[***] Summary: [***]
23 new OPEN, 26 new PRO (23 + 3) Matanbuchas, Cobalt STrike,
TinyNuke Panel,Win32/Delf.TJJ CnC, ToddyCat and Mitel MiVoice Connect
Data Validation RCE Inbound (CVE-2022-29499).
Thanks @ViriBack, @kaspersky @CrowdStrike, @malware_traffic, @malwareforme
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2037103 - ET MALWARE Win32/Matanbuchas Loader Related Domain in DNS
Lookup (collectiontelemetrysystem .com) (malware.rules)
2037104 - ET MALWARE Win32/Matanbuchas Loader Related Domain in DNS
Lookup (telemetrysystemcollection .com) (malware.rules)
2037105 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup
(extic .icu) (malware.rules)
2037106 - ET HUNTING Observed TinyNuke Admin Panel URL Pattern (hunting.rules)
2037107 - ET MALWARE Win32/Delf.TJJ CnC Checkin M1 (malware.rules)
2037108 - ET MALWARE Win32/Delf.TJJ CnC Checkin M2 (malware.rules)
2037109 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (ysl
.jxwan .com) (malware.rules)
2037110 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (udo
.jxwan .com) (malware.rules)
2037111 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (dsk
.5636 .com) (malware.rules)
2037112 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (wx
.go890 .com) (malware.rules)
2037113 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (cfg
.jipinwan .com) (malware.rules)
2037114 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (bk
.957wan .com) (malware.rules)
2037115 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (www
.58sky .com) (malware.rules)
2037116 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (cnwx
.58ad .cn) (malware.rules)
2037117 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (gc
.wb51 .com) (malware.rules)
2037118 - ET MALWARE Win32/Delf.TJJ CnC Domain in DNS Lookup (cmps
.58sky .com) (malware.rules)
2037119 - ET MALWARE ToddyCat Ninja Backdoor CnC Domain in DNS
Lookup (eohsdnsaaojrhnqo .windowshost .us) (malware.rules)
2037120 - ET MALWARE ToddyCat Ninja Backdoor CnC (malware.rules)
2037121 - ET EXPLOIT Attempted Mitel MiVoice Connect Data Validation
RCE Inbound (CVE-2022-29499) (exploit.rules)
2037122 - ET PHISHING Observed DNS Query to OWA Phishing Domain
(phishing.rules)
2037123 - ET PHISHING Successful OWA Phish 2022-06-23 (phishing.rules)
2037124 - ET PHISHING Successful ING Group Phish 2022-06-24 (phishing.rules)
2037125 - ET PHISHING Observed DNS Query to ING Group Phishing
Domain (phishing.rules)
Pro:
2851826 - ETPRO MALWARE Arkei/Vidar Stealer Variant - Telegram
Mirror Checkin (malware.rules)
2851827 - ETPRO INFO Observed Telegram Domain (t .me in TLS SNI) (info.rules)
2851828 - ETPRO HUNTING Telegram Certificate Observed (hunting.rules)
[///] Modified active rules: [///]
2033905 - ET MALWARE Win32/Syndicasec Encoded Response Embedded in
HTML Title Tags Inbound (malware.rules)
2812440 - ETPRO MALWARE Andromeda/Gamarue Checkin (malware.rules)
2829008 - ETPRO MALWARE W32/Teamspy Variant Checkin (malware.rules)