Ruleset Update Summary - 2023/03/30 - v10281

rulesbot · March 30, 2023, 8:56pm

Summary:

15 new OPEN, 25 new PRO (15 + 10)

Thanks @suyog41, @StopMalvertisin, @Gi7w0rm, @malPileDiver

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

2044833 - ET MALWARE Bitter Elephant APT Related Activity (GET) (malware.rules)
2044834 - ET MALWARE Suspected APT37 Related Activity (GET) (malware.rules)
2044835 - ET HUNTING Possible Racoon Stealer Retrieving Google Account Details (GET) (hunting.rules)
2044836 - ET MALWARE Observed DNS Query to Gamaredon Domain (saadipo .ru) (malware.rules)
2044837 - ET MALWARE Observed DNS Query to Gamaredon Domain (sabirpo .ru) (malware.rules)
2044838 - ET MALWARE Observed DNS Query to Gamaredon Domain (rufatpo .ru) (malware.rules)
2044839 - ET MALWARE Observed DNS Query to Gamaredon Domain (raidla .ru) (malware.rules)
2044840 - ET PHISHING Silicon Valley Bank Credential Phish Landing Page (2023-03-30) (phishing.rules)
2044841 - ET WEB_CLIENT ALFA TEaM Shell Landing Page (web_client.rules)
2044842 - ET MALWARE DBatLoader CnC Domain (silverline .com .sg) in DNS Lookup (malware.rules)
2044843 - ET MALWARE OpcJacker HVNC Variant Magic Packet (malware.rules)
2044844 - ET MALWARE SocGholish Domain in DNS Lookup (unit4 .majesticpg .com) (malware.rules)
2044845 - ET MALWARE SocGholish Domain in DNS Lookup (examples .propertytax4less .com) (malware.rules)
2044846 - ET MALWARE SocGholish Domain in DNS Lookup (life .judyfay .com) (malware.rules)
2044847 - ET MALWARE TA569 TDS Domain in DNS Lookup (xjquery .com) (malware.rules)

2854056 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.fa CnC Domain in DNS Lookup (mobile_malware.rules)
2854057 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.tm CnC Domain in DNS Lookup (mobile_malware.rules)
2854058 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lc CnC Domain in DNS Lookup (mobile_malware.rules)
2854059 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.n CnC Domain in DNS Lookup (mobile_malware.rules)
2854060 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.fa CnC Domain in DNS Lookup (mobile_malware.rules)
2854061 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CNA CnC Domain in DNS Lookup (mobile_malware.rules)
2854062 - ETPRO MOBILE_MALWARE Android/Spy.AhRat.A CnC Domain in DNS Lookup (mobile_malware.rules)
2854063 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.k CnC Domain in DNS Lookup (mobile_malware.rules)
2854064 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.QZ Checkin (mobile_malware.rules)
2854065 - ETPRO MOBILE_MALWARE Android/Spy.SideWinder.E CnC Domain in DNS Lookup (mobile_malware.rules)

2044382 - ET MALWARE Donot Group APT Related Domain in DNS Lookup (briefdeal .buzz) (malware.rules)
2044383 - ET MALWARE Observed Donot Group APT Domain (briefdeal .buzz in TLS SNI) (malware.rules)
2044384 - ET MALWARE Observed Donot Group APT Domain (winterhero .buzz in TLS SNI) (malware.rules)
2044385 - ET MALWARE Donot Group APT Related Domain in DNS Lookup (winterhero .buzz) (malware.rules)

Topic		Replies	Views
Ruleset Update Summary - 2023/03/06 - v10259 Ruleset Updates	1	246	March 6, 2023
Ruleset Update Summary - 2023/04/04 - v10284 Ruleset Updates	0	309	April 4, 2023
Ruleset Update Summary - 2023/03/17 - v10272 Ruleset Updates	0	231	March 17, 2023
Ruleset Update Summary - 2023/03/27 - v10278 Ruleset Updates	0	461	March 27, 2023
Ruleset Update Summary - 2023/03/21 - v10274 Ruleset Updates	0	265	March 21, 2023