[***] Summary: [***]
5 new OPEN, 7 new PRO (5 + 2) Lazarus APT Related Valefor/VSingle
Sigs, AU Gov Phishing, Trojan.AndroidOS.Jocker.pp Checkin and Remcos.
Thanks @jpcert
On Friday, July 8th, the ruleset downloaded from the "suricata-edge"
ruleset will be pointed to the Suricata 6 ruleset. If you currently
download using the "suricata-edge" version in the download URL, you
will be impacted by this change.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2037275 - ET MALWARE Lazarus APT Related Valefor/VSingle CnC Beacon
(malware.rules)
2037276 - ET MALWARE Lazarus APT Related VSingle Backdoor Activity
(GET) (malware.rules)
2037277 - ET MALWARE Lazarus APT Related Domain in DNS Lookup
(ougreen .com) (malware.rules)
2037278 - ET PHISHING Australian Government Credential Phish Landing
Page 2022-07-06 (phishing.rules)
2037279 - ET PHISHING Successful Australian Government Credential
Phish 2022-07-06 (phishing.rules)
Pro:
2851867 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.pp Checkin
(mobile_malware.rules)
2851868 - ETPRO MALWARE Win32/Remcos RAT Checkin 813 (malware.rules)
[---] Disabled and modified rules: [---]
2030555 - ET INFO Outbound RRSIG DNS Query Observed (info.rules)
[---] Removed rules: [---]
2843431 - ETPRO MALWARE Valefor CnC Beacon (malware.rules)