPRO PHISHING Landbank Credential Phish Landing Page M5
2022-04-28 (phishing.rules)
2851539 - ETPRO PHISHING Landbank Credential Phish Landing Page M2
2022-04-28 (phishing.rules)
2851540 - ETPRO PHISHING Landbank Credential Phish Landing Page M4
2022-04-28 (phishing.rules)
2851541 - ETPRO PHISHING Landbank Credential Phish Landing Page M6
2022-04-28 (phishing.rules)
2851542 - ETPRO PHISHING Successful Landbank Credential Phish M1
2022-04-28 (phishing.rules)
2851543 - ETPRO PHISHING Successful Landbank Credential Phish M2
2022-04-28 (phishing.rules)
2851544 - ETPRO PHISHING Successful Landbank Credential Phish M3
2022-04-28 (phishing.rules)

[///] Modified active rules: [///]

2809882 - ETPRO MALWARE Dridex Post Checkin Activity 3 (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team