[***] Summary: [***]

8 new OPEN, 22 new PRO (8 + 14). SilentLibrarian, PlugX, Remcos, Others.

Thanks @dark0pcodes, @souiten, @TeamDreier

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037778 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037779 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037780 - ET MALWARE PlugX Related Domain in DNS Lookup (wpsup .daj8 .me)
(malware.rules)
2037781 - ET MALWARE PlugX Related Domain in DNS Lookup (wps .daj8 .me)
(malware.rules)
2037782 - ET CURRENT_EVENTS NATO Themed Maldoc Related Domain in DNS
Lookup (am .my-zo .org) (current_events.rules)
2037783 - ET PHISHING Facebook Credential Phish Landing Page 2022-07-18
(phishing.rules)
2037784 - ET MALWARE Win32/Sality.NBA CnC Checkin (malware.rules)
2037785 - ET ADWARE_PUP Win32 Handy Cafe Checkin (adware_pup.rules)

Pro:

2851926 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-15 1) (coinminer.rules)
2851927 - ETPRO MALWARE Win32/FlyStudio.OQO Variant CnC Checkin
(malware.rules)
2851928 - ETPRO MALWARE Win32/Remcos RAT Checkin 815 (malware.rules)
2851929 - ETPRO MALWARE Unknown.BatScript CnC Activity M1 (malware.rules)
2851930 - ETPRO MALWARE Unknown.BatScript Host Profile Exfil
(malware.rules)
2851931 - ETPRO MALWARE Unknown.BatScript CnC Activity M2 (malware.rules)
2851932 - ETPRO MALWARE MSIL/Kryptik.AFSX CnC Checkin (malware.rules)
2851933 - ETPRO MALWARE Ave Maria/Warzone RAT ListPasswordsCommand
(malware.rules)
2851934 - ETPRO MALWARE Ave Maria/Warzone RAT DownloadAndExecuteCommand
(malware.rules)

[///] Modified active rules: [///]

2014702 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode
8 through 15 set (dns.rules)
2014703 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port
Reserved Bit Set (dns.rules)

[---] Disabled and modified rules: [---]

2810582 - ETPRO MALWARE WIN32/KOVTER.B Checkin 2 M1 (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
8 new OPEN, 22 new PRO (8 + 14). SilentLibrarian, PlugX, Remcos, Others.