[***] Summary: [***]

12 new OPEN, 13 new PRO (12 + 1). Win32/GRAT2, Parrot TDS, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038541 - ET MALWARE Win32/GRAT2 Client CnC Checkin (malware.rules)
2038542 - ET MALWARE Observed DNS Query to TA444 Domain (cooporatestock
.com) (malware.rules)
2038543 - ET MALWARE Observed DNS Query to TA444 Domain (finxiio .com)
(malware.rules)
2038544 - ET MALWARE Observed DNS Query to TA444 Domain (1drvmicrosoft
.com) (malware.rules)
2038545 - ET MALWARE Observed DNS Query to TA444 Domain (fclouddown .co)
(malware.rules)
2038546 - ET MALWARE Observed DNS Query to TA444 Domain (ledger-cloud
.com) (malware.rules)
2038547 - ET MALWARE Observed DNS Query to TA444 Domain (globiscapital
.co) (malware.rules)
2038548 - ET MALWARE Observed DNS Query to TA444 Domain (wpsonline .co)
(malware.rules)
2038549 - ET MALWARE Win32/GRAT2 Client Data Exfil (malware.rules)
2038550 - ET MALWARE Parrot TDS Check (malware.rules)
2038551 - ET MALWARE Parrot TDS Cleared Response (malware.rules)
2038552 - ET MALWARE Parrot TDS Malicious Response (malware.rules)

Pro:

2852099 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-17 1) (coinminer.rules)

[///] Modified active rules: [///]

2833525 - ETPRO MALWARE Win32/Snowdrop CnC Beacon (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team