[***] Summary: [***]

3 new OPEN, 4 new PRO (3 + 1). Restylinnk, Qbot.

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2042956 - ET EXPLOIT Observed Mirai/Gafgyt Post Brute Force Activity
(GET) (exploit.rules)
2042957 - ET MALWARE Observed Malicious Mustang Panda APT Related SSL
Cert (File Transfer Service) (malware.rules)
2042958 - ET MALWARE Win32/PSW.LdPinch CnC Checkin (malware.rules)

Pro:

2852956 - ETPRO PHISHING Successful Wells Fargo Credential Phish
2022-12-16 (phishing.rules)

[///] Modified active rules: [///]

2036603 - ET MALWARE Restylink Domain in DNS Lookup (differentfor .com)
(malware.rules)
2036604 - ET MALWARE Restylink Domain in DNS Lookup (mbusabc .com)
(malware.rules)
2036605 - ET MALWARE Restylink Domain in DNS Lookup (disknxt .com)
(malware.rules)
2036606 - ET MALWARE Restylink Domain in DNS Lookup (officehoster .com)
(malware.rules)
2036607 - ET MALWARE Restylink Domain in DNS Lookup (spffusa .org)
(malware.rules)
2036608 - ET MALWARE Restylink Domain in DNS Lookup (sseekk .xyz)
(malware.rules)
2036609 - ET MALWARE Restylink Domain in DNS Lookup (youmiuri .com)
(malware.rules)
2852953 - ETPRO MALWARE Qbot Style Payload Request (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team