[***] Summary: [***]

32 new OPEN, 34 new PRO (32 + 2) Gamaredon, OSX/SHLAYER, Lazarus,
and SocGholish

Thanks @1ZRR4H and @StopMalvertisin

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038973 - ET MALWARE Gamaredon APT Backdoor Related Activity (malware.rules)
2038974 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038975 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038976 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038977 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038978 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038979 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038980 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038981 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038982 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038983 - ET MALWARE OSX/SHLAYER CnC Domain in DNS Lookup (malware.rules)
2038984 - ET MALWARE Golang/Webbfustator Related Domain in DNS
Lookup (xmlschemeformat .com) (malware.rules)
2038985 - ET MALWARE Golang/Webbfustator Related Domain in DNS
Lookup (updatesagent .com) (malware.rules)
2038986 - ET MALWARE Lazarus APT Related Domain in DNS Lookup
(digiboxes .us) (malware.rules)
2038987 - ET MALWARE TA444 Related Domain in DNS Lookup (onlinecloud
.cloud) (malware.rules)
2038988 - ET INFO Lockbit Ransomware Related Domain in DNS Lookup
(lockbitapt) (info.rules)
2038989 - ET MALWARE Lockbit Ransomware Related Domain in DNS Lookup
(ppaauuaa11232 .cc) (malware.rules)
2038990 - ET INFO Observed URL Shortener Service Domain (zshorten
.com in TLS SNI) (info.rules)
2038991 - ET INFO Observed URL Shortener Service Domain Domain (zii
.to in TLS SNI) (info.rules)
2038992 - ET INFO URL Shortener Service Domain DNS Lookup (zshorten
.com) (info.rules)
2038993 - ET INFO URL Shortener Service Domain DNS Lookup (zii .to)
(info.rules)
2038994 - ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain (info.rules)
2038995 - ET INFO DYNAMIC_DNS Query to didns .ru Domain (info.rules)
2038996 - ET PHISHING Generic Credential Phish Landing Page
2022-09-26 (phishing.rules)
2038997 - ET PHISHING Successful Generic Credential Phish 2022-09-26
(phishing.rules)
2038998 - ET MALWARE Win32/Logger RAT CnC Checkin (malware.rules)
2038999 - ET MALWARE Win32/Spy.Delf.QTL Data Exfiltration Attempt
(malware.rules)
2039000 - ET MALWARE Maldoc CnC Checkin (malware.rules)
2039001 - ET MALWARE SocGholish CnC Domain in DNS Lookup (jobs
.registermegod .online) (malware.rules)
2039002 - ET MALWARE SocGholish Domain in DNS Lookup (logistics
.socialtrendsmanagement .com) (malware.rules)
2039003 - ET MALWARE SocGholish Domain in DNS Lookup (football
.4tosocial .com) (malware.rules)
2039004 - ET MALWARE SocGholish Domain in DNS Lookup (memorial
.4tosocialprofessional .com) (malware.rules)

Pro:

2852402 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-09 1) (coinminer.rules)
2852403 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-09 2) (coinminer.rules)

[///] Modified active rules: [///]

2038898 - ET MALWARE Golang/Webbfustator DNS Tunneling Activity
(malware.rules)
2038917 - ET MALWARE Win32/RecordBreaker CnC Checkin - Server
Response M2 (malware.rules)
2823044 - ETPRO MALWARE W32.Dreambot Checkin (malware.rules)

Date:
Summary title:
32 new OPEN, 34 new PRO (32 + 2) Gamaredon, OSX/SHLAYER, Lazarus, and SocGholish