[***] Summary: [***]
11 new OPEN, 15 new PRO (11 + 4) Vidar, Python CTX Lib Backdoor,
Win/Malware.Filetour, Guloader, and LoggerRust.
Thanks @AhnLab_SecuInfo, @LabsSentinel, and @Fortinet
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2036664 - ET MALWARE Malicious Rust Crate Related Domain in DNS
Lookup (api .kakn .li) (malware.rules)
2036665 - ET INFO Observed Anonymous File Sharing Service (fromsmash
.com in TLS SNI) (info.rules)
2036666 - ET INFO Anonymous File Sharing Domain in DNS Lookup
(fromsmash .com) (info.rules)
2036667 - ET MALWARE Win32/Vidar Variant/Mars CnC Activity (GET)
(malware.rules)
2036668 - ET PHISHING Successful Generic Credential Phish 2022-05-24
(phishing.rules)
2036669 - ET PHISHING Generic Credential Phish Landing Page
2022-05-24 (phishing.rules)
2036670 - ET MALWARE Python CTX Library Backdoor Domain in DNS
Lookup (anti-theft-web .herokuapp .com) (malware.rules)
2036671 - ET MALWARE Observed Python CTX Library Backdoor Domain
(anti-theft-web .herokuapp .com) in TLS SNI (malware.rules)
2036672 - ET ADWARE_PUP Win/Malware.Filetour Variant Checkin M2
(adware_pup.rules)
2036673 - ET ADWARE_PUP Win/Malware.Filetour Variant Checkin M3
(adware_pup.rules)
2036674 - ET MALWARE GuLoader Domain in DNS Lookup (zoneofzenith
.com) (malware.rules)
Pro:
2851680 - ETPRO MALWARE PizzaStrings Checkin (malware.rules)
2851681 - ETPRO MALWARE Win32/Delf.NBX CnC Checkin (malware.rules)
2851682 - ETPRO MALWARE Win32/LoggerRust Sending System Information
via Telegram (POST) (malware.rules)
2851683 - ETPRO MALWARE Win32/LoggerRust Activity (FTP) (malware.rules)
[///] Modified active rules: [///]
2029933 - ET MALWARE Various Ransomware/Stealer Style External IP
Address Check (myip .ch) (malware.rules)
2036269 - ET ADWARE_PUP Win/Malware.Filetour Variant Checkin M1
(adware_pup.rules)