[***] Summary: [***]

10 new OPEN, 12 new PRO (10 + 2). Win32/ErbiumStealer, CVE-2022-31656,
Mirai, Others,

Thanks @3xp0rtblog, @VietPetrus

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038475 - ET EXPLOIT Attempted VMware Authentication Bypass
(CVE-2022-31656) (exploit.rules)
2038476 - ET INFO URL Shortening Service Domain in DNS Lookup (webz .cc)
(info.rules)
2038477 - ET INFO Observed URL Shortening Service Domain (webz .cc in TLS
SNI) (info.rules)
2038478 - ET INFO URL Shortening/Redirect Service Domain in DNS Lookup
(info.rules)
2038479 - ET MALWARE Observed DNS Query to ErbiumStealer Domain (erbium
.ml) (malware.rules)
2038480 - ET MALWARE Win32/ErbiumStealer Panel CnC Checkin (malware.rules)
2038481 - ET MALWARE Win32/ErbiumStealer CnC Activity (GetBuild)
(malware.rules)
2038482 - ET USER_AGENTS ErbiumStealer UA Observed (user_agents.rules)
2038483 - ET PHISHING Successful Idaho Central Credit Union Credential
Phish (phishing.rules)
2038484 - ET MALWARE Win32/RA-based.NCX CnC Checkin (malware.rules)

Pro:

2852070 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-10 1) (coinminer.rules)
2852071 - ETPRO MALWARE Likely Mirai Related Shell Script Inbound
(malware.rules)

[///] Modified active rules: [///]

2018426 - ET MALWARE Netwire RAT Check-in (set) (malware.rules)
2018427 - ET MALWARE Netwire RAT Check-in (malware.rules)
2025035 - ET MALWARE Netwire RAT Check-in 2 (malware.rules)
2025036 - ET MALWARE Netwire RAT Check-in 2 (malware.rules)
2029477 - ET MALWARE Netwire RAT Check-in (set) (malware.rules)
2037965 - ET HUNTING HTTP GET Request XOR Key 01 (hunting.rules)
2037966 - ET HUNTING HTTP GET Request XOR Key 02 (hunting.rules)
2037967 - ET HUNTING HTTP GET Request XOR Key 03 (hunting.rules)
--- snip ---
2038216 - ET HUNTING HTTP GET Request XOR Key fd (hunting.rules)
2038217 - ET HUNTING HTTP GET Request XOR Key fe (hunting.rules)
2038218 - ET HUNTING HTTP GET Request XOR Key ff (hunting.rules)
2038219 - ET HUNTING HTTP POST Request XOR Key 01 (hunting.rules)
2038220 - ET HUNTING HTTP POST Request XOR Key 02 (hunting.rules)
2038221 - ET HUNTING HTTP POST Request XOR Key 03 (hunting.rules)
--- snip ---
2038471 - ET HUNTING HTTP POST Request XOR Key fd (hunting.rules)
2038472 - ET HUNTING HTTP POST Request XOR Key fe (hunting.rules)
2038473 - ET HUNTING HTTP POST Request XOR Key ff (hunting.rules)

[---] Removed rules: [---]

2852012 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.st CnC
Domain in DNS Lookup (mobile_malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
10 new OPEN, 12 new PRO (10 + 2). Win32/ErbiumStealer, CVE-2022-31656, Mirai, Others,