Daily Ruleset Update Summary 2022/10/26

Summary:

20 new OPEN, 20 new PRO (20 + 0) Gamaredon, KnowBe4 Simulated Phish Domains, QakBot, Win32/Injector.BBYK, Various Phish

Thanks @h2jazi @Unit42_intel

Please share issues, feedback, and requests at Feedback

Added rules:

Open:

2039564 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2039565 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (magnetonics .com) (policy.rules)
2039566 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (instantrevert .net) (policy.rules)
2039567 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (kb4 .io) (policy.rules)
2039568 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (bloemlight .com) (policy.rules)
2039569 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (com-onlinebanking .com) (policy.rules)
2039570 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (compromisedblog .com) (policy.rules)
2039571 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (net-login .com) (policy.rules)
2039572 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (msftemail .com) (policy.rules)
2039573 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (ancillarycheese .com) (policy.rules)
2039574 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (com-token-auth .com) (policy.rules)
2039575 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (phishwall .net) (policy.rules)
2039576 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain (malwarebouncer .com) (policy.rules)
2039577 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot) (malware.rules)
2039578 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot) (malware.rules)
2039579 - ET MALWARE Win32/Injector.BBYK Checkin (malware.rules)
2039580 - ET PHISHING Generic Credential Phish Landing Page 2022-10-26 (phishing.rules)
2039581 - ET PHISHING Successful Generic Credential Phish 2022-10-26 (phishing.rules)
2039582 - ET PHISHING Successful Generic Credential Phish 2022-10-26 (phishing.rules)
2039583 - ET PHISHING Successful Generic Credential Phish 2022-10-26 (phishing.rules)

Modified active rules:

2038820 - ET MALWARE Bitter APT CHM CnC Activity M1 (GET) (malware.rules)
2852279 - ETPRO MALWARE Bitter APT CHM CnC Activity M2 (GET) (malware.rules)
2852280 - ETPRO ATTACK_RESPONSE Bitter APT CHM CnC Response (attack_response.rules)