Daily Ruleset Update Summary 2022/01/13

Daily Ruleset Update Summary

[***] Summary: [***]

15 new OPEN, 25 new PRO (15 + 10). Bitter APT, Pegasus, FluBot and
Various Phishing.

Thanks @SophosLabs and @F5

Due to the observance of Martin Luther King, Jr Day, there will not
be a rulle push on Monday, January 17, 2022.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034907 - ET MALWARE Kuwo Music Installer Log (malware.rules)
2034908 - ET MALWARE Win32/Hao123.C Variant CnC Activity (malware.rules)
2034909 - ET TROJAN APT/Bitter Related CnC Activity (trojan.rules)
2034910 - ET MOBILE_MALWARE Coper Banking Trojan Related Domain in
DNS Lookup (mobile_malware.rules)
2034911 - ET TROJAN Maldoc Retrieving Additional Resources (GET)
(trojan.rules)
2034912 - ET POLICY Observed DNS Over HTTPS Domain (dns .alidns .com
in TLS SNI) (policy.rules)
2034913 - ET MOBILE_MALWARE Android/FluBot Trojan Sending
Information (POST) (mobile_malware.rules)
2034914 - ET EXPLOIT Windows Defender POWERLIKS Detection Bypass
(exploit.rules)
2034915 - ET CURRENT_EVENTS Successful Metawallet Phish 2022-01-13
(current_events.rules)
2034916 - ET CURRENT_EVENTS Metawallet Phish Landing Page 2022-01-13
(current_events.rules)
2034917 - ET TROJAN Possible Pegasus Related DNS Lookup (solo-hoy
.com) (trojan.rules)
2034918 - ET TROJAN Possible Pegasus Related DNS Lookup
(mobile-analytics .netweb-cloud-services .com) (trojan.rules)
2034919 - ET TROJAN Possible Pegasus Related DNS Lookup
(deportes24-7 .com) (trojan.rules)
2034920 - ET TROJAN Observed DNS Query to Pegasus Domain (trojan.rules)
2034921 - ET TROJAN Observed DNS Query to Pegasus Domain (trojan.rules)

Pro:

2850851 - ETPRO TROJAN Win32/Expiro.NDO CnC Activity (trojan.rules)
2850852 - ETPRO CURRENT_EVENTS Successful Generic Phish 2022-01-13
(current_events.rules)
2850853 - ETPRO TROJAN Trojan:Win32/Wacatac Payload Download (trojan.rules)
2850854 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-13 1) (trojan.rules)
2850855 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-13 2) (trojan.rules)
2850856 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-13 3) (trojan.rules)
2850857 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-13 4) (trojan.rules)
2850858 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-13 5) (trojan.rules)
2850859 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-13 6) (trojan.rules)
2850860 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-13 7) (trojan.rules)

[///] Modified active rules: [///]

2018316 - ET TROJAN Possible Zeus GameOver/FluBot Related DGA
NXDOMAIN Responses (trojan.rules)
2034644 - ET MALWARE Win32/RemoteUtilities Checkin via SMTP M2 (malware.rules)

Date:

Thursday, January 13, 2022

Summary title:

15 new OPEN, 25 new PRO (15 + 10). Bitter APT, Pegasus, FluBot and Various Phishing.