[***] Summary: [***]

6 new OPEN, 11 new PRO (6 + 5). HZ RAT, Various APT and Phishing.

Thanks @DCSO_CyTec, @ahnlab

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2039799 - ET MALWARE Win32/Corrempa/HZRAT CnC Checkin (malware.rules)
2039800 - ET MALWARE Suspected Bitter APT Related Activity (malware.rules)
2039801 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
2039802 - ET MALWARE Kimsuky CnC Domain (jojoa .mypressonline .com)
Observed in DNS Query (malware.rules)
2039803 - ET MALWARE Kimsuky CnC Domain (okihs .mypressonline .com)
Observed in DNS Query (malware.rules)
2039804 - ET INFO Observed Free Hosting Domain (mypressonline .com)
in DNS Lookup (info.rules)

Pro:

2852826 - ETPRO PHISHING Successful Netflix Phish 2022-11-17 (phishing.rules)
2852827 - ETPRO PHISHING Successful Generic Phish 2022-11-17 (phishing.rules)
2852828 - ETPRO PHISHING Successful Generic Phish 2022-11-17 (phishing.rules)
2852829 - ETPRO PHISHING Successful Microsoft Phish 2022-11-17
(phishing.rules)
2852832 - ETPRO MALWARE Phishing Domain in DNS Lookup (malware.rules)

[///] Modified active rules: [///]

2035803 - ET MALWARE Observed DNS Query to TA455 Domain
(careers-finder .com) (malware.rules)
2822116 - ETPRO MALWARE Loda Logger CnC Beacon (malware.rules)

[---] Removed rules: [---]

2035461 - ET INFO Tor Proxy Domain in DNS Lookup (onion .pet) (info.rules)
2035823 - ET MALWARE Observed DNS Query to TA455 Domain
(careers-finder .com) (malware.rules)
2036909 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2038545 - ET MALWARE Observed DNS Query to TA444 Domain (fclouddown
.co) (malware.rules)
2843065 - ETPRO MALWARE Win32/Corrempa CnC Checkin (malware.rules)