Daily Ruleset Update Summary 2022/10/14

Summary:

2 new OPEN, 48 new PRO (2 + 46) Havoc Framework, Various Phish, Various Coinminers

Thanks @Slash30Miata

Please share issues, feedback, and requests at Feedback

Added rules:

Open:

2039417 - ET MALWARE Win32/TrojanDropper.Agent.SRM Exfil via Discord (malware.rules)
2039418 - ET MALWARE Win32/TrojanDropper.Agent.SSQ Checkin (malware.rules)

Pro:

2852549 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-13 1) (coinminer.rules)
2852550 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-13 2) (coinminer.rules)
2852551 - ETPRO PHISHING Successful Generic Phish 2022-10-14 (phishing.rules)
2852552 - ETPRO PHISHING Successful Generic Phish 2022-10-14 (phishing.rules)
2852553 - ETPRO PHISHING Successful Raiffeisenbank Phish 2022-10-14 (phishing.rules)
2852554 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852555 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852556 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852557 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852558 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852559 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852560 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852561 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852562 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852563 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852564 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852565 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852566 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852567 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852568 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852569 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852570 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852571 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852572 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852573 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852574 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852575 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852576 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852577 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852578 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852579 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852580 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852581 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852582 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852583 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852584 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852585 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852586 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852587 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852588 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852589 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852590 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852591 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852592 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed (malware.rules)
2852593 - ETPRO MALWARE Generic HTA Checkin (malware.rules)
2852594 - ETPRO MALWARE Michael Page Phish to Malicious HTA Landing Page (malware.rules)

Modified active rules:

2039182 - ET MALWARE MSSQL maggie backdoor Accessall Query Observed (malware.rules)
2039183 - ET MALWARE MSSQL maggie backdoor ListIP Query Observed (malware.rules)
2039184 - ET MALWARE MSSQL maggie backdoor ls Query Observed (malware.rules)
2039185 - ET MALWARE MSSQL maggie backdoor sysinfo Query Observed (malware.rules)
2039186 - ET MALWARE MSSQL maggie backdoor whoami Query Observed (malware.rules)
2039415 - ET MALWARE MSSQL maggie backdoor Query Observed (other functions) (malware.rules)