[***] Summary: [***]

7 new OPEN, 8 new PRO (7 + 1)
GootLoader, Cobalt Strike, DolphinCape

Thanks @eSentire, @DidierStevens, @malware_traffic, @_CERT_UA

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2042536 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup
(aloyadakmashin .com) (malware.rules)
2042537 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup
(pejapezey .com) (malware.rules)
2042538 - ET MALWARE Cobalt Strike Related Activity (GET) (malware.rules)
2042539 - ET INFO Suspected Phishing Simulation Related Request
(GET) (info.rules)
2042540 - ET MALWARE Win32/DolphinCape Activity (POST) (malware.rules)
2042541 - ET MALWARE JS/GootLoader CnC Exfil (malware.rules)
2042542 - ET MALWARE Observed Pirate Stealer Domain in DNS Lookup
(socket .bby .gg) (malware.rules)

Pro:

2852934 - ETPRO MALWARE Win32/Pirate Stealer CnC Exfil (POST) (malware.rules)

[///] Modified active rules: [///]

2008987 - ET POLICY IP Check Domain (showip in HTTP Host) (policy.rules)
2848391 - ETPRO HUNTING Suspicious HTTP Header (URL) (hunting.rules)

[---] Disabled and modified rules: [---]

2038972 - ET MALWARE SocGholish Domain in DNS Lookup (tutorials
.girandolashutkindconstruction .com) (malware.rules)
2039002 - ET MALWARE SocGholish Domain in DNS Lookup (logistics
.socialtrendsmanagement .com) (malware.rules)
2039003 - ET MALWARE SocGholish Domain in DNS Lookup (football
.4tosocial .com) (malware.rules)
2039004 - ET MALWARE SocGholish Domain in DNS Lookup (memorial
.4tosocialprofessional .com) (malware.rules)
2039757 - ET MALWARE SocGholish Domain in DNS Lookup (automatic
.tworiversboats .com) (malware.rules)

---------------------------------------------------------