Ruleset Update Summary - 2022/12/05 - v10188

rulesbot · December 5, 2022, 10:14pm

Summary:

109 new OPEN, 114 new PRO (109 + 5)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

2041673 - ET MALWARE Win32/RecordBreaker - Observed UA M4 (20112211) (malware.rules)
2041674 - ET INFO URL Shortening Service Domain in DNS Lookup (e .vg) (info.rules)
2041675 - ET INFO Observed URL Shortening Service Domain (e .vg in TLS SNI) (info.rules)
2041676 - ET MALWARE Observed DNS Query to ElectronBot Domain (Electron-Bot .s3 .eu-central-1 .amazonaws .com) (malware.rules)
2041677 - ET MALWARE Observed DNS Query to ElectronBot Domain (11k .online) (malware.rules)
2041678 - ET MALWARE JS.ElectronBot.B.F7A4D930 Downloader (GET) (malware.rules)
2041679 - ET MALWARE JS.ElectronBot Payload Inbound (malware.rules)
2041680 - ET PHISHING Observed Phish Domain in DNS Lookup (administrator-enoc .com) 2022-12-05 (phishing.rules)
2041681 - ET PHISHING Observed Phish Domain in DNS Lookup (registration-adnoc .com) 2022-12-05 (phishing.rules)
2041682 - ET PHISHING Observed Phish Domain in DNS Lookup (kilimondoilgas-dubai .com) 2022-12-05 (phishing.rules)
2041683 - ET PHISHING Observed Phish Domain in DNS Lookup (horsespeedtravel .com) 2022-12-05 (phishing.rules)
2041684 - ET PHISHING Observed Phish Domain in DNS Lookup (snocprojectae .com) 2022-12-05 (phishing.rules)
2041685 - ET PHISHING Observed Phish Domain in DNS Lookup (snoc-projectae .com) 2022-12-05 (phishing.rules)
2041686 - ET PHISHING Observed Phish Domain in DNS Lookup (qatarenergys .com) 2022-12-05 (phishing.rules)
2041687 - ET PHISHING Observed Phish Domain in DNS Lookup (nowmcopetroleum .com) 2022-12-05 (phishing.rules)
2041688 - ET PHISHING Observed Phish Domain in DNS Lookup (bidders-enoc .com) 2022-12-05 (phishing.rules)
2041689 - ET PHISHING Observed Phish Domain in DNS Lookup (proposal-enoc .com) 2022-12-05 (phishing.rules)
2041690 - ET PHISHING Observed Phish Domain in DNS Lookup (llhhospitals .com) 2022-12-05 (phishing.rules)
2041691 - ET PHISHING Observed Phish Domain in DNS Lookup (alzarafatravellsae .com) 2022-12-05 (phishing.rules)
2041692 - ET PHISHING Observed Phish Domain in DNS Lookup (specgulfae .com) 2022-12-05 (phishing.rules)
2041693 - ET PHISHING Observed Phish Domain in DNS Lookup (eaglestravels-ae .com) 2022-12-05 (phishing.rules)
2041694 - ET PHISHING Observed Phish Domain in DNS Lookup (stalinschoolintlacademy .com) 2022-12-05 (phishing.rules)
2041695 - ET PHISHING Observed Phish Domain in DNS Lookup (consultant-enoc .com) 2022-12-05 (phishing.rules)
2041696 - ET PHISHING Observed Phish Domain in DNS Lookup (vendor-enocbid .com) 2022-12-05 (phishing.rules)
2041697 - ET PHISHING Observed Phish Domain in DNS Lookup (proposal-ae-enoc .com) 2022-12-05 (phishing.rules)
2041698 - ET PHISHING Observed Phish Domain in DNS Lookup (zbavitae .com) 2022-12-05 (phishing.rules)
2041699 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-taqa .com) 2022-12-05 (phishing.rules)
2041700 - ET PHISHING Observed Phish Domain in DNS Lookup (safetravel-services .com) 2022-12-05 (phishing.rules)
2041701 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfcoastoilngas-ae .com) 2022-12-05 (phishing.rules)
2041702 - ET PHISHING Observed Phish Domain in DNS Lookup (camschooluae .com) 2022-12-05 (phishing.rules)
2041703 - ET PHISHING Observed Phish Domain in DNS Lookup (alhmodzinoilfildservices .com) 2022-12-05 (phishing.rules)
2041704 - ET PHISHING Observed Phish Domain in DNS Lookup (nipmse .com) 2022-12-05 (phishing.rules)
2041705 - ET PHISHING Observed Phish Domain in DNS Lookup (globalhospae .com) 2022-12-05 (phishing.rules)
2041706 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfins-ae .com) 2022-12-05 (phishing.rules)
2041707 - ET PHISHING Observed Phish Domain in DNS Lookup (zirvaenergy .com) 2022-12-05 (phishing.rules)
2041708 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-adio .com) 2022-12-05 (phishing.rules)
2041709 - ET PHISHING Observed Phish Domain in DNS Lookup (uae-snocproject .com) 2022-12-05 (phishing.rules)
2041710 - ET PHISHING Observed Phish Domain in DNS Lookup (alfayhaatravels .com) 2022-12-05 (phishing.rules)
2041711 - ET PHISHING Observed Phish Domain in DNS Lookup (contract-snoc .com) 2022-12-05 (phishing.rules)
2041712 - ET PHISHING Observed Phish Domain in DNS Lookup (biding-enoc .com) 2022-12-05 (phishing.rules)
2041713 - ET PHISHING Observed Phish Domain in DNS Lookup (dibfinancialservice-uae .com) 2022-12-05 (phishing.rules)
2041714 - ET PHISHING Observed Phish Domain in DNS Lookup (registrations-adnoc .com) 2022-12-05 (phishing.rules)
2041715 - ET PHISHING Observed Phish Domain in DNS Lookup (enocbids .com) 2022-12-05 (phishing.rules)
2041716 - ET PHISHING Observed Phish Domain in DNS Lookup (snocprojectuae .com) 2022-12-05 (phishing.rules)
2041717 - ET PHISHING Observed Phish Domain in DNS Lookup (adio-gov .com) 2022-12-05 (phishing.rules)
2041718 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfmarineoilservices .com) 2022-12-05 (phishing.rules)
2041719 - ET PHISHING Observed Phish Domain in DNS Lookup (fenczyflyemiratetravels .com) 2022-12-05 (phishing.rules)
2041720 - ET PHISHING Observed Phish Domain in DNS Lookup (abienceinvestments-fze .com) 2022-12-05 (phishing.rules)
2041721 - ET PHISHING Observed Phish Domain in DNS Lookup (flywaytravelandtourism .com) 2022-12-05 (phishing.rules)
2041722 - ET PHISHING Observed Phish Domain in DNS Lookup (aiischools .com) 2022-12-05 (phishing.rules)
2041723 - ET PHISHING Observed Phish Domain in DNS Lookup (emspgenerahospae .com) 2022-12-05 (phishing.rules)
2041724 - ET PHISHING Observed Phish Domain in DNS Lookup (investinadio .com) 2022-12-05 (phishing.rules)
2041725 - ET PHISHING Observed Phish Domain in DNS Lookup (mohregov-ae .com) 2022-12-05 (phishing.rules)
2041726 - ET PHISHING Observed Phish Domain in DNS Lookup (enacopetroleum .com) 2022-12-05 (phishing.rules)
2041727 - ET PHISHING Observed Phish Domain in DNS Lookup (emsclikoil .com) 2022-12-05 (phishing.rules)
2041728 - ET PHISHING Observed Phish Domain in DNS Lookup (westernmedicalspecialisthosp .com) 2022-12-05 (phishing.rules)
2041729 - ET PHISHING Observed Phish Domain in DNS Lookup (contact-adnocae .com) 2022-12-05 (phishing.rules)
2041730 - ET PHISHING Observed Phish Domain in DNS Lookup (quickcitytravel .com) 2022-12-05 (phishing.rules)
2041731 - ET PHISHING Observed Phish Domain in DNS Lookup (snoc-projectuae .com) 2022-12-05 (phishing.rules)
2041732 - ET PHISHING Observed Phish Domain in DNS Lookup (consultant-ae-enoc .com) 2022-12-05 (phishing.rules)
2041733 - ET PHISHING Observed Phish Domain in DNS Lookup (salacomimmigration .com) 2022-12-05 (phishing.rules)
2041734 - ET PHISHING Observed Phish Domain in DNS Lookup (dubaiferryae .com) 2022-12-05 (phishing.rules)
2041735 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-adnoc .com) 2022-12-05 (phishing.rules)
2041736 - ET PHISHING Observed Phish Domain in DNS Lookup (adbntogo .com) 2022-12-05 (phishing.rules)
2041737 - ET PHISHING Observed Phish Domain in DNS Lookup (iconiqueimmigration .com) 2022-12-05 (phishing.rules)
2041738 - ET PHISHING Observed Phish Domain in DNS Lookup (alfujairah-ae .com) 2022-12-05 (phishing.rules)
2041739 - ET PHISHING Observed Phish Domain in DNS Lookup (contractors-adnoc .com) 2022-12-05 (phishing.rules)
2041740 - ET PHISHING Observed Phish Domain in DNS Lookup (stabluk .com) 2022-12-05 (phishing.rules)
2041741 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-enoc .com) 2022-12-05 (phishing.rules)
2041742 - ET PHISHING Observed Phish Domain in DNS Lookup (siemenoilandgas .com) 2022-12-05 (phishing.rules)
2041743 - ET PHISHING Observed Phish Domain in DNS Lookup (proposals-ae-enoc .com) 2022-12-05 (phishing.rules)
2041744 - ET PHISHING Observed Phish Domain in DNS Lookup (hamraoilgroup .com) 2022-12-05 (phishing.rules)
2041745 - ET PHISHING Observed Phish Domain in DNS Lookup (flylinkimmigration .com) 2022-12-05 (phishing.rules)
2041747 - ET PHISHING Observed Phish Domain in DNS Lookup (ae-snoctenders .com) 2022-12-05 (phishing.rules)
2041748 - ET PHISHING Observed Phish Domain in DNS Lookup (contracts-adnoc .com) 2022-12-05 (phishing.rules)
2041749 - ET PHISHING Observed Phish Domain in DNS Lookup (registrations-enoc .com) 2022-12-05 (phishing.rules)
2041750 - ET PHISHING Observed Phish Domain in DNS Lookup (uae-snoctenders .com) 2022-12-05 (phishing.rules)
2041751 - ET PHISHING Observed Phish Domain in DNS Lookup (oceanicflyimmigration .com) 2022-12-05 (phishing.rules)
2041752 - ET PHISHING Observed Phish Domain in DNS Lookup (rfq-taziz .com) 2022-12-05 (phishing.rules)
2041753 - ET PHISHING Observed Phish Domain in DNS Lookup (consultants-ae-enoc .com) 2022-12-05 (phishing.rules)
2041754 - ET PHISHING Observed Phish Domain in DNS Lookup (abbrossgeneralhospital .com) 2022-12-05 (phishing.rules)
2041755 - ET PHISHING Observed Phish Domain in DNS Lookup (snocproject-ae .com) 2022-12-05 (phishing.rules)
2041756 - ET PHISHING Observed Phish Domain in DNS Lookup (dahilalcapitalinvest .com) 2022-12-05 (phishing.rules)
2041757 - ET PHISHING Observed Phish Domain in DNS Lookup (duramtravelagency .com) 2022-12-05 (phishing.rules)
2041758 - ET PHISHING Observed Phish Domain in DNS Lookup (biddings-enoc .com) 2022-12-05 (phishing.rules)
2041759 - ET PHISHING Observed Phish Domain in DNS Lookup (hpschooluae .com) 2022-12-05 (phishing.rules)
2041760 - ET PHISHING Observed Phish Domain in DNS Lookup (rakpetrolae .com) 2022-12-05 (phishing.rules)
2041761 - ET PHISHING Observed Phish Domain in DNS Lookup (arabianmigration .com) 2022-12-05 (phishing.rules)
2041762 - ET PHISHING Observed Phish Domain in DNS Lookup (snocuae .com) 2022-12-05 (phishing.rules)
2041763 - ET PHISHING Observed Phish Domain in DNS Lookup (atenaeps .com) 2022-12-05 (phishing.rules)
2041764 - ET PHISHING Observed Phish Domain in DNS Lookup (ae-snocproject .com) 2022-12-05 (phishing.rules)
2041765 - ET PHISHING Observed Phish Domain in DNS Lookup (harvesttravelagency .com) 2022-12-05 (phishing.rules)
2041766 - ET PHISHING Observed Phish Domain in DNS Lookup (registration-ae-enoc .com) 2022-12-05 (phishing.rules)
2041767 - ET PHISHING Observed Phish Domain in DNS Lookup (toursolutions4u .com) 2022-12-05 (phishing.rules)
2041768 - ET PHISHING Observed Phish Domain in DNS Lookup (easternbaytravels .com) 2022-12-05 (phishing.rules)
2041769 - ET PHISHING Observed Phish Domain in DNS Lookup (contractor-enoc .com) 2022-12-05 (phishing.rules)
2041770 - ET PHISHING Observed Phish Domain in DNS Lookup (ahaliahospitalae .com) 2022-12-05 (phishing.rules)
2041771 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-adnoc .com) 2022-12-05 (phishing.rules)
2041772 - ET PHISHING Observed Phish Domain in DNS Lookup (emarataljabrisolicitors .com) 2022-12-05 (phishing.rules)
2041773 - ET PHISHING Observed Phish Domain in DNS Lookup (abdul-sattar-abdul-tr .com) 2022-12-05 (phishing.rules)
2041774 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-aisschools .com) 2022-12-05 (phishing.rules)
2041775 - ET PHISHING Observed Phish Domain in DNS Lookup (builds-emaar .com) 2022-12-05 (phishing.rules)
2041776 - ET PHISHING Observed Phish Domain in DNS Lookup (tender-adnoc .com) 2022-12-05 (phishing.rules)
2041777 - ET PHISHING Observed Phish Domain in DNS Lookup (sheikhmouradoil .com) 2022-12-05 (phishing.rules)
2041778 - ET PHISHING Observed Phish Domain in DNS Lookup (diligencefinconsultants .com) 2022-12-05 (phishing.rules)
2041779 - ET PHISHING Observed Phish Domain in DNS Lookup (rambolloil .com) 2022-12-05 (phishing.rules)
2041780 - ET MALWARE Win32/XFILES Stealer Data Exfiltration Attempt (malware.rules)
2041783 - ET MALWARE TA569 Domain in DNS Lookup (ergpractice .com) (malware.rules)
2041784 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .fate .truelance .com) (malware.rules)

Pro:

2852919 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-11-29 1) (coinminer.rules)
2852920 - ETPRO PHISHING Successful Wells Fargo Phish 2022-12-05 (phishing.rules)
2852921 - ETPRO MALWARE Win32/Screenshotter Backdoor Related Checkin Activity (GET) (malware.rules)
2852922 - ETPRO MALWARE Win32/Screenshotter Backdoor Sending Screenshot (POST) (malware.rules)
2852923 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2022/12/16 - v10198 Ruleset Updates	196	December 16, 2022
Ruleset Update Summary - 2023/02/13 - v10242 Ruleset Updates	85	February 13, 2023
Ruleset Update Summary - 2022/11/21 - v10178 Ruleset Updates	288	November 21, 2022
Ruleset Update Summary - 2022/12/22 - v10203 Ruleset Updates	170	December 22, 2022
Ruleset Update Summary - 2022/11/22 - v10179 Ruleset Updates	456	November 22, 2022

Ruleset Update Summary - 2022/12/05 - v10188

Summary:

Added rules:

Open:

Pro:

Related Topics