[***] Summary: [***]
7 new OPEN, 8 new PRO (7 + 1). Warzone RAT, TA444, Win32/Shrine.A,
Others.
Thanks @h2jazi, @petrovic082
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2037800 - ET MALWARE Win32/Stealerium Stealer Checkin via Discord
(malware.rules)
2037801 - ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
(Inbound) (malware.rules)
2037802 - ET MALWARE TA444 Related Domain in DNS Lookup
(documentworkspace .io) (malware.rules)
2037803 - ET MALWARE TA444 Related Domain in DNS Lookup (fclouddown .co)
(malware.rules)
2037804 - ET MALWARE TA444 Related Domain in DNS Lookup (googlesheet
.info) (malware.rules)
2037805 - ET PHISHING Successful FedEx Phish 2022-07-20 (phishing.rules)
2037806 - ET MALWARE Win32/Shrine.A CnC Checkin (malware.rules)
Pro:
2851952 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-21 1) (coinminer.rules)
[///] Modified active rules: [///]
2024708 - ET MALWARE CCleaner Backdoor DGA Domain (ab6d54340c1a .com) Feb
2017 (malware.rules)
2024709 - ET MALWARE CCleaner Backdoor DGA Domain (aba9a949bc1d .com) Mar
2017 (malware.rules)
2024710 - ET MALWARE CCleaner Backdoor DGA Domain (ab2da3d400c20 .com)
Apr 2017 (malware.rules)
2024711 - ET MALWARE CCleaner Backdoor DGA Domain (ab3520430c23 .com) May
2017 (malware.rules)
2024712 - ET MALWARE CCleaner Backdoor DGA Domain (ab1c403220c27 .com)
Jun 2017 (malware.rules)
2024713 - ET MALWARE CCleaner Backdoor DGA Domain (ab1abad1d0c2a .com)
Jul 2017 (malware.rules)
2024714 - ET MALWARE CCleaner Backdoor DGA Domain (ab8cee60c2d .com) Aug
2017 (malware.rules)
2024715 - ET MALWARE CCleaner Backdoor DGA Domain (ab1145b758c30 .com)
Sep 2017 (malware.rules)
2024716 - ET MALWARE CCleaner Backdoor DGA Domain (ab890e964c34 .com) Oct
2017 (malware.rules)
2024717 - ET MALWARE CCleaner Backdoor DGA Domain (ab3d685a0c37 .com) Nov
2017 (malware.rules)
2024718 - ET MALWARE CCleaner Backdoor DGA Domain (ab70a139cc3a.com) Dec
2017 (malware.rules)
2024816 - ET MALWARE CCleaner Backdoor DGA Domain (ab3c2b0d28ba6 .com)
Jan 2018 (malware.rules)
2024817 - ET MALWARE CCleaner Backdoor DGA Domain (ab99c24c0ba9 .com) Feb
2018 (malware.rules)
2024818 - ET MALWARE CCleaner Backdoor DGA Domain (ab2e1b782bad .com) Mar
2018 (malware.rules)
2024819 - ET MALWARE CCleaner Backdoor DGA Domain (ab253af862bb0 .com)
Apr 2018 (malware.rules)
2024820 - ET MALWARE CCleaner Backdoor DGA Domain (ab2d02b02bb3 .com) May
2018 (malware.rules)
2024821 - ET MALWARE CCleaner Backdoor DGA Domain (ab1b0eaa24bb6 .com)
Jun 2018 (malware.rules)
2024822 - ET MALWARE CCleaner Backdoor DGA Domain (abf09fc5abba .com) Jul
2018 (malware.rules)
2024823 - ET MALWARE CCleaner Backdoor DGA Domain (abce85a51bbd .com) Aug
2018 (malware.rules)
2024824 - ET MALWARE CCleaner Backdoor DGA Domain (abccc097dbc0.com) Sep
2018 (malware.rules)
2024825 - ET MALWARE CCleaner Backdoor DGA Domain (ab33b8aa69bc4 .com)
Oct 2018 (malware.rules)
2024826 - ET MALWARE CCleaner Backdoor DGA Domain (ab693f4c0bc7 .com) Nov
2018 (malware.rules)
2024827 - ET MALWARE CCleaner Backdoor DGA Domain (ab23660730bca .com)
Dec 2018 (malware.rules)
2025894 - ET MALWARE OilRig QUADAGENT DNS Tunneling (malware.rules)
2029606 - ET MALWARE MSIL/Firebird RAT CnC Checkin (malware.rules)
2031206 - ET MALWARE CCleaner Backdoor DGA Domain (ab1de19d80ae6 .com) in
DNS Lookup (malware.rules)
[---] Disabled and modified rules: [---]
2036077 - ET INFO DYNAMIC_DNS HTTP Request to a *.misecure .com Domain
(info.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team