Daily Ruleset Update Summary 2022/10/28

Ruleset Updates
1

Summary:

15 new OPEN, 59 new PRO (15 + 44) Mobile Malware, Potential Juniper CVEs, Various Phish

Thanks @SinSinology @AuCyble

Please share issues, feedback, and requests at Feedback

Added rules:

Open:

2039586 - ET MOBILE_MALWARE Trojan-Dropper.AndroidOS.Guerrilla.h CnC Domain in DNS Lookup (mobile_malware.rules)
2039587 - ET MOBILE_MALWARE Android/Drinik Checkin Activity (POST) (mobile_malware.rules)
2039588 - ET MOBILE_MALWARE Android/Drinik Activity (POST) (mobile_malware.rules)
2039589 - ET MOBILE_MALWARE Android/Drinik Activity M2 (POST) (mobile_malware.rules)
2039590 - ET PHISHING Generic Credential Phish Landing Page 2022-10-28 (phishing.rules)
2039591 - ET MALWARE Potential Juniper Phar Deserialization RCE Attempt (CVE-2022-22241) (malware.rules)
2039592 - ET MALWARE Potential Juniper XPATH Injection Attempt (CVE-2022-22244) (malware.rules)
2039593 - ET MOBILE_MALWARE Android/Drinik CnC Domain (gia .3utilities .com) in DNS Lookup (mobile_malware.rules)
2039594 - ET INFO External IP Address Lookup Domain (get .geojs .io) in DNS Lookup (info.rules)
2039595 - ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI (info.rules)
2039596 - ET MALWARE Possible VMWare NSX Manager Remote Code Execution Exploit Attempt (CVE-2021-39144) (malware.rules)
2039597 - ET MALWARE SocGholish CnC Domain in DNS Lookup (portraits .studio-94-photography .com) (malware.rules)
2039598 - ET MALWARE Potential Juniper Reflected XSS Attempt (CVE-2022-22242) (malware.rules)
2039599 - ET MALWARE Potential Juniper Path Traversal RCE Attempt (CVE-2022-22245) (malware.rules)
2039600 - ET MALWARE Potential Juniper PHP Local File Inclusion Attempt (CVE-2022-22246) (malware.rules)

Pro:

2852681 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.kd CnC Beacon (mobile_malware.rules)
2852682 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.ty CnC Domain in DNS Lookup (mobile_malware.rules)
2852683 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.kd CnC Domain in DNS Lookup (mobile_malware.rules)
2852684 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.tv CnC Domain in DNS Lookup (mobile_malware.rules)
2852685 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.ca Checkin (mobile_malware.rules)
2852686 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.sr CnC Domain in DNS Lookup (mobile_malware.rules)
2852687 - ETPRO MOBILE_MALWARE Observed Trojan.AndroidOS.Jocker.sr Domain in TLS SNI (mobile_malware.rules)
2852688 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.hm CnC Domain in DNS Lookup (mobile_malware.rules)
2852689 - ETPRO MOBILE_MALWARE Observed Trojan-Dropper.AndroidOS.Hqwar.hm Domain in TLS SNI (mobile_malware.rules)
2852690 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Jocker.ei CnC Domain in DNS Lookup (mobile_malware.rules)
2852691 - ETPRO MOBILE_MALWARE Observed Trojan.AndroidOS.Jocker.tb Domain in TLS SNI (mobile_malware.rules)
2852692 - ETPRO MOBILE_MALWARE Android.Spy.4521 CnC Domain in DNS Lookup (mobile_malware.rules)
2852693 - ETPRO MOBILE_MALWARE Observed Android.Spy.4521 Domain in TLS SNI (mobile_malware.rules)
2852694 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.ahyc CnC Domain in DNS Lookup (mobile_malware.rules)
2852695 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.i CnC Domain in DNS Lookup (mobile_malware.rules)
2852696 - ETPRO MOBILE_MALWARE Observed Trojan-Spy.AndroidOS.Realrat.i Domain in TLS SNI (mobile_malware.rules)
2852697 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aoyg CnC Domain in DNS Lookup (mobile_malware.rules)
2852698 - ETPRO MOBILE_MALWARE Android/Spy.Banker.BOF CnC Domain in DNS Lookup (mobile_malware.rules)
2852699 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SpyNote.al CnC Domain in DNS Lookup (mobile_malware.rules)
2852700 - ETPRO MOBILE_MALWARE Android.BankBot.13414 Checkin (mobile_malware.rules)
2852701 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BYJ CnC Domain in DNS Lookup (mobile_malware.rules)
2852702 - ETPRO MOBILE_MALWARE Android/Spy.Vultur.C CnC Domain in DNS Lookup (mobile_malware.rules)
2852703 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at Checkin (mobile_malware.rules)
2852704 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at Heartbeat (mobile_malware.rules)
2852705 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at CnC Domain in DNS Lookup (mobile_malware.rules)
2852706 - ETPRO MOBILE_MALWARE Android.Spy.1049 CnC Domain in DNS Lookup (mobile_malware.rules)
2852707 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SpyNote.ap Checkin 2 (mobile_malware.rules)
2852708 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CCM CnC Domain in DNS Lookup (mobile_malware.rules)
2852709 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CCM CnC Domain in DNS Lookup (mobile_malware.rules)
2852710 - ETPRO MOBILE_MALWARE Android/Simplocker.B Checkin 2 (mobile_malware.rules)
2852711 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.KJG CnC Domain in DNS Lookup (mobile_malware.rules)
2852712 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.KJG CnC Domain in DNS Lookup (mobile_malware.rules)
2852713 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.wn CnC Domain in DNS Lookup (mobile_malware.rules)
2852714 - ETPRO MOBILE_MALWARE Android/Spy.Vultur.C CnC Domain in DNS Lookup (mobile_malware.rules)
2852715 - ETPRO MOBILE_MALWARE Android/Spy.Apaspy.C CnC Domain in DNS Lookup (mobile_malware.rules)
2852716 - ETPRO MOBILE_MALWARE Android/Spy.Agent.ALZ CnC Domain in DNS Lookup (mobile_malware.rules)
2852717 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-25 1) (coinminer.rules)
2852724 - ETPRO PHISHING Successful Generic Phish 2022-10-28 (phishing.rules)
2852725 - ETPRO PHISHING Successful Generic Phish 2022-10-28 (phishing.rules)

Modified active rules:

2039103 - ET MALWARE Suspected Smokeloader Activity (POST) (malware.rules)