Summary:
13 new OPEN, 33 new PRO (13 + 20) Various Android/Spy, Various
Trojan-Spy.AndroidOS, Truebot/Silence.Downloader, Win32/RM3Loader,
Various Phishing, and Various Adware
Thanks @malwareforme @viriback @Slash30Miata
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
Added rules:
Open:
2039120 - ET MALWARE TrueBot/Silence.Downlaoder Screenshot Post M1 (malware.rules)
2039121 - ET MALWARE TrueBot/Silence.Downlaoder Screenshot Post M2 (malware.rules)
2039122 - ET MALWARE Win32/RM3Loader Activity (set) (malware.rules)
2039123 - ET MALWARE Observed DNS Query to DonotGroup Domain (stokpro .buzz) (malware.rules)
2039124 - ET USER_AGENTS Discord Bot User-Agent Observed (DiscordBot) (user_agents.rules)
2039125 - ET PHISHING DHL Credential Phish Landing Page 2022-10-07 (phishing.rules)
2039126 - ET PHISHING Binance Credential Phish Landing Page 2022-10-07 (phishing.rules)
2039127 - ET ADWARE_PUP Win32/Adware.WDJiange.A CnC Checkin M1 (adware_pup.rules)
2039128 - ET ADWARE_PUP Win32/Adware.Agent.NSF CnC Checkin M1 (adware_pup.rules)
2039129 - ET EXPLOIT ZKBioSecurity SQL Injection Attempt (CVE-2022-36635) (exploit.rules)
2039130 - ET MALWARE Win32/RM3Loader Server Response (malware.rules)
2039131 - ET PHISHING Successful Binance Credential Phish 2022-10-07 (phishing.rules)
2039132 - ET PHISHING Successful Outlook Phish 2022-10-06 (phishing.rules)
Pro:
2852507 - ETPRO MOBILE_MALWARE Android.Joker.1765 CnC Domain in DNS Lookup (mobile_malware.rules)
2852508 - ETPRO MOBILE_MALWARE Android.Joker.1765 CnC Beacon (mobile_malware.rules)
2852509 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Harly.p CnC Domain in DNS Lookup (mobile_malware.rules)
2852510 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Pletor.a Checkin (mobile_malware.rules)
2852511 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.IZL CnC Beacon (mobile_malware.rules)
2852512 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.IZL CnC Domain in DNS Lookup (mobile_malware.rules)
2852513 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sx CnC Domain in DNS Lookup (mobile_malware.rules)
2852514 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Gustuff.d Checkin (mobile_malware.rules)
2852515 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.WT CnC Domain in DNS Lookup (mobile_malware.rules)
2852516 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Malaspy.a Checkin (mobile_malware.rules)
2852517 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.WT CnC Domain in DNS Lookup (mobile_malware.rules)
2852518 - ETPRO MOBILE_MALWARE Android.Spy.1010.origin Checkin (mobile_malware.rules)
2852519 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CCM CnC Domain in DNS Lookup (mobile_malware.rules)
2852520 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BXZ CnC Domain in DNS Lookup (mobile_malware.rules)
2852521 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba CnC Response (mobile_malware.rules)
2852522 - ETPRO MOBILE_MALWARE Observed Android.SmsSpy.11416 Domain in TLS SNI (mobile_malware.rules)
2852523 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.ZB CnC Domain in DNS Lookup (mobile_malware.rules)
2852524 - ETPRO MALWARE Win32/Remcos RAT Checkin 841 (malware.rules)
2852525 - ETPRO PHISHING Successful Generic Phish 2022-10-07 (phishing.rules)
2852526 - ETPRO PHISHING Successful Ent Credit Union Phish 2022-10-07 (phishing.rules)