Daily Ruleset Update Summary 2022/10/12

dumiller · October 12, 2022, 9:59pm

Summary:

19 new OPEN, 24 new PRO (19 + 5) MSSQL Maggie Backdoor, FortiOS Auth Bypass, Various Phish, Arid Viper.

Thanks @MBThreatIntel, @cluster25_io, @DCSO_CyTec, @jaydinbas, @botlabsDev

Please share issues, feedback, and requests at Feedback

Added rules:

Open:

2039171 - ET MALWARE Arid Viper APT Related Activity (POST) (malware.rules)
2039172 - ET MALWARE Magecart Related Domain in DNS Lookup (cdn-mediahub .com) (malware.rules)
2039173 - ET WEB_SERVER Cluster25 FortiOS Possible Auth Bypass Attempt (web_server.rules)
2039174 - ET PHISHING Generic Credential Phish Landing Page 2022-10-12 (phishing.rules)
2039175 - ET PHISHING Successful Generic Credential Phish 2022-10-12 (phishing.rules)
2039176 - ET PHISHING Generic Credential Phish 2022-10-12 (phishing.rules)
2039177 - ET MALWARE Mekotio Banking Trojan CnC Domain (zautoservice .eu) in DNS Lookup (malware.rules)
2039178 - ET INFO Observed File Sharing Service (www .uplooder .net) in DNS Lookup (info.rules)
2039179 - ET MALWARE Win32/Spy.Mekotio.EY Payload Request (malware.rules)
2039180 - ET INFO Observed File Sharing Service Domain (www .uplooder .net) in TLS SNI (info.rules)
2039181 - ET INFO MSSQL SELECT SPID Query Observed (info.rules)
2039182 - ET MALWARE MSSQL maggie backdoor Accessall Query Observed (malware.rules)
2039183 - ET MALWARE MSSQL maggie backdoor ListIP Query Observed (malware.rules)
2039184 - ET MALWARE MSSQL maggie backdoor ls Query Observed (malware.rules)
2039185 - ET MALWARE MSSQL maggie backdoor sysinfo Query Observed (malware.rules)
2039186 - ET MALWARE MSSQL maggie backdoor whoami Query Observed (malware.rules)
2039187 - ET MALWARE MSSQL maggie backdoor sp_addextendedproc Command Observed (malware.rules)
2039188 - ET INFO MSSQL sp_addextendedproc Command Observed (info.rules)
2039189 - ET MALWARE VBA/Agent.AAV CnC Checkin (malware.rules)

Pro:

2852541 - ETPRO PHISHING Successful Bancolombia Phish 2022-10-12 (phishing.rules)
2852542 - ETPRO MALWARE Win32/TrojanDownloader.Agent.K CnC Activity (malware.rules)
2852543 - ETPRO MALWARE Generic Malicious Download Web Inject (malware.rules)

Modified active rules:

2850598 - ETPRO MALWARE Ettersilent MalDoc C2 Beacon (malware.rules)

Topic	Replies	Views
Daily Ruleset Update Summary 2022/10/10 Ruleset Updates	120	October 10, 2022
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	200	June 20, 2023
Daily Ruleset Update Summary 2022/09/22 Ruleset Updates	101	September 22, 2022
Daily Ruleset Update Summary 2022/09/23 Ruleset Updates	105	September 23, 2022
Daily Ruleset Update Summary 2022/11/08 Ruleset Updates	172	November 9, 2022