[***] Summary: [***]

8 new OPEN, 14 new PRO (8 + 6) JSSLoader, Shuckworm, Android Banker
and various CoinMiners.

Thanks @Malwarebytes @Symantec

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038567 - ET INFO Observed DNS Query to Remote Utilities Domain (info.rules)
2038568 - ET INFO URL Shortener Service Domain in DNS Lookup (cutt
.ly) (info.rules)
2038569 - ET INFO Observed URL Shortener Service Domain (cutt .ly in
TLS SNI) (info.rules)
2038570 - ET ADWARE_PUP Win32/Swjoy.A Telemetry Checkin (adware_pup.rules)
2038571 - ET MALWARE Shuckworm Backdoor Screenshot Upload Attempt
(malware.rules)
2038572 - ET MALWARE JSSLoader CnC Domain
(essentialsmassageanddayspa .com) in DNS Lookup (malware.rules)
2038573 - ET MALWARE Observed JSSLoader Domain
(essentialsmassageanddayspa .com) in TLS SNI (malware.rules)
2038574 - ET MALWARE JSSLoader Initial Checkin (malware.rules)

Pro:

2852105 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Basdoor.c CnC
Domain in DNS Lookup (mobile_malware.rules)
2852106 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Bray.n CnC
Domain in DNS Lookup (mobile_malware.rules)
2852107 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Anubis.t CnC
Domain in DNS Lookup (mobile_malware.rules)
2852108 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.ap
Checkin (mobile_malware.rules)
2852109 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.ap
Checkin 2 (mobile_malware.rules)
2852110 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-18 1) (coinminer.rules)

[///] Modified active rules: [///]

2024291 - ET MALWARE Possible WannaCry DNS Lookup 1 (malware.rules)
2024293 - ET MALWARE Possible WannaCry DNS Lookup 2 (malware.rules)
2024294 - ET MALWARE Possible WannaCry DNS Lookup 3 (malware.rules)
2024295 - ET MALWARE Possible WannaCry DNS Lookup 4 (malware.rules)
2024296 - ET MALWARE Possible WannaCry DNS Lookup 5 (malware.rules)