[***] Summary: [***]

8 new OPEN, 12 new PRO (8 + 4) SharpPanda, Cobalt Strike, Siewider,
Various Phishing and Coinminer sigs.

Thanks @obfusor, @h2jazi, @malwareforme

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037095 - ET MALWARE SharpPanda APT Activity (GET) (malware.rules)
2037096 - ET MALWARE Cobalt Strike Malleable C2 Amazon Profile
Variant (GET) (malware.rules)
2037097 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(mailh .alit .live) (malware.rules)
2037098 - ET PHISHING Emirates NBD Bank Credential Phish Landing
Page 2022-06-23 (phishing.rules)
2037099 - ET PHISHING Successful Emirates NBD Bank Credential Phish
2022-06-23 (phishing.rules)
2037100 - ET PHISHING Observed DNS Query to Nedbank Phishing Domain
(phishing.rules)
2037101 - ET PHISHING Nedbank Phishing Landing Page 2022-06-22
(phishing.rules)
2037102 - ET MALWARE Win32/Agent.RDE Checkin (malware.rules)

Pro:

2851822 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-23 1) (coinminer.rules)
2851823 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-23 2) (coinminer.rules)
2851824 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-23 3) (coinminer.rules)
2851825 - ETPRO MALWARE Win32/Sogou.H Variant CnC Activity (malware.rules)

[///] Modified active rules: [///]

2037026 - ET MALWARE Win32.Banker Trojan CnC Checkin (malware.rules)
2037091 - ET HUNTING Suspicious Zipped Filename in Outbound POST
Request (Steam_htmlcache.txt) (hunting.rules)
2100494 - GPL ATTACK_RESPONSE command completed (attack_response.rules)
2803152 - ETPRO MALWARE Backdoor.Win32.Arhost.D Checkin (malware.rules)
2822181 - ETPRO MALWARE Bolek HTTP Checkin (malware.rules)

[---] Removed rules: [---]

2037092 - ET HUNTING Suspicious Zipped Filename in Outbound POST
Request (Steam_htmlcache.txt) M2 (hunting.rules)