[***] Summary: [***]

9 new OPEN, 16 new PRO (9 + 7). Win32/Orchard, Win32/Disques, Others.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038726 - ET USER_AGENTS Suspicious User-Agent (Testing)
(user_agents.rules)
2038727 - ET MALWARE Win32/VictoryGate/Orchard Botnet CnC Checkin
(malware.rules)
2038728 - ET MALWARE Win32/Orchard Botnet Activity (malware.rules)
2038729 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (dofixifa
.co) (malware.rules)
2038731 - ET USER_AGENTS Suspicious User-Agent (xfilesreborn)
(user_agents.rules)
2038732 - ET MALWARE Win32.Stealer.alwu Data Exfiltration Attempt
(malware.rules)
2038733 - ET INFO External IP Address Lookup Domain (eth0 .me) in DNS
Lookup (info.rules)
2038734 - ET INFO External IP Address Lookup Domain (ifconfig .pro) in
DNS Lookup (info.rules)
2038735 - ET MALWARE Win32/Sabsik.EN.D!ml CnC Checkin (malware.rules)

Pro:

2852281 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-31 1) (coinminer.rules)
2852282 - ETPRO MALWARE Win32/Disques CnC Host Fingerprint Exfil
(malware.rules)
2852283 - ETPRO MALWARE Win32/Disques CnC Activity (malware.rules)
2852284 - ETPRO MALWARE MSIL/GenKryptik.FUAO CnC Activity (malware.rules)
2852285 - ETPRO MALWARE MSIL/GenKryptik.FUAO CnC Response (File saved
successfully) (malware.rules)

[---] Removed rules: [---]

2805481 - ETPRO USER_AGENTS Suspicious User-Agent (Testing)
(user_agents.rules)
2849856 - ETPRO MALWARE Win32/Orchard Botnet Activity (malware.rules)
2850253 - ETPRO MALWARE Win32/VictoryGate CnC Checkin (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team