[***] Summary: [***]

7 new OPEN, 11 new PRO (7 + 4). RecordBreaker, njRAT, Various Phish,
Others.

Thanks @Unit42_intel, @james_inthe_box, @mattata

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034458 - ET INFO Observed DNS Query to DynDNS Domain (linkpc .net)
(info.rules)
2036929 - ET MALWARE GoLang Popping Eagle Trojan Related Activity (POST)
(malware.rules)
2036930 - ET PHISHING Facebook Credential Phish Landing Page 2022-06-08
(phishing.rules)
2036931 - ET PHISHING Successful Generic Credential Phish M1 2022-06-08
(phishing.rules)
2036932 - ET PHISHING Successful Generic Credential Phish M2 2022-06-08
(phishing.rules)
2036933 - ET MALWARE njRAT v65.0 CnC Checkin (malware.rules)
2036934 - ET MALWARE Recordbreaker Stealer CnC Checkin (malware.rules)

Pro:

2845734 - ETPRO ADWARE_PUP Observed CryptoTab Browser Download TLS Cert
(adware_pup.rules)
2851761 - ETPRO MOBILE_MALWARE Observed Trojan-Spy.AndroidOS.Agent.zv
Domain in TLS SNI (mobile_malware.rules)
2851762 - ETPRO MALWARE Custom Phishing Simulation Checkin (malware.rules)
2851763 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-07 1) (coinminer.rules)

[///] Modified active rules: [///]

2036785 - ET MALWARE Suspected Sidewinder APT Phishing Activity - Landing
Page URI Pattern (malware.rules)
2824799 - ETPRO MALWARE Lets Encrypt Free SSL Cert Observed in Possible
American Express Phishing (malware.rules)
2851059 - ETPRO MALWARE MSIL/White Clipper CnC Exfil via Discord
(malware.rules)

[---] Disabled and modified rules: [---]

2829356 - ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net)
(info.rules)

[---] Removed rules: [---]

2034458 - ET POLICY Observed DNS Query to DynDNS Domain (linkpc .net)
(policy.rules)
2845734 - ETPRO MALWARE Observed Malicious SSL Cert (IceRAT)
(malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team