Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/06/13

[***] Summary: [***]

17 new OPEN, 23 new PRO (17 + 6). Sidewinder APT, PingPull, Gallium
APT, Generic Stealer, Various Phishing and Miners.

Thanks @h2jazi, @Unit42_Intel, @James_inthe_box

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2036884 - ET HUNTING Possible Generic Stealer Sending System
Information (hunting.rules)
2036885 - ET HUNTING Possible Generic Stealer Sending a Screenshot
(hunting.rules)
2036964 - ET MALWARE MegalodonHTTP/LuciferHTTP/Gomorrah Client
Action M2 (malware.rules)
2036965 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(bahriafoundation .live) (malware.rules)
2036966 - ET MALWARE Aoqin Dragon APT Related Activity (GET) (malware.rules)
2036967 - ET MALWARE PingPull ICMP Activity (Outbound) (malware.rules)
2036968 - ET MALWARE PingPull Related Activity (POST) (malware.rules)
2036969 - ET MALWARE Gallium APT Related Domain in DNS Lookup
(hinitial .com) (malware.rules)
2036970 - ET MALWARE Gallium APT Related Domain in DNS Lookup
(micfkbeljacob .com) (malware.rules)
2036971 - ET MALWARE PingPull Related Activity (Outbound) (malware.rules)
2036972 - ET MALWARE PingPull ICMP Activity M2 (Outbound) (malware.rules)
2036973 - ET MALWARE Aoqin Dragon APT Related Activity (GET) (malware.rules)
2036974 - ET PHISHING Successful Generic Credential Phish 2022-06-13
(phishing.rules)
2036975 - ET PHISHING Generic Credential Phish Landing Page
2022-06-13 (phishing.rules)
2036976 - ET MALWARE Win32/LingyunNet.A CnC Checkin (malware.rules)
2036977 - ET MALWARE Win32/LingyunNet.A Heartbeat (malware.rules)
2036978 - ET MALWARE Win32/LingyunNet.A Heartbeat Response (malware.rules)

Pro:

2851770 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-06-10 1) (coinminer.rules)
2851771 - ETPRO MALWARE File named Payload.exe Downloaded via
Powershell (malware.rules)
2851772 - ETPRO MALWARE Downloaded Powershell Fingerprinting Host
(malware.rules)
2851773 - ETPRO MALWARE MalDoc retrieving Payload 6/13/2022 (malware.rules)
2851774 - ETPRO MALWARE Observed Snip3 Domain in DNS Lookup
(coalminners .shop) (malware.rules)
2851775 - ETPRO MALWARE Observed Snip3 Domain in DNS Lookup
(asianexportglass .shop) (malware.rules)

[---] Disabled and modified rules: [---]

2016137 - ET EXPLOIT EIP in URI M1 (CVE-2012-4792) (exploit.rules)

[---] Removed rules: [---]

2036884 - ET MALWARE Generic Stealer Sending System Information M1
(malware.rules)
2036885 - ET MALWARE Generic Stealer Sending System Information M2
(malware.rules)

Date:
Summary title:
17 new OPEN, 23 new PRO (17 + 6). Sidewinder APT, PingPull, Gallium APT, Generic Stealer, Various Phishing and Miners.