[***] Summary: [***]

2 new OPEN, 5 new PRO (2 + 3) SuperBOT, Remcos, and LNK/Agent.12F8!tr.dldr.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037836 - ET MALWARE Win32/Sabsik.TE.B!ml CnC Checkin (malware.rules)
2037837 - ET MALWARE Win32/SuperBOT CnC Checkin (malware.rules)

Pro:

2851968 - ETPRO MALWARE Win32/Remcos RAT Checkin 818 (malware.rules)
2851974 - ETPRO PHISHING Successful Generic Phish - Credit Card Data
2022-07-27 (phishing.rules)
2851975 - ETPRO ATTACK_RESPONSE LNK/Agent.12F8!tr.dldr Payload
Inbound (attack_response.rules)

[///] Modified active rules: [///]

2024933 - ET MALWARE IoT_reaper DNS Lookup M4 (cbk99 .com) (malware.rules)
2024934 - ET MALWARE IoT_reaper DNS Lookup M5 (bbk80 .com) (malware.rules)
2024935 - ET MALWARE IoT_reaper DNS Lookup M6 (bbk86 .com) (malware.rules)
2024936 - ET MALWARE IoT_reaper DNS Lookup M7 (ha859 .com) (malware.rules)
2027287 - ET INFO DYNAMIC_DNS Query to *.myddns.me Domain (info.rules)
2034346 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
2035521 - ET PHISHING Successful TA422 Credential Phish 2022-03-17
M2 (phishing.rules)
2036654 - ET MALWARE Win32/Vidar Variant/Mars Stealer Resources
Download (malware.rules)
2809850 - ETPRO MALWARE Cobalt Strike Covert DNS CnC Channel TXT
Lookup (udp) (malware.rules)
2809851 - ETPRO MALWARE Cobalt Strike Covert DNS CnC Channel TXT
Lookup (tcp) (malware.rules)
2828216 - ETPRO MALWARE Cerber Domain Observed (1mudaw .top) in DNS
Lookup (malware.rules)
2828221 - ETPRO MALWARE Cerber Domain Observed (1ml94w .top) in DNS
Lookup (malware.rules)
2828223 - ETPRO MALWARE Cerber Domain Observed (12efwa .top) in DNS
Lookup (malware.rules)
2828233 - ETPRO INFO Commonly Abused File Sharing Site Domain
Observed (a .pomf .cat) in DNS Lookup (info.rules)
2828268 - ETPRO MALWARE Malicious Domain CStrike C2 (blockbitcoin
.com) in DNS Lookup (malware.rules)
2828375 - ETPRO MALWARE Cerber Domain Observed (dmhl2o .bid) in DNS
Lookup (malware.rules)
2828383 - ETPRO MALWARE Zeus Panda Domain (5c9cf1996510 .faith) in
DNS Lookup (malware.rules)
2828400 - ETPRO MOBILE_MALWARE Android WannaLocker-A Domain
(biaozhunshijian .51240 .com) in DNS Lookup (mobile_malware.rules)
2828429 - ETPRO MALWARE Malicious Domain Panda Banker
(tontrumuchtors .com) in DNS Lookup (malware.rules)
2828445 - ETPRO POLICY External IP Address Lookup
(howtofindmyipaddress .com) (policy.rules)
2828447 - ETPRO MALWARE Cerber Domain Observed (hajw7w .bid) in DNS
Lookup (malware.rules)
2828451 - ETPRO MALWARE Cerber Domain Observed (tx0igu .bid) in DNS
Lookup (malware.rules)
2828464 - ETPRO MALWARE W32.MDFSMiner Domain (strak .xyz) in DNS
Lookup (malware.rules)
2828524 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z
Domain (gashdzagsadas .info) in DNS Lookup (mobile_malware.rules)
2828525 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z
Domain (hdasujdiachias .info) in DNS Lookup (mobile_malware.rules)
2828526 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z
Domain (welcoimehere89822 .top) in DNS Lookup (mobile_malware.rules)
2828527 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z
Domain (adwasdaiwjmc .info) in DNS Lookup (mobile_malware.rules)
2828528 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z
Domain (ghzuagszudsddsa .info) in DNS Lookup (mobile_malware.rules)
2828529 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z
Domain (welcoimehere8982 .top) in DNS Lookup (mobile_malware.rules)
2828530 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z
Domain (zghzuagszuddsa .info) in DNS Lookup (mobile_malware.rules)
2828531 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.z
Domain (welcoimehere89812 .top) in DNS Lookup (mobile_malware.rules)
2828564 - ETPRO MALWARE APT28 Uploader Domain (netmediaresources
.com) in DNS Lookup (malware.rules)
2828568 - ETPRO MALWARE ZeusPanda CnC Domain (henfobuthis .com) in
DNS Lookup (malware.rules)
2828570 - ETPRO MALWARE ZeusPanda CnC Domain (rowrorofrat .com) in
DNS Lookup (malware.rules)
2828572 - ETPRO MALWARE ZeusPanda CnC Domain (mysitothar .ru) in DNS
Lookup (malware.rules)
2828576 - ETPRO MALWARE ZeusPanda CnC Domain (linghogolac .ru) in
DNS Lookup (malware.rules)
2828609 - ETPRO MALWARE Cerber Domain Observed (12kb9j .top) in DNS
Lookup (malware.rules)
2828611 - ETPRO MALWARE Cerber Domain Observed (12u5fl .top) in DNS
Lookup (malware.rules)
2828615 - ETPRO MALWARE Cerber Domain Observed (bestergo .pw) in DNS
Lookup (malware.rules)

[///] Modified inactive rules: [///]

2828219 - ETPRO MALWARE Cerber Domain Observed (1gam57 .top) in DNS
Lookup (malware.rules)
2828225 - ETPRO MALWARE Cerber Domain Observed (1jquw7 .top) in DNS
Lookup (malware.rules)
2828373 - ETPRO MALWARE Cerber Domain Observed (crw57p .bid) in DNS
Lookup (malware.rules)
2828379 - ETPRO MALWARE Cerber Domain Observed (le6611 .bid) in DNS
Lookup (malware.rules)
2828449 - ETPRO MALWARE Cerber Domain Observed (hessale .pw) in DNS
Lookup (malware.rules)
2828613 - ETPRO MALWARE Cerber Domain Observed (1aweql .top) in DNS
Lookup (malware.rules)
2831837 - ETPRO MALWARE Cerber Domain Observed (1cknbd .top) in DNS
Lookup (malware.rules)

[---] Disabled and modified rules: [---]

2021039 - ET EXPLOIT_KIT CottonCastle/Niteris EK Landing April 29
2015 (exploit_kit.rules)
2037001 - ET MALWARE Maldoc Retrieving Payload 2022-06-15 (malware.rules)

[---] Disabled rules: [---]

2034334 - ET MALWARE APT-C-59 Related Domain in DNS Lookup (malware.rules)
2034349 - ET MOBILE_MALWARE Gamaredon/Armageddon Related Domain in
DNS Lookup (google-play .serveftp .com) (mobile_malware.rules)
2034350 - ET MALWARE Gamaredon/Armageddon Related Domain in DNS
Lookup (bitsadmin .ddns .net) (malware.rules)
2034351 - ET MALWARE Gamaredon/Armageddon Related Domain in DNS
Lookup (list-sert .ddns .net) (malware.rules)
2034356 - ET MALWARE Malicious Cobalt Strike SSL Certificate
(cloudflace-network .digital) (malware.rules)
2037134 - ET PHISHING Observed DNS Query to American Express
Phishing Domain (phishing.rules)
2850369 - ETPRO MALWARE Observed Cobalt Strike Domain in TLS SNI
(malware.rules)