Summary:
9 new OPEN, 15 new PRO (9 + 6) DonotGroup, Comm100, TA569, and
Various Coinminers
Thanks @Crowdstrike
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
Added rules:
Open:
2039085 - ET MALWARE DonotGroup Pult Downloader Activity (POST) M2 (malware.rules)
2039086 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (amazonawsreplay .com) (malware.rules)
2039087 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (microsoftfileapis .com) (malware.rules)
2039088 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (windowstearns .com) (malware.rules)
2039089 - ET ATTACK_RESPONSE JS/Comm100 Trojan Backdoor Inbound (attack_response.rules)
2039090 - ET ATTACK_RESPONSE JS/Comm100 Trojan CnC Payload Inbound (attack_response.rules)
2039091 - ET INFO Baidu MiniDownloader System Fingerprint Exfiltration (info.rules)
2039092 - ET MALWARE TA569 Domain in DNS Lookup (gloogletag .com) (malware.rules)
2039093 - ET MALWARE TA569 Domain in DNS Lookup (brocode3s .com) (malware.rules)
Pro:
2852478 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-04 1) (coinminer.rules)
2852479 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-04 2) (coinminer.rules)
2852480 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-04 3) (coinminer.rules)
2852483 - ETPRO USER_AGENTS Suspicious User-Agent (mozilla firefox) (user_agents.rules)