[***] Summary: [***]
0 new OPEN, 11 new PRO (0 + 11). Coin Miners, Various Android.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Pro:
2852288 - ETPRO MOBILE_MALWARE Android/Spy.Banker.AJY CnC Domain in DNS
Lookup (mobile_malware.rules)
2852289 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.kh CnC
Domain in DNS Lookup (mobile_malware.rules)
2852290 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.gg CnC
Domain in DNS Lookup (mobile_malware.rules)
2852291 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin
(mobile_malware.rules)
2852292 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin 2
(mobile_malware.rules)
2852293 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin 3
(mobile_malware.rules)
2852294 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin 4
(mobile_malware.rules)
2852295 - ETPRO MOBILE_MALWARE Android/Spy.AndroRAT.AH Checkin 5
(mobile_malware.rules)
2852296 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-03 1) (coinminer.rules)
2852297 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-03 2) (coinminer.rules)
2852298 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-03 3) (coinminer.rules)
[///] Modified active rules: [///]
2038670 - ET INFO HTTP Request to Free Hosting Domain (*.ct8 .pl)
(info.rules)
[---] Disabled and modified rules: [---]
2037932 - ET ADWARE_PUP Observed DNS Query to Restoro PUP Domain (restoro
.com) (adware_pup.rules)
---------------------------------------
James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team