[***] Summary: [***]
20 new OPEN, 30 new PRO (20 + 10) Win.Backdoor.Kolobko, Arkei
Variant, CopperStealer, Remcos and Others.
Thanks @TalosSecurity, @TrendMicro
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2038508 - ET MALWARE Win.Backdoor.Kolobko-9950676-0 Retrieving CnC
Commands (malware.rules)
2038509 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (mycisco-helpdesk .ml) (malware.rules)
2038510 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (ciscovpn2 .com) (malware.rules)
2038511 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (primecisco .com) (malware.rules)
2038512 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (cisco-helpdesk .cf) (malware.rules)
2038513 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (ciscovpn1 .com) (malware.rules)
2038514 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (mycisco .cf) (malware.rules)
2038515 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (pwresetcisco .com) (malware.rules)
2038516 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (devcisco .com) (malware.rules)
2038517 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (ciscovpn3 .com) (malware.rules)
2038518 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (cisco-help .cf) (malware.rules)
2038519 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (mycisco .gq) (malware.rules)
2038520 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (helpzonecisco .com) (malware.rules)
2038521 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (devciscoprograms .com) (malware.rules)
2038522 - ET MALWARE Observed DNS Query to Win.Backdoor.Kolobko
Domain in DNS Lookup (kazaboldu .net) (malware.rules)
2038523 - ET MALWARE Arkei/Vidar/Mars Stealer Variant CnC checkin
commands (malware.rules)
2038524 - ET MALWARE Arkei/Vidar/Mars Stealer Variant DLL GET
Request (malware.rules)
2038525 - ET MALWARE Arkei/Vidar/Mars Stealer Variant Data
Exfiltration Attempt (malware.rules)
2038526 - ET MALWARE Win32/CopperStealer CnC Domain
(ec083aa56dc0449a .com) in DNS Lookup (malware.rules)
2038527 - ET MALWARE Win32/VB.QTV CnC Checkin (malware.rules)
Pro:
2852085 - ETPRO MALWARE W32/Kryptik.EQBM!tr CnC Activity (malware.rules)
2852086 - ETPRO MALWARE Win32/TrojanDownloader.Delf.CIG CnC Activity
(malware.rules)
2852087 - ETPRO MALWARE Win32/Remcos RAT Checkin 827 (malware.rules)
2852088 - ETPRO PHISHING Successful Generic Phish - Bank Credentials
2022-08-15 (phishing.rules)