Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/01/19

[***] Summary: [***]

11 new OPEN, 20 new PRO (11 + 9) Octopus Backdoor, Lazarus and Donot APT
DNS sigs, MSIL/Injector.VVP Downloader, Win64/Agent_AGen.CK and various
CoinMiner sigs.

Thanks @welivesecurity and @h2jazi

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034939 - ET TROJAN Powershell Octopus Backdoor Activity (POST)
(trojan.rules)
2034940 - ET TROJAN Powershell Octopus Backdoor Activity (GET)
(trojan.rules)
2034941 - ET TROJAN Cobalt Strike Activity (GET) (trojan.rules)
2034942 - ET TROJAN Lazarus APT Related Domain in DNS Lookup (lm-career
.com) (trojan.rules)
2034943 - ET TROJAN Donot APT Related Domain in DNS Lookup (printerjobs
.xyz) (trojan.rules)
2034944 - ET TROJAN Donot APT Related Domain in DNS Lookup (seasonsbackup
.xyz) (trojan.rules)
2034945 - ET TROJAN Win32/Suspected Reverse Shell Connection
(trojan.rules)
2034946 - ET TROJAN Donot APT Related Domain in DNS Lookup (submitonline
.club) (trojan.rules)
2034947 - ET TROJAN Donot APT Related Domain in DNS Lookup (oceansurvey
.club) (trojan.rules)
2034948 - ET USER_AGENTS Suspicious User-Agent (dBrowser CallGetResponse)
(user_agents.rules)
2034949 - ET TROJAN MSIL/Injector.VVP Downloader Activity M1
(trojan.rules)

Pro:

2850879 - ETPRO MALWARE Win32/Adware.Agent.NSF Checkin (malware.rules)
2850880 - ETPRO TROJAN Win64/Agent_AGen.CK CnC Traffic (Data Exfil)
(trojan.rules)
2850881 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-18 1) (trojan.rules)
2850882 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-18 2) (trojan.rules)
2850883 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-18 3) (trojan.rules)
2850884 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-18 4) (trojan.rules)
2850885 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-18 5) (trojan.rules)
2850886 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-18 6) (trojan.rules)
2850887 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2022-01-18 7) (trojan.rules)

Date:
Summary title:
11 new OPEN, 20 new PRO (11 + 9) Octopus Backdoor, Lazarus and Donot APT DNS sigs, MSIL/Injector.VVP Downloader, Win64/Agent_AGen.CK and various CoinMiner sigs.