[***] Summary: [***]

14 new OPEN, 24 new PRO (14 + 10) MSIL/GenKryptik.FWXB,
PlayerUnknown's Battlegrounds Phish, Win32/Zaphal.A CnC, Remcos and
Cobalt Strike.

Thanks @Cleafy

On Friday, July 8th, the ruleset downloaded from the
"suricata-edge" ruleset will be pointed to the Suricata 6 ruleset. If
you currently download using the "suricata-edge" version in the
download URL, you will be impacted by this change.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037261 - ET MALWARE MSIL/GenKryptik.FWXB Telegram Checkin (malware.rules)
2037262 - ET MOBILE_MALWARE Android/Revive Banking Trojan Initial
Checkin Activity (POST) (mobile_malware.rules)
2037263 - ET PHISHING PlayerUnknown's Battlegrounds Credential Phish
Landing Page M1 2022-07-05 (phishing.rules)
2037264 - ET PHISHING Successful PlayerUnknown's Battlegrounds
Credential Phish 2022-07-05 (phishing.rules)
2037265 - ET PHISHING PlayerUnknown's Battlegrounds Credential Phish
Landing Page M2 2022-07-05 (phishing.rules)
2037266 - ET PHISHING Spox Phish Kit Landing Page 2022-07-05 (phishing.rules)
2037267 - ET PHISHING Navy Federal Credit Union Credential Phish
Landing Page 2022-07-05 (phishing.rules)
2037268 - ET PHISHING Successful Facebook Credential Phish
2022-07-05 (phishing.rules)
2037269 - ET INFO Custom Logo Domain Domain in DNS Lookup
(logodownload .org) (info.rules)
2037270 - ET INFO Observed SSL Cert (logodownload .org) (info.rules)
2037271 - ET PHISHING Caixa Credential Phish Landing Page 2022-07-05
(phishing.rules)
2037272 - ET PHISHING Successful Caixa Credential Phish 2022-07-05
(phishing.rules)
2037273 - ET PHISHING Radobank Phishing Landing Page 2022-07-05
(phishing.rules)
2037274 - ET MALWARE Win32/Kryptik.HQAF Checkin (malware.rules)

Pro:

2851857 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.aav CnC
Domain in DNS Lookup (mobile_malware.rules)
2851858 - ETPRO MOBILE_MALWARE Android Trojan Hitik Checkin
(mobile_malware.rules)
2851859 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-04 1) (coinminer.rules)
2851860 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-04 2) (coinminer.rules)
2851861 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-04 3) (coinminer.rules)
2851862 - ETPRO MALWARE Win32/Zaphal.A CnC Checkin (malware.rules)
2851863 - ETPRO USER_AGENTS Win32/Zaphal.A UA Observed (user_agents.rules)
2851864 - ETPRO MALWARE Win32/Remcos RAT Checkin 811 (malware.rules)
2851865 - ETPRO MALWARE Win32/Remcos RAT Checkin 812 (malware.rules)
2851866 - ETPRO MALWARE Cobalt Strike Stager Activity (malware.rules)

[///] Modified active rules: [///]

2032776 - ET MALWARE Remcos 3.x Unencrypted Checkin (malware.rules)
2032777 - ET MALWARE Remcos 3.x Unencrypted Server Response (malware.rules)

[---] Disabled and modified rules: [---]

2017572 - ET WEB_CLIENT Possible Microsoft Internet Explorer
Use-After-Free (CVE-2013-3897) (web_client.rules)
2807102 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free (CVE-2013-3875) (web_client.rules)
2807206 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free (CVE-2013-3911) 1 (web_client.rules)

[---] Removed rules: [---]

2016228 - ET EXPLOIT Metasploit CVE-2013-0422 Jar (exploit.rules)
2017657 - ET HUNTING SUSPICIOUS JS Multiple Debug Math.atan2 calls
with CollectGarbage (hunting.rules)