[***] Summary: [***]

7 new OPEN, 18 new PRO (7 + 11). Various APT, CVE 2022-1388, CVE
2022-1040 and Various Posh C2.

Thanks @DustyMMiller @momika233 @Horizon3ai @bytecaps and Symantec

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036544 - ET MALWARE Stonefly APT Related Domain in DNS Lookup
(semiconductboard .com) (malware.rules)
2036545 - ET MALWARE Stonefly APT Related Domain in DNS Lookup
(tecnojournals .com) (malware.rules)
2036546 - ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass
(CVE 2022-1388) (exploit.rules)
2036547 - ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass
Server Response (CVE 2022-1388) (exploit.rules)
2036548 - ET EXPLOIT Sophos Firewall Authentication Bypass (CVE
2022-1040) (exploit.rules)
2036549 - ET EXPLOIT Sophos Firewall Authentication Bypass (CVE
2022-1040) Server Response M1 (exploit.rules)
2036550 - ET EXPLOIT Sophos Firewall Authentication Bypass (CVE
2022-1040) Server Response M2 (exploit.rules)

Pro:

2851590 - ETPRO PHISHING Successful Generic Phish 2022-05-09 (phishing.rules)
2851591 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M1 (malware.rules)
2851592 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M2 (malware.rules)
2851593 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M3 (malware.rules)
2851594 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M4 (malware.rules)
2851595 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M5 (malware.rules)
2851596 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M5 (malware.rules)
2851597 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M6 (malware.rules)
2851598 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M7 (malware.rules)
2851599 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M8 (malware.rules)
2851600 - ETPRO MALWARE PoshC2 Beacon Exfil (POST) M9 (malware.rules)

[///] Modified active rules: [///]

2851359 - ETPRO MALWARE Possible EvilNum PowerShell Checkin (malware.rules)