[***] Summary: [***]

17 new OPEN, 23 new PRO (17 + 6). OSX/SHLAYER, Various BeEF
Framework, Win32/TrojanDownloader.Delf Variant, PyPI and Android.

Thanks @Hamburgler7, @ankit_anubhav, @k7computing and @CyberArk

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038612 - ET MALWARE OSX/SHLAYER CnC Activity M2 (malware.rules)
2038613 - ET MALWARE Possible OSX/SHLAYER Checkin M2 (malware.rules)
2038614 - ET WEB_CLIENT BeEF Cookie (BEEFHOOK) (web_client.rules)
2038615 - ET WEB_CLIENT BeEF Style Request (GET) (web_client.rules)
2038616 - ET WEB_CLIENT BeEF Framework Comment In Response (web_client.rules)
2038617 - ET MALWARE Win32/Matanbuchus Loader Activity (POST) (malware.rules)
2038618 - ET MALWARE Win32/TrojanDownloader.Delf_AGen.R System
Profile Exfil (malware.rules)
2038619 - ET MALWARE Win32/TrojanDownloader.Delf_AGen.R Payload
Request (malware.rules)
2038620 - ET MALWARE Win32/Filecoder.GC CnC Credentials Exfil (malware.rules)
2038621 - ET PHISHING PyPI Successful Credential Harvesting Attempt
(phishing.rules)
2038622 - ET MALWARE PyPI Malicious Library Update Payload Checkin
(malware.rules)
2038623 - ET MALWARE PyPI Phishing/Malware Data Exfiltration Domain
(linkedopports .com) in DNS Lookup (malware.rules)
2038624 - ET MALWARE Observed PyPI Phishing/Malicious Library Data
Exfiltration Domain (linkedopports .com) in TLS SNI (malware.rules)
2038625 - ET MALWARE PyPI Malicious Library Payload Delivery Domain
(python-release .com) in DNS Lookup (malware.rules)
2038626 - ET MALWARE Observed PyPI Malicious Library Payload
Delivery Domain (python-release .com) in TLS SNI (malware.rules)
2038627 - ET ADWARE_PUP pdfspeedup Initial CnC Checkin (adware_pup.rules)
2038628 - ET ADWARE_PUP pdfspeedup Keep-Alive (adware_pup.rules)

Pro:

2852194 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Dougalek.a
Checkin (mobile_malware.rules)
2852195 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c CnC
Domain in DNS Lookup (mobile_malware.rules)
2852196 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.c CnC
Domain in DNS Lookup (mobile_malware.rules)
2852197 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.AYW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852198 - ETPRO MOBILE_MALWARE Android/Agent.CZB Checkin
(mobile_malware.rules)
2852199 - ETPRO MALWARE Win32/Remcos RAT Checkin 830 (malware.rules)

Date:
Summary title:
17 new OPEN, 23 new PRO (17 + 6). OSX/SHLAYER, Various BeEF Framework, Win32/TrojanDownloader.Delf Variant, PyPI and Android.