[***] Summary: [***]
8 new OPEN, 23 new PRO (8 + 15). SHARPEXT, DeimosC2, ELF/RapperBot,
Others.
Thanks @Fortinet, @h2jazi
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2037955 - ET MALWARE SHARPEXT CnC Domain in DNS Lookup (gonamod .com)
(malware.rules)
2037956 - ET MALWARE SHARPEXT CnC Domain in DNS Lookup (siekis .com)
(malware.rules)
2037957 - ET MALWARE Lazarus APT Related Activity (GET) (malware.rules)
2037958 - ET JA3 HASH - DeimosC2 Agent Activity (set) (ja3.rules)
2037959 - ET JA3 HASH - DeimosC2 Agent Activity (ja3.rules)
2037960 - ET MALWARE Observed Malicious SSL Cert (Acme Co) (malware.rules)
2037961 - ET MALWARE ELF/RapperBot CnC Checkin M1 (malware.rules)
2037962 - ET MALWARE ELF/RapperBot CnC Checkin M2 (malware.rules)
Pro:
2852041 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-04 1) (coinminer.rules)
2852042 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-04 2) (coinminer.rules)
2852055 - ETPRO MALWARE Win32/Remcos RAT Checkin 823 (malware.rules)
[///] Modified active rules: [///]
2035374 - ET MALWARE Kimsuky APT BabyShark/SHARPEXT Related Domain in DNS
Lookup (worldinfocontact .club) (malware.rules)
[---] Removed rules: [---]
2850007 - ETPRO MALWARE Observed Malicious SSL Cert (Acme Co)
(malware.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team