Daily Ruleset Update Summary 2022/06/07

[***] Summary: [***]

43 new OPEN, 51 new PRO (43 + 8). APT-C-55, TA455, TA401, Remcos, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036886 - ET MALWARE Observed Malicious SSL/TLS Certificate
(APT-C-55/BabyShark Staging Domain) (malware.rules)
2036887 - ET MALWARE Observed Malicious SSL/TLS Certificate
(APT-C-55/BabyShark Staging Domain) (malware.rules)
2036888 - ET MALWARE Observed Malicious SSL/TLS Certificate
(APT-C-55/BabyShark Staging Domain) (malware.rules)
2036889 - ET MALWARE Observed Malicious SSL/TLS Certificate
(APT-C-55/BabyShark Staging Domain) (malware.rules)
2036890 - ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast
.pro) (info.rules)
2036891 - ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast
.live) (info.rules)
2036892 - ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast
.online) (info.rules)
2036893 - ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast
.fun) (info.rules)
2036894 - ET INFO Out-of-Band Interaction Domain in DNS Lookup (oast .me)
(info.rules)
2036895 - ET INFO Out-of-Band Interaction Domain in DNS Lookup (oastify
.com) (info.rules)
2036896 - ET INFO Out-of-Band Interaction Domain in DNS Lookup
(requestbin .net) (info.rules)
2036897 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036898 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036899 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036900 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036901 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036902 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036903 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036904 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036905 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036906 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036907 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036908 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036909 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036910 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036911 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036912 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036913 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036914 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036915 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036916 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036917 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036918 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036919 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036920 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036921 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036922 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036923 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036924 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036925 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036926 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036927 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2036928 - ET MALWARE TA401 Arid Viper Related Activity (POST)
(malware.rules)

Pro:

2851753 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-07 1) (coinminer.rules)
2851754 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-07 2) (coinminer.rules)
2851755 - ETPRO USER_AGENTS Observed Malicious Downloader User-Agent
(user_agents.rules)
2851756 - ETPRO USER_AGENTS Observed Graftor/LoadMoney Related User-Agent
(user_agents.rules)
2851757 - ETPRO USER_AGENTS Observed Graftor/LoadMoney Related User-Agent
(user_agents.rules)
2851758 - ETPRO ADWARE_PUP Win32/Slimware Related User-Agent
(adware_pup.rules)
2851759 - ETPRO MALWARE Win32/Remcos RAT Checkin 800 (malware.rules)
2851760 - ETPRO MALWARE Win32/Remcos RAT Checkin 801 (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Tuesday, June 7, 2022

Summary title:

43 new OPEN, 51 new PRO (43 + 8). APT-C-55, TA455, TA401, Remcos, Others.