Daily Ruleset Update Summary 2022/09/27

trobinson667 · September 27, 2022, 10:18pm

Summary:

6 new OPEN, 55 new PRO (6 + 49) CVE-2022-35405, Erbium Stealer, Saint Stealer, TA402, and various Coinminers

Please share issues, feedback, and requests at https://feedback.emergingthreats.net

Added rules:

Open:

2039005 - ET EXPLOIT Possible Zoho ManageEngine RCE Attempt Inbound (CVE-2022-35405) (exploit.rules)
2039006 - ET MALWARE ErbiumStealer CnC Domain (mamamiya137 .ru) in DNS Lookup (malware.rules)
2039007 - ET MALWARE ErbiumStealer CnC Domain (www .f0679086 .xsph .ru) in DNS Lookup (malware.rules)
2039008 - ET MALWARE Win32/SaintStealer Data Exfiltration Attempt M1 (malware.rules)
2039009 - ET MALWARE Win32/SaintStealer CnC Response (malware.rules)
2039010 - ET MALWARE SocGholish Domain in DNS Lookup (people .zonashoppers .com) (malware.rules)

Pro:

2852377 - ETPRO MALWARE MSIL/TrojanDownloader.Agent.NGX Payload Inbound (malware.rules)
2852385 - ETPRO MALWARE Win32/Delf.NBX CnC Response (malware.rules)
2852404 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 1) (coinminer.rules)
2852405 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 2) (coinminer.rules)
2852406 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 3) (coinminer.rules)
2852407 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 4) (coinminer.rules)
2852408 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 5) (coinminer.rules)
2852409 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 6) (coinminer.rules)
2852410 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 7) (coinminer.rules)
2852411 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 8) (coinminer.rules)
2852412 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 9) (coinminer.rules)
2852413 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 10) (coinminer.rules)
2852414 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 11) (coinminer.rules)
2852415 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 12) (coinminer.rules)
2852416 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 13) (coinminer.rules)
2852417 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 14) (coinminer.rules)
2852418 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 15) (coinminer.rules)
2852419 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 16) (coinminer.rules)
2852420 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 17) (coinminer.rules)
2852421 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 18) (coinminer.rules)
2852422 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 19) (coinminer.rules)
2852423 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 20) (coinminer.rules)
2852424 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 21) (coinminer.rules)
2852425 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 22) (coinminer.rules)
2852426 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 23) (coinminer.rules)
2852427 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 24) (coinminer.rules)
2852428 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 25) (coinminer.rules)
2852429 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 26) (coinminer.rules)
2852430 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 27) (coinminer.rules)
2852431 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 28) (coinminer.rules)
2852432 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 29) (coinminer.rules)
2852433 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 30) (coinminer.rules)
2852434 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 31) (coinminer.rules)
2852435 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 32) (coinminer.rules)
2852436 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 33) (coinminer.rules)
2852437 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 34) (coinminer.rules)
2852438 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 35) (coinminer.rules)
2852439 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 36) (coinminer.rules)
2852440 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 37) (coinminer.rules)
2852441 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 38) (coinminer.rules)
2852442 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 39) (coinminer.rules)
2852443 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 40) (coinminer.rules)
2852444 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 41) (coinminer.rules)
2852445 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 42) (coinminer.rules)
2852446 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 43) (coinminer.rules)
2852447 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-09-27 44) (coinminer.rules)
2852448 - ETPRO MALWARE MSIL/Vusrlize.A!MTB Yoserial Payload Request (malware.rules)
2852449 - ETPRO MALWARE Observed DNS Query to TA402 Domain (malware.rules)
2852450 - ETPRO MALWARE Fake Browser Update (malware.rules)

Modified active rules:

2030876 - ET MALWARE DNSBin Demo (requestbin .net) - Data Exfil M1 (malware.rules)
2037716 - ET MALWARE Win32/TrojanDownloader.AutoHK.MT CnC Checkin (malware.rules)
2038793 - ET MALWARE Win32/Wacapew.C!ml CnC Checkin (malware.rules)

Disabled and modified rules:

2037026 - ET MALWARE Win32.Banker Trojan CnC Checkin (malware.rules)
2851801 - ETPRO MALWARE PowerShell Script Fingerprinting Host System CnC Exfil (malware.rules)

Removed rules:

2852377 - ETPRO ATTACK_RESPONSE MSIL/TrojanDownloader.Agent.NGX Payload Inbound (attack_response.rules)
2852385 - ETPRO ATTACK_RESPONSE Win32/Delf.NBX CnC Response (attack_response.rules)

Topic	Replies	Views
Daily Ruleset Update Summary 2022/10/04 Ruleset Updates	74	October 4, 2022
Daily Ruleset Update Summary 2022/08/08 Ruleset Updates	194	August 9, 2022
Ruleset Update Summary - 2023/06/30 - v10362 Ruleset Updates	251	June 30, 2023
Daily Ruleset Update Summary 2022/10/14 Ruleset Updates	143	October 14, 2022
Ruleset Update Summary - 2023/09/06 - v10411 Ruleset Updates	278	September 6, 2023

Daily Ruleset Update Summary 2022/09/27

Related topics