Daily Ruleset Update Summary 2022/11/02

bingohotdog · November 2, 2022, 9:56pm

Summary:

3 new OPEN, 7 new PRO (3 + 4) CoinMiner, SocGholish, Win32/StartPage.NOC, OneDrive Phish, Python Library Backdoor Domain

Also, an out-of-band SocGholish rule was published earlier today, see link for more details:
https://twitter.com/threatinsight/status/1587866753983389696

Please share issues, feedback, and requests at Feedback

Added rules:

Open:

2039621 - ET INFO OpenSea API Query NFT Discovery Details (GET) (info.rules)
2039622 - ET MALWARE Python Library Backdoor Domain (wasp .plague .fun) in DNS Lookup (malware.rules)
2039623 - ET MALWARE SocGholish Domain in DNS Lookup (podcasts .momsgrabcoffee .com) (malware.rules)

Pro:

2852767 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-11-01 1) (coinminer.rules)
2852768 - ETPRO MALWARE Win32/StartPage.NOC CnC Activity (malware.rules)
2852769 - ETPRO PHISHING Microsoft OneDrive Phishing Domain (mycourier .email) in DNS Lookup (phishing.rules)
2852770 - ETPRO PHISHING Observed Microsoft OneDrive Phishing Domain (mycourier .email) in TLS SNI (phishing.rules)

Modified active rules:

2852487 - ETPRO MALWARE Win32/XWorm CnC Command (PING?) (malware.rules)
2852488 - ETPRO MALWARE Win32/XWorm CnC Command (PING!) (malware.rules)
2852489 - ETPRO MALWARE Win32/XWorm CnC Command (DDosS) (malware.rules)
2852490 - ETPRO MALWARE Win32/XWorm CnC Command (DDosT) (malware.rules)
2852491 - ETPRO MALWARE Win32/XWorm CnC Command (Cilpper) (malware.rules)
2852492 - ETPRO MALWARE Win32/XWorm CnC Command (hidefolderfile) (malware.rules)
2852493 - ETPRO MALWARE Win32/XWorm CnC Command (showfolderfile) (malware.rules)
2852494 - ETPRO MALWARE Win32/XWorm CnC Command (creatnewfolder) (malware.rules)
2852495 - ETPRO MALWARE Win32/XWorm CnC Command (creatfile) (malware.rules)
2852496 - ETPRO MALWARE Win32/XWorm CnC Command (downloadfile) (malware.rules)
2852497 - ETPRO MALWARE Win32/XWorm CnC Command (sendfileto) (malware.rules)
2852498 - ETPRO MALWARE Win32/XWorm CnC Command (DW) (malware.rules)
2852499 - ETPRO MALWARE Win32/XWorm CnC Command (RD-) (malware.rules)
2852500 - ETPRO MALWARE Win32/XWorm CnC Command (RD+) (malware.rules)
2852501 - ETPRO MALWARE Win32/XWorm CnC Command (###) (malware.rules)
2852502 - ETPRO MALWARE Win32/XWorm CnC Command ($$$) (malware.rules)
2852503 - ETPRO MALWARE Win32/XWorm CnC Command (^^^g) (malware.rules)
2852504 - ETPRO MALWARE Win32/XWorm CnC Command (ENC) (malware.rules)
2852505 - ETPRO MALWARE Win32/XWorm CnC Command (HVNC) (malware.rules)
2852707 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SpyNote.ap Checkin 2 (mobile_malware.rules)

Topic	Replies	Views
Daily Ruleset Update Summary 2022/09/27 Ruleset Updates	65	September 27, 2022
Daily Ruleset Update Summary 2022/10/04 Ruleset Updates	54	October 4, 2022
Ruleset Update Summary - 2023/06/30 - v10362 Ruleset Updates	225	June 30, 2023
Ruleset Update Summary - 2023/12/27 - v10494 Ruleset Updates	229	December 27, 2023
Daily Ruleset Update Summary 2022/08/08 Ruleset Updates	157	August 9, 2022

Daily Ruleset Update Summary 2022/11/02

Related Topics