[***] Summary: [***]

40 new OPEN, 40 new PRO (40 + 0) PoshC2, Earth Berberoka DNS Sigs,
Survey Credential, Internet Computer and Trojan.Win32.DLOADR.TIOIBEPQ.

Thanks @twinwavesec

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036460 - ET PHISHING Successful Survey Credential Phish M1
2022-04-04 (phishing.rules)
2036461 - ET PHISHING Successful Survey Credential Phish M2
2022-04-04 (phishing.rules)
2036462 - ET MALWARE DeathStalker APT Related Maldoc Activity (GET)
(malware.rules)
2036463 - ET MALWARE Maldoc Retrieving Remote Template (GET) (malware.rules)
2036464 - ET HUNTING [TW] Internet Computer Domain Observed (hunting.rules)
2036465 - ET HUNTING [TW] Internet Computer HTTP Request Observed
(hunting.rules)
2036466 - ET HUNTING [TW] Internet Computer HTTP Referer Observed
(hunting.rules)
2036467 - ET HUNTING [TW] Internet Computer HTTP Location Redirect
Observed (hunting.rules)
2036468 - ET MALWARE PoshC2 Downloader Activity (GET) (malware.rules)
2036469 - ET INFO DYNAMIC_DNS HTTP Request to a *.4nmn .com Domain
(info.rules)
2036470 - ET INFO DYNAMIC_DNS Query to 4nmn .com Domain (info.rules)
2036471 - ET PHISHING Successful Survey Credential Phish M3
2022-04-04 (phishing.rules)
2036472 - ET PHISHING Successful Survey Credential Phish M4
2022-04-04 (phishing.rules)
2036473 - ET PHISHING Successful Survey Credential Phish M5
2022-04-04 (phishing.rules)
2036474 - ET PHISHING Successful Survey Credential Phish M6
2022-04-04 (phishing.rules)
2036475 - ET PHISHING Successful Survey Credential Phish M7
2022-04-04 (phishing.rules)
2036476 - ET PHISHING Survey Credential Phish Landing Page
2022-04-04 (phishing.rules)
2036477 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (daji8
.me) (malware.rules)
2036478 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (fbi
.am) (malware.rules)
2036479 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (11i
.me) (malware.rules)
2036480 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(shopingchina .net) (malware.rules)
2036481 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(googie .ph) (malware.rules)
2036482 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (daj8
.me) (malware.rules)
2036483 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(rootkit .tools) (malware.rules)
2036484 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(github .wiki) (malware.rules)
2036485 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(mircrosoftscoulds .com) (malware.rules)
2036486 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(whoamis .info) (malware.rules)
2036487 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (adobe
.name) (malware.rules)
2036488 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (dajuw
.com) (malware.rules)
2036489 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(adobe-flash .wiki) (malware.rules)
2036490 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(update .adobe .wiki) (malware.rules)
2036491 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (flash
.wy886066 .com) (malware.rules)
2036492 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (linux
.wy01 .vip) (malware.rules)
2036493 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (malware.rules)
2036494 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(exmail .googie .com .ph) (malware.rules)
2036495 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (linux
.wy01 .com) (malware.rules)
2036496 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup
(mmimdown .oss-cn-hongkong .aliyuncs .com) (malware.rules)
2036497 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (agph
.ivi66 .net) (malware.rules)
2036498 - ET MALWARE Earth Berberoka CnC Domain in DNS Lookup (malware.rules)
2036499 - ET MALWARE Trojan.Win32.DLOADR.TIOIBEPQ CnC Traffic (malware.rules)

[///] Modified active rules: [///]

2851580 - ETPRO MALWARE Win32/Trojan.Agent.FRPG Exfil Activity
(POST) (malware.rules)
2851581 - ETPRO MALWARE Kimsuky APT PebbleDash Related Activity
(GET) (malware.rules)