[***] Summary: [***]
8 new OPEN, 22 new PRO (8 + 14). SilentLibrarian, PlugX, Remcos, Others.
Thanks @dark0pcodes, @souiten, @TeamDreier
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2037778 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037779 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037780 - ET MALWARE PlugX Related Domain in DNS Lookup (wpsup .daj8 .me)
(malware.rules)
2037781 - ET MALWARE PlugX Related Domain in DNS Lookup (wps .daj8 .me)
(malware.rules)
2037782 - ET CURRENT_EVENTS NATO Themed Maldoc Related Domain in DNS
Lookup (am .my-zo .org) (current_events.rules)
2037783 - ET PHISHING Facebook Credential Phish Landing Page 2022-07-18
(phishing.rules)
2037784 - ET MALWARE Win32/Sality.NBA CnC Checkin (malware.rules)
2037785 - ET ADWARE_PUP Win32 Handy Cafe Checkin (adware_pup.rules)
Pro:
2851926 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-15 1) (coinminer.rules)
2851927 - ETPRO MALWARE Win32/FlyStudio.OQO Variant CnC Checkin
(malware.rules)
2851928 - ETPRO MALWARE Win32/Remcos RAT Checkin 815 (malware.rules)
2851929 - ETPRO MALWARE Unknown.BatScript CnC Activity M1 (malware.rules)
2851930 - ETPRO MALWARE Unknown.BatScript Host Profile Exfil
(malware.rules)
2851931 - ETPRO MALWARE Unknown.BatScript CnC Activity M2 (malware.rules)
2851932 - ETPRO MALWARE MSIL/Kryptik.AFSX CnC Checkin (malware.rules)
2851933 - ETPRO MALWARE Ave Maria/Warzone RAT ListPasswordsCommand
(malware.rules)
2851934 - ETPRO MALWARE Ave Maria/Warzone RAT DownloadAndExecuteCommand
(malware.rules)
[///] Modified active rules: [///]
2014702 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode
8 through 15 set (dns.rules)
2014703 - ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port
Reserved Bit Set (dns.rules)
[---] Disabled and modified rules: [---]
2810582 - ETPRO MALWARE WIN32/KOVTER.B Checkin 2 M1 (malware.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team