Summary:
9 new OPEN, 18 new PRO (9 + 9) Chromeloader, SocGholish,
TransparentTribe, WinGO\Monitor.go, Various Android Mobile Malware,
Phishing, and more.
Thanks @MalGamy @0xrb
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
Added rules:
Open:
2039744 - ET MALWARE ChromeLoader CnC Domain (istakechau .autos) in DNS Lookup (malware.rules)
2039745 - ET MALWARE ChromeLoader CnC Domain (imenttogethe .xyz) in DNS Lookup (malware.rules)
2039746 - ET MALWARE ChromeLoader CnC Checkin M1 (malware.rules)
2039747 - ET MALWARE ChromeLoader CnC Error (malware.rules)
2039748 - ET MALWARE ChromeLoader CnC Checkin M2 (malware.rules)
2039749 - ET MALWARE WinGO\Monitor.go CnC Checkin (malware.rules)
2039750 - ET MALWARE APT36/TransparentTribe CnC Domain (richa-sharma .ddns .net) in DNS Lookup (malware.rules)
2039751 - ET MALWARE SocGholish Domain in DNS Lookup (course .netpickstrading .com) (malware.rules)
2039752 - ET MALWARE SocGholish CnC Domain in DNS Lookup (campaign .tworiversboat .com) (malware.rules)
Pro:
2852795 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CCM CnC Domain in DNS Lookup (mobile_malware.rules)
2852796 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CCM CnC Domain in DNS Lookup (mobile_malware.rules)
2852797 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sn Checkin (mobile_malware.rules)
2852798 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sn Checkin 2 (mobile_malware.rules)
2852799 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sn Checkin 3 (mobile_malware.rules)
2852800 - ETPRO MALWARE HTML/Fake Password Protected Document Blob Downloader M1 (malware.rules)
2852801 - ETPRO MALWARE HTML/Fake Password Protected Document Blob Downloader M2 (malware.rules)
2852802 - ETPRO PHISHING Successful Twitter Credential Phish 2022-11-04 (phishing.rules)
2852803 - ETPRO PHISHING Twitter Credential Phish Landing Page 2022-11-04 (phishing.rules)