[***] Summary: [***]
10 new OPEN, 15 new PRO (10 + 5) DarkVNC, Cobalt Strike, Filecoder,
Remcos and BA/TrojanDownloader.Agent.SME.
Thanks @ahnlab_secuinfo, @Thingzeye and IRIL KICS, @sans_isc,
@malware_traffic , and @msftsecurity
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2037838 - ET SCAN Web Scanner - Fuzz Faster U Fool (Inbound) (scan.rules)
2037839 - ET PHISHING Phishing Landing Page - Excel Purchase Order Form
(phishing.rules)
2037840 - ET MALWARE Win32/Unknown VBScript Backdoor Activity (GET)
(malware.rules)
2037841 - ET MALWARE W32.DarkVNC Variant Checkin (malware.rules)
2037842 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup
(zuyonijobo .com) (malware.rules)
2037843 - ET MALWARE Observed Cobalt Strike Domain (zuyonijobo .com) in
TLS SNI (malware.rules)
2037844 - ET MALWARE Cobalt Strike Malleable C2 Beacon (Custom)
(malware.rules)
2037845 - ET MALWARE IIS Backdoor CnC Command Inbound (malware.rules)
2037846 - ET MALWARE MSIL/Filecoder.EK CnC Checkin (malware.rules)
2037847 - ET MALWARE Win32/SystemHijack.gen CnC Checkin (malware.rules)
Pro:
2851976 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-28 1) (coinminer.rules)
2851977 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-28 2) (coinminer.rules)
2851978 - ETPRO MALWARE Win32/Remcos RAT Checkin 819 (malware.rules)
2851979 - ETPRO MALWARE VBA/TrojanDownloader.Agent.SME CnC Activity
(malware.rules)
2851980 - ETPRO MALWARE Win32/Agent.TQJ Variant CnC Host Checkin M2
(malware.rules)
[///] Modified active rules: [///]
2822181 - ETPRO MALWARE Bolek HTTP Checkin (malware.rules)
2843341 - ETPRO MALWARE Win32/Agent.TQJ Variant CnC Host Checkin M1
(malware.rules)