Daily Ruleset Update Summary 2022/08/08

Daily Ruleset Update Summary

[***] Summary: [***]

8 new OPEN, 23 new PRO (8 + 15). SHARPEXT, DeimosC2, ELF/RapperBot,
Others.

Thanks @Fortinet, @h2jazi

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037955 - ET MALWARE SHARPEXT CnC Domain in DNS Lookup (gonamod .com)
(malware.rules)
2037956 - ET MALWARE SHARPEXT CnC Domain in DNS Lookup (siekis .com)
(malware.rules)
2037957 - ET MALWARE Lazarus APT Related Activity (GET) (malware.rules)
2037958 - ET JA3 HASH - DeimosC2 Agent Activity (set) (ja3.rules)
2037959 - ET JA3 HASH - DeimosC2 Agent Activity (ja3.rules)
2037960 - ET MALWARE Observed Malicious SSL Cert (Acme Co) (malware.rules)
2037961 - ET MALWARE ELF/RapperBot CnC Checkin M1 (malware.rules)
2037962 - ET MALWARE ELF/RapperBot CnC Checkin M2 (malware.rules)

Pro:

2852041 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-04 1) (coinminer.rules)
2852042 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-04 2) (coinminer.rules)
2852055 - ETPRO MALWARE Win32/Remcos RAT Checkin 823 (malware.rules)

[///] Modified active rules: [///]

2035374 - ET MALWARE Kimsuky APT BabyShark/SHARPEXT Related Domain in DNS
Lookup (worldinfocontact .club) (malware.rules)

[---] Removed rules: [---]

2850007 - ETPRO MALWARE Observed Malicious SSL Cert (Acme Co)
(malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Monday, August 8, 2022

Summary title:

8 new OPEN, 23 new PRO (8 + 15). SHARPEXT, DeimosC2, ELF/RapperBot, Others.