Daily Ruleset Update Summary 2022/10/03

trobinson667 · October 3, 2022, 9:24pm

Summary:

6 new OPEN, 12 new PRO (6 + 6) Webshell activity, VBA/subdoc.B,
Various phishing and Various coinminers.

Thanks @GossiTheDog, @testanull, @moodYmOnster8, @BroadcomSW, @AhnLab_SecuInfo

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

Added rules:

Open:

2039079 - ET WEB_SERVER Suspected Generic Webshell Activity (Outbound) (web_server.rules)
2039080 - ET ATTACK_RESPONSE VBA/Subdoc.B Obfuscated Payload Inbound (attack_response.rules)
2039081 - ET PHISHING Generic Credential Phish Landing Page 2022-10-03 (phishing.rules)
2039082 - ET PHISHING Successful Microsoft Outlook Credential Phish 2022-10-03 (phishing.rules)
2039083 - ET PHISHING Microsoft Excel Credential Phish Landing Page 2022-10-03 (phishing.rules)
2039084 - ET MALWARE TA569 Obfuscated sczriptzzb JavaScript Inject (malware.rules)

Pro:

2852472 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-01 1) (coinminer.rules)
2852473 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-01 2) (coinminer.rules)
2852474 - ETPRO MALWARE Win32/Remcos RAT Checkin 840 (malware.rules)

Modified active rules:

2037138 - ET PHISHING Sendinblue Credential Phish Landing Page 2022-06-28 (phishing.rules)
2037832 - ET PHISHING Generic Credential Phish Landing Page 2022-07-26 (phishing.rules)
2037833 - ET PHISHING Successful Generic Credential Phish Landing Page 2022-07-26 (phishing.rules)
2037869 - ET PHISHING Facebook Credential Phish Landing Page 2022-07-29 (phishing.rules)
2037872 - ET PHISHING Facebook Credential Phish Landing Page M1 2022-08-01 (phishing.rules)
2037873 - ET PHISHING Successful Facebook Credential Phish 2022-08-01 (phishing.rules)
2037874 - ET PHISHING Facebook Credential Phish Landing Page M2 2022-08-01 (phishing.rules)
2038580 - ET PHISHING Facebook Credential Phish Landing Page 2022-08-22 (phishing.rules)
2038581 - ET PHISHING PUBG Credential Phish Landing Page 2022-08-22 (phishing.rules)
2038598 - ET PHISHING Successful Generic Credential Phish 2022-08-23 (phishing.rules)
2038599 - ET PHISHING Generic Credential Phish Landing Page 2022-08-23 (phishing.rules)
2038631 - ET PHISHING Successful Generic Credential Phish 2022-08-26 (phishing.rules)
2038632 - ET PHISHING Successful Telstra Credential Phish 2022-08-26 (phishing.rules)
2038662 - ET PHISHING Union Bank Credential Phish Landing Page 2022-08-29 (phishing.rules)
2039020 - ET PHISHING Generic Credential Phish Landing Page M1 2022-09-28 (phishing.rules)
2039021 - ET PHISHING Generic Credential Phish Landing Page M2 2022-09-28 (phishing.rules)
2039065 - ET EXPLOIT Microsoft Exchange Remote Code Execution Attempt (CVE-2022-41040, CVE-2022-41082) (exploit.rules)
2839926 - ETPRO MALWARE Banload Variant Credential Phish 2019-12-16 (malware.rules)
2848734 - ETPRO PHISHING Successful Generic Credential Phish 2021-05-26 (phishing.rules)

Modified inactive rules:

2820036 - ETPRO PHISHING Generic Email Credential Phish Landing Page 2016-06-03 (phishing.rules)
2820037 - ETPRO PHISHING Successful Generic Email Credential Phish May 3 (phishing.rules)

Topic	Replies	Views
Daily Ruleset Update Summary 2022/10/14 Ruleset Updates	143	October 14, 2022
Ruleset Update Summary - 2022/11/23 - v10180 Ruleset Updates	270	November 23, 2022
Ruleset Update Summary - 2022/12/19 - v10199 Ruleset Updates	350	December 19, 2022
Ruleset Update Summary - 2022/12/20 - v10200 Ruleset Updates	360	December 20, 2022
Ruleset Update Summary - 2023/09/06 - v10411 Ruleset Updates	278	September 6, 2023

Daily Ruleset Update Summary 2022/10/03

Related topics