Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/05/27

[***] Summary: [***]

22 new OPEN, 25 new PRO (22 + 3). Various APT, Phishing, Win32/Kryptik.HPRB.

Thanks to @malwareforme, @pr0xylife, @dodo_sec, @InQuest,
@SpiderLabs, @ShadowChasing1, @0xrb, @__0XYC__

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036704 - ET INFO RealThinClient Outbound Communication (info.rules)
2036705 - ET INFO RealThinClient Session Init (info.rules)
2036706 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(paknavy .comsats .xyz) (malware.rules)
2036707 - ET PHISHING Successful Generic Credential Phish 2022-05-27
(phishing.rules)
2036708 - ET PHISHING ING Credential Phish Landing Page 2022-05-27
(phishing.rules)
2036709 - ET PHISHING Faebook Credential Phish Landing Page M1
2022-05-27 (phishing.rules)
2036710 - ET PHISHING Faebook Credential Phish Landing Page M2
2022-05-27 (phishing.rules)
2036711 - ET PHISHING Generic Credential Phish Landing Page
2022-05-27 (phishing.rules)
2036712 - ET MALWARE Tandem Espionage CnC Domain (cugdwpnykghx .ru)
in DNS Lookup (malware.rules)
2036713 - ET MALWARE Tandem Espionage CnC Domain (zpuxmwmwdxxk .ru)
in DNS Lookup (malware.rules)
2036714 - ET MALWARE Tandem Espionage CnC Domain (rhjebiuujydv .ru)
in DNS Lookup (malware.rules)
2036715 - ET MALWARE Tandem Espionage CnC Domain (rwwmefkauiaa .ru)
in DNS Lookup (malware.rules)
2036716 - ET MALWARE Tandem Espionage CnC Domain (sanlygeljek .ru)
in DNS Lookup (malware.rules)
2036717 - ET MALWARE Tandem Espionage CnC Domain (sinelnikovd .ru)
in DNS Lookup (malware.rules)
2036718 - ET MALWARE Tandem Espionage CnC Domain (wzqyuwtdxyee .ru)
in DNS Lookup (malware.rules)
2036719 - ET MALWARE Tandem Espionage CnC Domain (zyzkikpfewuf .ru)
in DNS Lookup (malware.rules)
2036720 - ET MALWARE Tandem Espionage CnC Domain (ckrddvcveumq .ru)
in DNS Lookup (malware.rules)
2036721 - ET MALWARE Tandem Espionage CnC Domain (dwrfqitgvmqn .ru)
in DNS Lookup (malware.rules)
2036722 - ET MALWARE Tandem Espionage CnC Domain (aztkiryhetxx .ru)
in DNS Lookup (malware.rules)
2036723 - ET MALWARE Tandem Espionage CnC Domain (dvizhdom .ru) in
DNS Lookup (malware.rules)
2036724 - ET MALWARE Grandoreiro Banking Trojan DGA Domain in DNS
Lookup (freedynamicdns. org) (malware.rules)
2036725 - ET INFO Potential External VMware vRealize Automation
Authentication Bypass Vulnerability (info.rules)

Pro:

2851709 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-05-27 1) (coinminer.rules)
2851710 - ETPRO MALWARE Bitter APT Related Backdoor Sending System
Information (malware.rules)
2851711 - ETPRO MALWARE Win32/Kryptik.HPRB Payload Request (GET)
(malware.rules)

[+++] Enabled and modified rules: [+++]

2011819 - ET HUNTING Zero Content-Length HTTP POST with data
(outbound) (hunting.rules)

Date:
Summary title:
22 new OPEN, 25 new PRO (22 + 3). Various APT, Phishing, Win32/Kryptik.HPRB.