[***] Summary: [***]

0 new OPEN, 11 new PRO (0 + 11). Coin Miners, Various Android.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Pro:

2852288 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJY CnC Domain in DNS
Lookup (mobile_malware.rules)
2852289 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.kh CnC
Domain in DNS Lookup (mobile_malware.rules)
2852290 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.gg CnC
Domain in DNS Lookup (mobile_malware.rules)
2852291 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin
(mobile_malware.rules)
2852292 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin 2
(mobile_malware.rules)
2852293 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin 3
(mobile_malware.rules)
2852294 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin 4
(mobile_malware.rules)
2852295 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin 5
(mobile_malware.rules)
2852296 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-03 1) (coinminer.rules)
2852297 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-03 2) (coinminer.rules)
2852298 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-03 3) (coinminer.rules)

[///] Modified active rules: [///]

2038670 - ET INFO HTTP Request to Free Hosting Domain (*.ct8 .pl)
(info.rules)

[---] Disabled and modified rules: [---]

2037932 - ET ADWARE_PUP Observed DNS Query to Restoro PUP Domain (restoro
.com) (adware_pup.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team