Daily Ruleset Update Summary 2022/10/18

dumiller · October 18, 2022, 8:54pm

Summary:

17 new OPEN, 51 new PRO (17 + 34) WinGo/YT, SocGholish, Various Phishing, Various Mobile Malware

Thanks @C0ryInTheHous3, @Gi7w0rm, @500mk500, @1ZRR4H

Please share issues, feedback, and requests at Feedback

Added rules:

Open:

2039428 - ET MOBILE_MALWARE Trojan-Ransom.AndroidOS.Agent.bi CnC Domain in DNS Lookup (mobile_malware.rules)
2039429 - ET MOBILE_MALWARE Trojan-Ransom.AndroidOS.Agent.bi CnC Domain in DNS Lookup (mobile_malware.rules)
2039430 - ET PHISHING Observed DNS Query to Phishing Domain (ficosha .com) (phishing.rules)
2039431 - ET INFO Aaflalo .me DNS Over HTTPS Certificate Inbound (info.rules)
2039432 - ET INFO Adguard DNS Over HTTPS Certificate Inbound (info.rules)
2039433 - ET INFO AhaDNS DNS Over HTTPS Certificate Inbound (info.rules)
2039434 - ET INFO AhaDNS DNS Over HTTPS Certificate Inbound (info.rules)
2039435 - ET INFO Andrews & Arnold DNS Over HTTPS Certificate Inbound (info.rules)
2039436 - ET INFO Alekberg DNS Over HTTPS Certificate Inbound (info.rules)
2039437 - ET INFO Artikel10 DNS Over HTTPS Certificate Inbound (info.rules)
2039438 - ET INFO Bebasid DNS Over HTTPS Certificate Inbound (info.rules)
2039439 - ET INFO URL Shortener Service Domain in DNS Lookup (tiny .one) (info.rules)
2039440 - ET MALWARE WinGo/YT Stealer CnC Domain in DNS Lookup (malware.rules)
2039441 - ET MALWARE WinGo/YT Stealer CnC Checkin (malware.rules)
2039442 - ET MALWARE SocGholish Domain in DNS Lookup (malware.rules)
2039443 - ET MALWARE SocGholish Domain in DNS Lookup (malware.rules)
2039444 - ET MALWARE SocGholish CnC Domain in DNS Lookup (malware.rules)

Pro:

2852600 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SpyNote.ap Checkin (mobile_malware.rules)
2852601 - ETPRO MOBILE_MALWARE Android/Spy.1030 CnC Domain in DNS Lookup (mobile_malware.rules)
2852602 - ETPRO MOBILE_MALWARE Android/Spy.1030 CnC Domain in DNS Lookup (mobile_malware.rules)
2852603 - ETPRO MOBILE_MALWARE Android.Joker.274 CnC Domain in DNS Lookup (mobile_malware.rules)
2852604 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CJR CnC Domain in DNS Lookup (mobile_malware.rules)
2852605 - ETPRO MOBILE_MALWARE Android/Spy.Facestealer.DZ CnC Domain in DNS Lookup (mobile_malware.rules)
2852606 - ETPRO MOBILE_MALWARE Android.Joker.1635 CnC Domain in DNS Lookup (mobile_malware.rules)
2852607 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.HDA CnC Domain in DNS Lookup (mobile_malware.rules)
2852608 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.fc CnC Domain in DNS Lookup (mobile_malware.rules)
2852609 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.fc CnC Domain in DNS Lookup (mobile_malware.rules)
2852610 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aqha CnC Domain in DNS Lookup (mobile_malware.rules)
2852611 - ETPRO MOBILE_MALWARE Android/Spy.Shenno.A CnC Domain in DNS Lookup (mobile_malware.rules)
2852612 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.gc CnC Domain in DNS Lookup (mobile_malware.rules)
2852613 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.arem CnC Domain in DNS Lookup (mobile_malware.rules)
2852614 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Harly.a Checkin (mobile_malware.rules)
2852615 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Harly.a Checkin 2 (mobile_malware.rules)
2852616 - ETPRO MOBILE_MALWARE Android.Spy.1010.origin CnC Domain in DNS Lookup (mobile_malware.rules)
2852617 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.apzo CnC Domain in DNS Lookup (mobile_malware.rules)
2852618 - ETPRO MOBILE_MALWARE Observed Trojan.AndroidOS.Piom.apbz Domain in TLS SNI (mobile_malware.rules)
2852619 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.WR CnC Domain in DNS Lookup (mobile_malware.rules)
2852620 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.FakeCop.l Checkin (mobile_malware.rules)
2852621 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.apzk Checkin (mobile_malware.rules)
2852622 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.apzk Checkin 2 (mobile_malware.rules)
2852623 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at CnC Beacon (mobile_malware.rules)
2852624 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Pletor.a Checkin (mobile_malware.rules)
2852625 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Pletor.a Checkin 2 (mobile_malware.rules)
2852626 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.h CnC Domain in DNS Lookup (mobile_malware.rules)
2852627 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BYP Checkin (mobile_malware.rules)
2852628 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-18 1) (coinminer.rules)
2852629 - ETPRO MALWARE Win32/Remcos RAT Checkin 845 (malware.rules)
2852630 - ETPRO PHISHING Successful Comcast Phish 2022-10-18 (phishing.rules)
2852631 - ETPRO PHISHING Successful Generic Phish 2022-10-18 (phishing.rules)
2852632 - ETPRO MALWARE PS/X-1211 CnC Activity (malware.rules)
2852633 - ETPRO MOBILE_MALWARE Android/FakeWallet.D Checkin (mobile_malware.rules)

Modified active rules:

2037822 - ET MALWARE Win32/Kryptik.GSKY CnC Checkin (malware.rules)
2039420 - ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684) (web_server.rules)
2852521 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba CnC Response (mobile_malware.rules)

Removed rules:

2852542 - ETPRO MALWARE Win32/TrojanDownloader.Agent.K CnC Activity (malware.rules)

Topic	Replies	Views
Daily Ruleset Update Summary 2022/11/07 Ruleset Updates	105	November 7, 2022
Daily Rule Update Summary 2022/11/10 Ruleset Updates	165	November 10, 2022
Daily Ruleset Update Summary 2022/09/30 Ruleset Updates	97	September 30, 2022
Ruleset Update Summary - 2023/06/07 - v10342 Ruleset Updates	310	June 7, 2023
Daily Ruleset Update Summary 2022/10/28 Ruleset Updates	231	October 28, 2022