[***] Summary: [***]

69 new OPEN, 75 new PRO (69 + 6). BPFDoor, Various CVE, Sidewinder
APT, Mustang Panda APT, TA457 and Phishing.

Thanks @DefSecSentinel, @alex_the_bell, @elastic, Rhys
Rustad-Elliott, @kienbigmummy, @_CPResearch_, @ShablolForce and
@GroupIB

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036746 - ET MALWARE APT SideWinder CnC Domain in DNS Lookup
(cdn-in. net) (malware.rules)
2036747 - ET MALWARE APT SideWinder CnC Domain in DNS Lookup
(cdn-dl. cn) (malware.rules)
2036748 - ET EXPLOIT Fuel CMS 1.4.1 RCE (CVE-2018-16763) (exploit.rules)
2036749 - ET EXPLOIT Zhone ZNID GPON 2426A < S3.0.501 RCE
(CVE-2014-9118) M1 (exploit.rules)
2036750 - ET EXPLOIT Zhone ZNID GPON 2426A < S3.0.501 RCE
(CVE-2014-9118) M2 (exploit.rules)
2036751 - ET MALWARE Suspected BPFDoor UDP Magic Packet (Inbound)
(malware.rules)
2036752 - ET MALWARE Suspected BPFDoor TCP Magic Packet (Inbound)
(malware.rules)
2036753 - ET MALWARE Suspected BPFDoor ICMP Magic Packet (Inbound)
(malware.rules)
2036754 - ET MALWARE Mustang Panda APT PlugX Related Domain in DNS
Lookup (myanmarnewsonline .org) (malware.rules)
2036755 - ET MALWARE Mustang Panda APT PlugX Related Domain in DNS
Lookup (hilifimyanmar .com) (malware.rules)
2036756 - ET MALWARE TA457 Related Activity (POST) (malware.rules)
2036757 - ET MALWARE TA457 Related Activity M2 (POST) (malware.rules)
2036758 - ET MALWARE TA457 Related Activity M3 (POST) (malware.rules)
2036759 - ET MALWARE TA457 Related Activity M4 (POST) (malware.rules)
2036760 - ET INFO Powershell Base64 Decode Command Inbound (info.rules)
2036761 - ET HUNTING Possible Fake Edu Host On InfinityFree Service
(hunting.rules)
2036762 - ET PHISHING Facebook Credential Phish Landing Page M2
2022-06-01 (phishing.rules)
2036763 - ET PHISHING Generic Credential Phish Landing Page
2022-06-02 (phishing.rules)
2036764 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(chrom3 .net) (malware.rules)
2036765 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(pakgov .net) (malware.rules)
2036766 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(aspbin .net) (malware.rules)
2036767 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(cdn-edu .net) (malware.rules)
2036768 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(s3-cdn .net) (malware.rules)
2036769 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(bitlyy .me) (malware.rules)
2036770 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(tin-url .com) (malware.rules)
2036771 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(nrots .net) (malware.rules)
2036772 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(gov-pok .net) (malware.rules)
2036773 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(govpk-mail .net) (malware.rules)
2036774 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(d01fa .net) (malware.rules)
2036775 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(kdf-mail .com) (malware.rules)
2036776 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(cdn-aws .net) (malware.rules)
2036777 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(cdn-top .net) (malware.rules)
2036778 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(cdn-src .net) (malware.rules)
2036779 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(filesrvr .net) (malware.rules)
2036780 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(cdn-pak .net) (malware.rules)
2036781 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(dawnpk .org) (malware.rules)
2036782 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(ap1-port .net) (malware.rules)
2036783 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(vpn-secure .co) (malware.rules)
2036784 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(sd1-bin .net) (malware.rules)
2036785 - ET MALWARE Suspected Sidewinder APT Phishing Activity -
Landing Page URI Pattern (malware.rules)
2036786 - ET MALWARE SideWinder APT antibot script (malware.rules)
2036787 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(paf-gov .net) (malware.rules)
2036788 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(docuserve .ltd) (malware.rules)
2036789 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(fileserve .work) (malware.rules)
2036790 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(cvix .live) (malware.rules)
2036791 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(edu-cx .org) (malware.rules)
2036792 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(paknvay-pk .net) (malware.rules)
2036793 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(ministry-pk .net) (malware.rules)
2036794 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(ppinewsagency .live) (malware.rules)
2036795 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(cr20g .org) (malware.rules)
2036796 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(iugur .live) (malware.rules)
2036797 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(moma-pk .org) (malware.rules)
2036798 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(mod-pk .com) (malware.rules)
2036799 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(cloud-apt .net) (malware.rules)
2036800 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(ksew .org) (malware.rules)
2036801 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(bahariafoundation .org) (malware.rules)
2036802 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(bbcnew .cn) (malware.rules)
2036803 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(pak-gov .com) (malware.rules)
2036804 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(pakgov .org) (malware.rules)
2036805 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(csd-pk .co) (malware.rules)
2036806 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(fdn-trace .net) (malware.rules)
2036807 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(pakmarines .com) (malware.rules)
2036808 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(pkrepublic .org) (malware.rules)
2036809 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(pafwa .info) (malware.rules)
2036810 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(int-secure .org) (malware.rules)
2036811 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(kpt-pk .net) (malware.rules)
2036812 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(gov-mail .net) (malware.rules)
2036813 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(krlwin .org) (malware.rules)
2036814 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(pak-web .com) (malware.rules)

Pro:

2851738 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Ermak.a
Checkin (mobile_malware.rules)
2851739 - ETPRO INFO Suspicious Inbound HTTP POST with Backslash In
Filename - Possible Detection Bypass (info.rules)
2851740 - ETPRO MALWARE Powershell Pak-Loader Download (malware.rules)
2851741 - ETPRO MALWARE AZORult Client Checkin (malware.rules)
2851742 - ETPRO PHISHING Successful OWA Phish POST 2022-05-31 (phishing.rules)
2851743 - ETPRO MALWARE MalDoc retrieving Payload 2022-06-02 (malware.rules)

[///] Modified active rules: [///]

2027092 - ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE
(CVE-2017-18368) (exploit.rules)
2036546 - ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass
(CVE-2022-1388) M1 (exploit.rules)
2036547 - ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass
Server Response (CVE-2022-1388) (exploit.rules)
2036556 - ET EXPLOIT F5 BIG-IP iControl REST authentication bypass
attempt (CVE-2022-1388) M2 (exploit.rules)
2036710 - ET PHISHING Facebook Credential Phish Landing Page M2
2022-05-27 (phishing.rules)
2807934 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-1752) (web_client.rules)

[---] Removed rules: [---]