[***] Summary: [***]
8 new OPEN, 10 new PRO (8 + 2) Bitter APT, Gamaredon, Qbot, BECU Phish
and Win32/Lypserat.O.
Thanks @AuCyble and @h2jazi
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
Open:
2038756 - ET INFO Temporary File Hosting Domain in TLS SNI (temp .sh)
(info.rules)
2038773 - ET MALWARE Bitter APT Related Domain in DNS Lookup
(signal-premium-app .org) (malware.rules)
2038774 - ET MALWARE Bitter APT Related Domain in DNS Lookup
(signalpremium .com) (malware.rules)
2038775 - ET MALWARE Bitter APT Related Domain in DNS Lookup
(youtubepremiumapp .com) (malware.rules)
2038776 - ET MALWARE Win32/Qbot CnC Activity M3 (POST) (malware.rules)
2038777 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2038778 - ET MALWARE Win32/Zegost!ml CnC Checkin (malware.rules)
2038779 - ET PHISHING Successful BECU Phish 2022-09-08 (phishing.rules)
Pro:
2852310 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-08 1) (coinminer.rules)
2852311 - ETPRO MALWARE Win32/Lypserat.O CnC Activity (malware.rules)
[---] Removed rules: [---]
2038756 - ET MALWARE Temporary File Hosting Domain in TLS SNI (temp .sh)
(malware.rules)