Ruleset Update Summary - 2022/12/05 - v10188

Summary:

109 new OPEN, 114 new PRO (109 + 5)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2041673 - ET MALWARE Win32/RecordBreaker - Observed UA M4 (20112211) (malware.rules)
  • 2041674 - ET INFO URL Shortening Service Domain in DNS Lookup (e .vg) (info.rules)
  • 2041675 - ET INFO Observed URL Shortening Service Domain (e .vg in TLS SNI) (info.rules)
  • 2041676 - ET MALWARE Observed DNS Query to ElectronBot Domain (Electron-Bot .s3 .eu-central-1 .amazonaws .com) (malware.rules)
  • 2041677 - ET MALWARE Observed DNS Query to ElectronBot Domain (11k .online) (malware.rules)
  • 2041678 - ET MALWARE JS.ElectronBot.B.F7A4D930 Downloader (GET) (malware.rules)
  • 2041679 - ET MALWARE JS.ElectronBot Payload Inbound (malware.rules)
  • 2041680 - ET PHISHING Observed Phish Domain in DNS Lookup (administrator-enoc .com) 2022-12-05 (phishing.rules)
  • 2041681 - ET PHISHING Observed Phish Domain in DNS Lookup (registration-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041682 - ET PHISHING Observed Phish Domain in DNS Lookup (kilimondoilgas-dubai .com) 2022-12-05 (phishing.rules)
  • 2041683 - ET PHISHING Observed Phish Domain in DNS Lookup (horsespeedtravel .com) 2022-12-05 (phishing.rules)
  • 2041684 - ET PHISHING Observed Phish Domain in DNS Lookup (snocprojectae .com) 2022-12-05 (phishing.rules)
  • 2041685 - ET PHISHING Observed Phish Domain in DNS Lookup (snoc-projectae .com) 2022-12-05 (phishing.rules)
  • 2041686 - ET PHISHING Observed Phish Domain in DNS Lookup (qatarenergys .com) 2022-12-05 (phishing.rules)
  • 2041687 - ET PHISHING Observed Phish Domain in DNS Lookup (nowmcopetroleum .com) 2022-12-05 (phishing.rules)
  • 2041688 - ET PHISHING Observed Phish Domain in DNS Lookup (bidders-enoc .com) 2022-12-05 (phishing.rules)
  • 2041689 - ET PHISHING Observed Phish Domain in DNS Lookup (proposal-enoc .com) 2022-12-05 (phishing.rules)
  • 2041690 - ET PHISHING Observed Phish Domain in DNS Lookup (llhhospitals .com) 2022-12-05 (phishing.rules)
  • 2041691 - ET PHISHING Observed Phish Domain in DNS Lookup (alzarafatravellsae .com) 2022-12-05 (phishing.rules)
  • 2041692 - ET PHISHING Observed Phish Domain in DNS Lookup (specgulfae .com) 2022-12-05 (phishing.rules)
  • 2041693 - ET PHISHING Observed Phish Domain in DNS Lookup (eaglestravels-ae .com) 2022-12-05 (phishing.rules)
  • 2041694 - ET PHISHING Observed Phish Domain in DNS Lookup (stalinschoolintlacademy .com) 2022-12-05 (phishing.rules)
  • 2041695 - ET PHISHING Observed Phish Domain in DNS Lookup (consultant-enoc .com) 2022-12-05 (phishing.rules)
  • 2041696 - ET PHISHING Observed Phish Domain in DNS Lookup (vendor-enocbid .com) 2022-12-05 (phishing.rules)
  • 2041697 - ET PHISHING Observed Phish Domain in DNS Lookup (proposal-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041698 - ET PHISHING Observed Phish Domain in DNS Lookup (zbavitae .com) 2022-12-05 (phishing.rules)
  • 2041699 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-taqa .com) 2022-12-05 (phishing.rules)
  • 2041700 - ET PHISHING Observed Phish Domain in DNS Lookup (safetravel-services .com) 2022-12-05 (phishing.rules)
  • 2041701 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfcoastoilngas-ae .com) 2022-12-05 (phishing.rules)
  • 2041702 - ET PHISHING Observed Phish Domain in DNS Lookup (camschooluae .com) 2022-12-05 (phishing.rules)
  • 2041703 - ET PHISHING Observed Phish Domain in DNS Lookup (alhmodzinoilfildservices .com) 2022-12-05 (phishing.rules)
  • 2041704 - ET PHISHING Observed Phish Domain in DNS Lookup (nipmse .com) 2022-12-05 (phishing.rules)
  • 2041705 - ET PHISHING Observed Phish Domain in DNS Lookup (globalhospae .com) 2022-12-05 (phishing.rules)
  • 2041706 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfins-ae .com) 2022-12-05 (phishing.rules)
  • 2041707 - ET PHISHING Observed Phish Domain in DNS Lookup (zirvaenergy .com) 2022-12-05 (phishing.rules)
  • 2041708 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-adio .com) 2022-12-05 (phishing.rules)
  • 2041709 - ET PHISHING Observed Phish Domain in DNS Lookup (uae-snocproject .com) 2022-12-05 (phishing.rules)
  • 2041710 - ET PHISHING Observed Phish Domain in DNS Lookup (alfayhaatravels .com) 2022-12-05 (phishing.rules)
  • 2041711 - ET PHISHING Observed Phish Domain in DNS Lookup (contract-snoc .com) 2022-12-05 (phishing.rules)
  • 2041712 - ET PHISHING Observed Phish Domain in DNS Lookup (biding-enoc .com) 2022-12-05 (phishing.rules)
  • 2041713 - ET PHISHING Observed Phish Domain in DNS Lookup (dibfinancialservice-uae .com) 2022-12-05 (phishing.rules)
  • 2041714 - ET PHISHING Observed Phish Domain in DNS Lookup (registrations-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041715 - ET PHISHING Observed Phish Domain in DNS Lookup (enocbids .com) 2022-12-05 (phishing.rules)
  • 2041716 - ET PHISHING Observed Phish Domain in DNS Lookup (snocprojectuae .com) 2022-12-05 (phishing.rules)
  • 2041717 - ET PHISHING Observed Phish Domain in DNS Lookup (adio-gov .com) 2022-12-05 (phishing.rules)
  • 2041718 - ET PHISHING Observed Phish Domain in DNS Lookup (gulfmarineoilservices .com) 2022-12-05 (phishing.rules)
  • 2041719 - ET PHISHING Observed Phish Domain in DNS Lookup (fenczyflyemiratetravels .com) 2022-12-05 (phishing.rules)
  • 2041720 - ET PHISHING Observed Phish Domain in DNS Lookup (abienceinvestments-fze .com) 2022-12-05 (phishing.rules)
  • 2041721 - ET PHISHING Observed Phish Domain in DNS Lookup (flywaytravelandtourism .com) 2022-12-05 (phishing.rules)
  • 2041722 - ET PHISHING Observed Phish Domain in DNS Lookup (aiischools .com) 2022-12-05 (phishing.rules)
  • 2041723 - ET PHISHING Observed Phish Domain in DNS Lookup (emspgenerahospae .com) 2022-12-05 (phishing.rules)
  • 2041724 - ET PHISHING Observed Phish Domain in DNS Lookup (investinadio .com) 2022-12-05 (phishing.rules)
  • 2041725 - ET PHISHING Observed Phish Domain in DNS Lookup (mohregov-ae .com) 2022-12-05 (phishing.rules)
  • 2041726 - ET PHISHING Observed Phish Domain in DNS Lookup (enacopetroleum .com) 2022-12-05 (phishing.rules)
  • 2041727 - ET PHISHING Observed Phish Domain in DNS Lookup (emsclikoil .com) 2022-12-05 (phishing.rules)
  • 2041728 - ET PHISHING Observed Phish Domain in DNS Lookup (westernmedicalspecialisthosp .com) 2022-12-05 (phishing.rules)
  • 2041729 - ET PHISHING Observed Phish Domain in DNS Lookup (contact-adnocae .com) 2022-12-05 (phishing.rules)
  • 2041730 - ET PHISHING Observed Phish Domain in DNS Lookup (quickcitytravel .com) 2022-12-05 (phishing.rules)
  • 2041731 - ET PHISHING Observed Phish Domain in DNS Lookup (snoc-projectuae .com) 2022-12-05 (phishing.rules)
  • 2041732 - ET PHISHING Observed Phish Domain in DNS Lookup (consultant-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041733 - ET PHISHING Observed Phish Domain in DNS Lookup (salacomimmigration .com) 2022-12-05 (phishing.rules)
  • 2041734 - ET PHISHING Observed Phish Domain in DNS Lookup (dubaiferryae .com) 2022-12-05 (phishing.rules)
  • 2041735 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041736 - ET PHISHING Observed Phish Domain in DNS Lookup (adbntogo .com) 2022-12-05 (phishing.rules)
  • 2041737 - ET PHISHING Observed Phish Domain in DNS Lookup (iconiqueimmigration .com) 2022-12-05 (phishing.rules)
  • 2041738 - ET PHISHING Observed Phish Domain in DNS Lookup (alfujairah-ae .com) 2022-12-05 (phishing.rules)
  • 2041739 - ET PHISHING Observed Phish Domain in DNS Lookup (contractors-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041740 - ET PHISHING Observed Phish Domain in DNS Lookup (stabluk .com) 2022-12-05 (phishing.rules)
  • 2041741 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-enoc .com) 2022-12-05 (phishing.rules)
  • 2041742 - ET PHISHING Observed Phish Domain in DNS Lookup (siemenoilandgas .com) 2022-12-05 (phishing.rules)
  • 2041743 - ET PHISHING Observed Phish Domain in DNS Lookup (proposals-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041744 - ET PHISHING Observed Phish Domain in DNS Lookup (hamraoilgroup .com) 2022-12-05 (phishing.rules)
  • 2041745 - ET PHISHING Observed Phish Domain in DNS Lookup (flylinkimmigration .com) 2022-12-05 (phishing.rules)
  • 2041747 - ET PHISHING Observed Phish Domain in DNS Lookup (ae-snoctenders .com) 2022-12-05 (phishing.rules)
  • 2041748 - ET PHISHING Observed Phish Domain in DNS Lookup (contracts-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041749 - ET PHISHING Observed Phish Domain in DNS Lookup (registrations-enoc .com) 2022-12-05 (phishing.rules)
  • 2041750 - ET PHISHING Observed Phish Domain in DNS Lookup (uae-snoctenders .com) 2022-12-05 (phishing.rules)
  • 2041751 - ET PHISHING Observed Phish Domain in DNS Lookup (oceanicflyimmigration .com) 2022-12-05 (phishing.rules)
  • 2041752 - ET PHISHING Observed Phish Domain in DNS Lookup (rfq-taziz .com) 2022-12-05 (phishing.rules)
  • 2041753 - ET PHISHING Observed Phish Domain in DNS Lookup (consultants-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041754 - ET PHISHING Observed Phish Domain in DNS Lookup (abbrossgeneralhospital .com) 2022-12-05 (phishing.rules)
  • 2041755 - ET PHISHING Observed Phish Domain in DNS Lookup (snocproject-ae .com) 2022-12-05 (phishing.rules)
  • 2041756 - ET PHISHING Observed Phish Domain in DNS Lookup (dahilalcapitalinvest .com) 2022-12-05 (phishing.rules)
  • 2041757 - ET PHISHING Observed Phish Domain in DNS Lookup (duramtravelagency .com) 2022-12-05 (phishing.rules)
  • 2041758 - ET PHISHING Observed Phish Domain in DNS Lookup (biddings-enoc .com) 2022-12-05 (phishing.rules)
  • 2041759 - ET PHISHING Observed Phish Domain in DNS Lookup (hpschooluae .com) 2022-12-05 (phishing.rules)
  • 2041760 - ET PHISHING Observed Phish Domain in DNS Lookup (rakpetrolae .com) 2022-12-05 (phishing.rules)
  • 2041761 - ET PHISHING Observed Phish Domain in DNS Lookup (arabianmigration .com) 2022-12-05 (phishing.rules)
  • 2041762 - ET PHISHING Observed Phish Domain in DNS Lookup (snocuae .com) 2022-12-05 (phishing.rules)
  • 2041763 - ET PHISHING Observed Phish Domain in DNS Lookup (atenaeps .com) 2022-12-05 (phishing.rules)
  • 2041764 - ET PHISHING Observed Phish Domain in DNS Lookup (ae-snocproject .com) 2022-12-05 (phishing.rules)
  • 2041765 - ET PHISHING Observed Phish Domain in DNS Lookup (harvesttravelagency .com) 2022-12-05 (phishing.rules)
  • 2041766 - ET PHISHING Observed Phish Domain in DNS Lookup (registration-ae-enoc .com) 2022-12-05 (phishing.rules)
  • 2041767 - ET PHISHING Observed Phish Domain in DNS Lookup (toursolutions4u .com) 2022-12-05 (phishing.rules)
  • 2041768 - ET PHISHING Observed Phish Domain in DNS Lookup (easternbaytravels .com) 2022-12-05 (phishing.rules)
  • 2041769 - ET PHISHING Observed Phish Domain in DNS Lookup (contractor-enoc .com) 2022-12-05 (phishing.rules)
  • 2041770 - ET PHISHING Observed Phish Domain in DNS Lookup (ahaliahospitalae .com) 2022-12-05 (phishing.rules)
  • 2041771 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041772 - ET PHISHING Observed Phish Domain in DNS Lookup (emarataljabrisolicitors .com) 2022-12-05 (phishing.rules)
  • 2041773 - ET PHISHING Observed Phish Domain in DNS Lookup (abdul-sattar-abdul-tr .com) 2022-12-05 (phishing.rules)
  • 2041774 - ET PHISHING Observed Phish Domain in DNS Lookup (tenders-aisschools .com) 2022-12-05 (phishing.rules)
  • 2041775 - ET PHISHING Observed Phish Domain in DNS Lookup (builds-emaar .com) 2022-12-05 (phishing.rules)
  • 2041776 - ET PHISHING Observed Phish Domain in DNS Lookup (tender-adnoc .com) 2022-12-05 (phishing.rules)
  • 2041777 - ET PHISHING Observed Phish Domain in DNS Lookup (sheikhmouradoil .com) 2022-12-05 (phishing.rules)
  • 2041778 - ET PHISHING Observed Phish Domain in DNS Lookup (diligencefinconsultants .com) 2022-12-05 (phishing.rules)
  • 2041779 - ET PHISHING Observed Phish Domain in DNS Lookup (rambolloil .com) 2022-12-05 (phishing.rules)
  • 2041780 - ET MALWARE Win32/XFILES Stealer Data Exfiltration Attempt (malware.rules)
  • 2041783 - ET MALWARE TA569 Domain in DNS Lookup (ergpractice .com) (malware.rules)
  • 2041784 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .fate .truelance .com) (malware.rules)

Pro:

  • 2852919 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-11-29 1) (coinminer.rules)
  • 2852920 - ETPRO PHISHING Successful Wells Fargo Phish 2022-12-05 (phishing.rules)
  • 2852921 - ETPRO MALWARE Win32/Screenshotter Backdoor Related Checkin Activity (GET) (malware.rules)
  • 2852922 - ETPRO MALWARE Win32/Screenshotter Backdoor Sending Screenshot (POST) (malware.rules)
  • 2852923 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) (malware.rules)