Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/03/01

[***] Summary: [***]

13 new OPEN, 20 new PRO (13 + 7). Trickbot, SunSeed, Gamaredon, MuddyWater, Daxin, PurpleFox, CoinMiners

Thanks @0xrb, @500mk500, @threatintel, @AhnLab_SecuInfo

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback.

Please note there will be no release on Friday, 3/4 due to a company planned PTO holiday.

[+++] Added rules: [+++]

Open:

2035356 - ET TROJAN Win32/Trickbot Data Exfiltration M2 (trojan.rules)

2035357 - ET TROJAN Win32/Trickbot Data Exfiltration M3 (trojan.rules)

2035358 - ET TROJAN Win32/Trickbot Data Exfiltration M4 (trojan.rules)

2035360 - ET TROJAN SunSeed Lua Downloader Activity (GET) (trojan.rules)

2035361 - ET TROJAN SunSeed Downloader Retrieving Binary (set) (trojan.rules)

2035362 - ET TROJAN SunSeed Download Retrieving Binary (trojan.rules)

2035363 - ET TROJAN Gamaredon APT Maldoc Related Activity (POST) (trojan.rules)

2035364 - ET TROJAN MuddyWater APT Related Telegram Activity (trojan.rules)

2035365 - ET TROJAN Win32/Backdoor.Daxin CnC Activity (trojan.rules)

2035366 - ET TROJAN Observed Malicious Filename in Outbound POST Request (Browsers/Cookies/Microsoft Edge_) (trojan.rules)

2035367 - ET INFO Observed Malicious Filename in Outbound POST Request (Information.txt) (info.rules)

2035368 - ET TROJAN MSIL/TrojanDownloader.Agent.JVN CnC Checkin (trojan.rules)

2035369 - ET CURRENT_EVENTS Generic Credential Phish Landing Page 2022-03-01 (current_events.rules)

Pro:

2851174 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 1) (trojan.rules)

2851175 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 2) (trojan.rules)

2851176 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 3) (trojan.rules)

2851177 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 4) (trojan.rules)

2851178 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2022-03-01 5) (trojan.rules)

2851179 - ETPRO TROJAN PurpleFox Backdoor/Rootkit Checkin M2 (trojan.rules)

2851180 - ETPRO TROJAN Trojan:Win32/Sabsik Payload Request M2 (trojan.rules)

[///] Modified active rules: [///]

2035308 - ET TROJAN Suspected PlugX Checkin Activity (udp) (trojan.rules)

2035312 - ET TROJAN Win32/Pterodo CnC Activity (POST) (trojan.rules)

Date:
Summary title:
13 new OPEN, 20 new PRO (13 + 7). Trickbot, SunSeed, Gamaredon, MuddyWater, Daxin, PurpleFox, CoinMiners