[***] Summary: [***]

13 new OPEN, 17 new PRO (13 + 4) Shuckworm, RShell, CoinMineres and
ActionLoader

Thanks @TrendMicro @sekoia_io @symantec

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038528 - ET INFO Observed DNS Query to Pastebin-style Service
(pasteio .com) (info.rules)
2038529 - ET INFO Observed Pastebin-style Service Domain (pasteio
.com in TLS SNI) (info.rules)
2038530 - ET MALWARE Shuckworm CnC Domain (leonardis .ru) in DNS
Lookup (malware.rules)
2038531 - ET MALWARE Shuckworm CnC Domain (destroy .asierdo .ru) in
DNS Lookup (malware.rules)
2038532 - ET MALWARE Shuckworm CnC Domain (heato .ru) in DNS Lookup
(malware.rules)
2038533 - ET MALWARE Shuckworm CnC Domain (motoristo .ru) in DNS
Lookup (malware.rules)
2038534 - ET MALWARE Shuckworm CnC Domain (a0698649 .xsph .ru) in
DNS Lookup (malware.rules)
2038535 - ET MALWARE Shuckworm CnC Domain (pasamart .ru) in DNS
Lookup (malware.rules)
2038536 - ET MALWARE RShell Backdoor Keepalive (malware.rules)
2038537 - ET MALWARE RShell CnC Domain (linux .updatelive-oline
.com) in DNS Lookup (malware.rules)
2038538 - ET MALWARE RShell CnC Domain (time .ntp-server .asia) in
DNS Lookup (malware.rules)
2038539 - ET MALWARE RShell CnC Domain (center .veryssl .org) in DNS
Lookup (malware.rules)
2038540 - ET MALWARE RShell Backdoor Initial CnC Checkin (malware.rules)

Pro:

2852095 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-16 1) (coinminer.rules)
2852096 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-16 2) (coinminer.rules)
2852097 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-16 3) (coinminer.rules)
2852098 - ETPRO MALWARE ActionLoader CnC Activity (malware.rules)

[///] Modified active rules: [///]

2021203 - ET MALWARE Possible Deep Panda - Sakula/Mivast RAT CnC
Beacon 5 (malware.rules)
2807970 - ETPRO MALWARE Win32/Neurevt.A/Betabot Checkin 3 (malware.rules)