[***] Summary: [***]

9 new OPEN, 19 new PRO (9 + 10). TA452, Various INFO,
Win32/Wacatac.B, Purelogger, PoshC2 and Miners.

Thanks @MBThreatIntel

Due to a corporate holiday, there will not be a rules release on
Friday, May 13, 2022.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036557 - ET MALWARE TA452 Related Domain in DNS Lookup (malware.rules)
2036558 - ET MALWARE TA452 Related Domain in DNS Lookup (malware.rules)
2036559 - ET MALWARE TA452 Related Domain in DNS Lookup (malware.rules)
2036560 - ET INFO External IP Lookup Domain Domain in DNS Lookup
(ipbase .com) (info.rules)
2036561 - ET INFO Observed External IP Lookup Domain (ipbase .com in
TLS SNI) (info.rules)
2036562 - ET INFO External File Sharing Service Domain (api .anonfile
.com in TLS SNI) (info.rules)
2036563 - ET INFO External File Sharing Domain in DNS Lookup
(anonfile .com) (info.rules)
2036564 - ET MALWARE Win32/Wacatac.B Loader CnC Checkin (malware.rules)
2036565 - ET MALWARE Win32/Wacatac.B Payload Download (malware.rules)

Pro:

2851632 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-05-07 1) (coinminer.rules)
2851633 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-05-07 2) (coinminer.rules)
2851634 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-05-07 3) (coinminer.rules)
2851635 - ETPRO MALWARE Win32/Remcos RAT Checkin 791 (malware.rules)
2851636 - ETPRO MALWARE Win32/Purelogger Sending System Information
(POST) (malware.rules)
2851637 - ETPRO MALWARE Win32/Purelogger Reporting System Information
Upload to Telegram (POST) (malware.rules)
2851638 - ETPRO MALWARE PoshC2 CnC Response (200) M1 (malware.rules)
2851639 - ETPRO MALWARE PoshC2 CnC Response (200) M2 (malware.rules)
2851640 - ETPRO MALWARE PoshC2 CnC Response (200) M3 (malware.rules)
2851641 - ETPRO MALWARE PoshC2 CnC Response (200) M4 (malware.rules)

[///] Modified active rules: [///]

2019633 - ET MALWARE DirectsX Checkin Response (malware.rules)
2828069 - ETPRO MALWARE Oiram CnC Beacon (malware.rules)
2851027 - ETPRO HUNTING Terse Request for OneDrive File (hunting.rules)

[///] Modified inactive rules: [///]

2036551 - ET HUNTING Suspicious HTTP Connection Header Observed (hunting.rules)

Date:
Summary title:
9 new OPEN, 19 new PRO (9 + 10). TA452, Various INFO, Win32/Wacatac.B, Purelogger, PoshC2 and Miners.