Daily Ruleset Update Summary 2022/08/11

dkaczmark · August 12, 2022, 11:41am

[] Summary: []

17 new OPEN, 25 new PRO (17 + 8). Win32/RecordBreaker, Win32/Lilith Stealer, Others.

Thanks @Unit42_Intel, @kienbigmummy, @evilcel3ri

Please share issues, feedback, and requests at Feedback

[+++] Added rules: [+++]

Open:

2038485 - ET MALWARE Win32/RecordBreaker - Observed UA M1 (malware.rules)
2038486 - ET MALWARE Win32/RecordBreaker - Observed UA M2 (malware.rules)
2038487 - ET MALWARE Win32/RecordBreaker - Library Request (malware.rules)
2038488 - ET INFO URL Shortening/Redirect Service Domain (clik .rip in TLS SNI) (info.rules)
2038489 - ET INFO URL Shortening/Redirect Service Domain in DNS Lookup (clik .rip) (info.rules)
2038490 - ET WEB_SERVER Suspected China Chopper Variant Webshell Command (inbound) (web_server.rules)
2038491 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (combinedresidency .org) (malware.rules)
2038492 - ET MALWARE Observed DNS Query to ROMCOM RAT Domain (optasko .com) (malware.rules)
2038493 - ET MALWARE Win32/Korplug.HQ CnC Activity (malware.rules)
2038494 - ET HUNTING Possible Fake 404 Credential Phish Landing Page (hunting.rules)
2038495 - ET HUNTING Possible Phish with cazanova= Cookie (hunting.rules)
2038496 - ET MALWARE Win32/Lilith Stealer getFile Command (malware.rules)
2038497 - ET MALWARE Win32/Lilith Stealer registerBot CnC Checkin (malware.rules)
2038498 - ET MALWARE Win32/Lilith Stealer getCommands Command (malware.rules)
2038499 - ET MALWARE Win32/Lilith Stealer uploadFile Data Exfiltration Attempt (malware.rules)
2038500 - ET MALWARE Win32/Packed.BlackMoon.A CnC Checkin (malware.rules)
2038501 - ET HUNTING Possible Obfuscator io JavaScript Obfuscation (hunting.rules)

Pro:

2852072 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-08-11 1) (coinminer.rules)
2852073 - ETPRO PHISHING Successful Generic Credential Phish M1 2022-08-11 (phishing.rules)
2852074 - ETPRO PHISHING Successful Generic Credential Phish M2 2022-08-11 (phishing.rules)
2852075 - ETPRO PHISHING Generic Credential Phish Landing Page 2022-08-11 (phishing.rules)

[///] Modified active rules: [///]

2018141 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz (malware.rules)
2030231 - ET MALWARE OSX/SHLAYER CnC Checkin (malware.rules)
2036934 - ET MALWARE Win32/RecordBreaker CnC Checkin M1 (malware.rules)
2037274 - ET MALWARE Win32/RecordBreaker Checkin M2 (malware.rules)
2037771 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst (malware.rules)
2038478 - ET INFO URL Shortening/Redirect Service Domain in DNS Lookup (cutit .org) (info.rules)

Topic	Replies	Views
Daily Ruleset Update Summary 2022/09/28 Ruleset Updates	133	September 28, 2022
Daily Ruleset Update Summary 2022/10/05 Ruleset Updates	169	October 5, 2022
Daily Ruleset Update Summary 2022\10\07 Ruleset Updates	82	October 7, 2022
Daily Ruleset Update Summary 2022/09/19 Ruleset Updates	132	September 19, 2022
Daily Ruleset Update Summary 2022/09/29 Ruleset Updates	107	September 29, 2022

Daily Ruleset Update Summary 2022/08/11

Related topics