[***] Summary: [***]

15 new OPEN, 20 new PRO (15 + 5)

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038495 - ET PHISHING Possible Phish with cazanova= Cookie
(phishing.rules)
2038553 - ET ADWARE_PUP CoinSurf Proxy CnC Response (adware_pup.rules)
2038554 - ET ADWARE_PUP CoinSurf Proxy Client Registration
(adware_pup.rules)
2038555 - ET ADWARE_PUP CoinSurf Proxy Client Login (adware_pup.rules)
2038556 - ET ADWARE_PUP CoinSurf Proxy CnC Response (Refesh Token)
(adware_pup.rules)
2038557 - ET ADWARE_PUP CoinSurf Proxy CnC Response (Network
Configuration) (adware_pup.rules)
2038558 - ET MALWARE Observed DNS Query to UNC3890 Domain (pfizerpoll
.com) (malware.rules)
2038559 - ET MALWARE Observed DNS Query to UNC3890 Domain (naturaldolls
.store) (malware.rules)
2038560 - ET MALWARE Observed DNS Query to UNC3890 Domain (rnfacebook
.com) (malware.rules)
2038561 - ET MALWARE Observed DNS Query to UNC3890 Domain (xxx-doll .com)
(malware.rules)
2038562 - ET MALWARE Observed DNS Query to UNC3890 Domain (celebritylife
.news) (malware.rules)
2038563 - ET MALWARE Observed DNS Query to UNC3890 Domain
(office365update .live) (malware.rules)
2038564 - ET MALWARE Observed DNS Query to UNC3890 Domain (fileupload
.shop) (malware.rules)
2038565 - ET MALWARE CargoBay User-Agent (malware.rules)
2038566 - ET PHISHING Successful OWA Phish 2022-08-17 (phishing.rules)

Pro:

2852100 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFX CnC Domain
in DNS Lookup (mobile_malware.rules)
2852101 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFX CnC Domain
in DNS Lookup (mobile_malware.rules)
2852102 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFX CnC Domain
in DNS Lookup (mobile_malware.rules)
2852103 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFX CnC Domain
in DNS Lookup (mobile_malware.rules)
2852104 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFX CnC Domain
in DNS Lookup (mobile_malware.rules)

[---] Removed rules: [---]

2038495 - ET HUNTING Possible Phish with cazanova= Cookie (hunting.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
15 new OPEN, 20 new PRO (15 + 5)