[***] Summary: [***]

28 new OPEN, 29 new PRO (28 +1) CVE-2022-36804, TA444 Domains,
SocGholish and Remcos.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038930 - ET EXPLOIT Atlassian Bitbucket CVE-2022-36804 Exploit
Attempt (exploit.rules)
2038931 - ET HUNTING Windows Commands and Variables in DNS Reply
(hunting.rules)
2038932 - ET CURRENT_EVENTS GitHub/CicleCI Themed Phishing Domain in
DNS Lookup (circle-ci .com) (current_events.rules)
2038933 - ET CURRENT_EVENTS GitHub/CicleCI Themed Phishing Domain in
DNS Lookup (emails-circleci .com) (current_events.rules)
2038934 - ET CURRENT_EVENTS GitHub/CicleCI Themed Phishing Domain in
DNS Lookup (circle-cl .com) (current_events.rules)
2038935 - ET CURRENT_EVENTS GitHub/CicleCI Themed Phishing Domain in
DNS Lookup (email-circleci .com) (current_events.rules)
2038936 - ET MALWARE Observed TA444 Domain (tptf .fund in TLS SNI)
(malware.rules)
2038937 - ET MALWARE Observed TA444 Domain (docs .azurehosting .co
in TLS SNI) (malware.rules)
2038938 - ET MALWARE Observed TA444 Domain (team .msteam .biz in TLS
SNI) (malware.rules)
2038939 - ET MALWARE Observed TA444 Domain (share .anobaka .info in
TLS SNI) (malware.rules)
2038940 - ET MALWARE Observed TA444 Domain (smbcgroup .us in TLS
SNI) (malware.rules)
2038941 - ET MALWARE Observed TA444 Domain (perseus .bond in TLS
SNI) (malware.rules)
2038942 - ET MALWARE Observed TA444 Domain (docuprivacy .com in TLS
SNI) (malware.rules)
2038943 - ET MALWARE Observed TA444 Domain (privacysign .org in TLS
SNI) (malware.rules)
2038944 - ET MALWARE Observed TA444 Domain (mizuhogroup .us in TLS
SNI) (malware.rules)
2038945 - ET MALWARE Observed TA444 Domain (ms .onlineshares .cloud
in TLS SNI) (malware.rules)
2038946 - ET MALWARE Observed TA444 Domain (tptf .cloud in TLS SNI)
(malware.rules)
2038947 - ET MALWARE Win32/Cryptbot V2 Data Exfiltration Attempt
(malware.rules)
2038948 - ET MALWARE SocGholish Domain in DNS Lookup (casting
.faeryfox .com) (malware.rules)
2038949 - ET MALWARE SocGholish Domain in DNS Lookup (predator
.foxscalesjewelry .com) (malware.rules)
2038950 - ET MALWARE SocGholish Domain in DNS Lookup (amplifier
.myjesusloves .me) (malware.rules)
2038951 - ET MALWARE SocGholish Domain in DNS Lookup (loans
.mistakenumberone .com) (malware.rules)
2038952 - ET MALWARE SocGholish Domain in DNS Lookup (restructuring
.breatheinnew .life) (malware.rules)
2038953 - ET MALWARE SocGholish Domain in DNS Lookup (prompt
.zonashoppers .academy) (malware.rules)
2038954 - ET MALWARE SocGholish Domain in DNS Lookup (hair .2topost
.com) (malware.rules)
2038955 - ET MALWARE SocGholish Domain in DNS Lookup (custom
.usmuchmedia .com) (malware.rules)
2038956 - ET MALWARE SocGholish CnC Domain in DNS Lookup (moments
.abledity .com) (malware.rules)
2038957 - ET MALWARE SocGholish Domain in DNS Lookup (notes
.fumcpittsburg .org) (malware.rules)

Pro:

2852396 - ETPRO MALWARE Win32/Remcos RAT Checkin 838 (malware.rules)

[///] Modified active rules: [///]

2031251 - ET MALWARE Possible SombRAT Initial DNS Lookup (malware.rules)

Date:
Summary title:
28 new OPEN, 29 new PRO (28 +1) CVE-2022-36804, TA444 Domains, SocGholish and Remcos.