Daily Ruleset Update Summary 2022/10/05

trobinson667 · October 5, 2022, 9:28pm

Summary:

9 new OPEN, 10 new PRO (9 + 1) Malicious Browser Installer, XWorm
RAT, AllcomeClipper and TA569

Thanks @kaspersky @James_inthe_box @3xp0rtblog

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

Added rules:

Open:

2039094 - ET MALWARE Malicious Browser Installer Domain in DNS Lookup (torbrowser .io) (malware.rules)
2039095 - ET MALWARE Malicious Browser Installer Domain in DNS Lookup (tor-browser .io) (malware.rules)
2039096 - ET MALWARE Malicious Browser Installer Checkin (POST) (malware.rules)
2039097 - ET HUNTING PNG in HTTP POST (Outbound) (hunting.rules)
2039098 - ET MALWARE Observed DNS Query to XWorm RAT Domain (system6458 .ddns .net) (malware.rules)
2039099 - ET MALWARE AllcomeClipper CnC Domain (dba692117be7b6d3480fe5220fdd58b38bf .xyz) in DNS Lookup (malware.rules)
2039100 - ET MALWARE AllcomeClipper CnC Checkin (malware.rules)
2039101 - ET MALWARE TA569 Domain in DNS Lookup (pastukhova .com) (malware.rules)
2039102 - ET MALWARE TA569 Fake Browser Update Domain in DNS Lookup (profi-stom .com) (malware.rules)

Pro:

Modified active rules:

2039085 - ET MALWARE DonotGroup Pult Downloader Activity (POST) M2 (malware.rules)

Topic	Replies	Views
Daily Ruleset Update Summary 2022/09/28 Ruleset Updates	133	September 28, 2022
Daily Ruleset Update Summary 2022/08/11 Ruleset Updates	133	August 12, 2022
Ruleset Update Summary - 2023/01/05 - v10212 Ruleset Updates	304	January 5, 2023
Ruleset Update Summary - 2023/12/27 - v10494 Ruleset Updates	279	December 27, 2023
Ruleset Update Summary - 2023/02/23 - v10251 Ruleset Updates	388	February 23, 2023

Daily Ruleset Update Summary 2022/10/05

Related topics