Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/06/22

[***] Summary: [***]

40 new OPEN, 47 new PRO (40 + 7) Android Spy Hermit,
SilentLibrarian, TA459 Sigs, Win32/Yunsip Stealer, and MSIL/MindLated.

Thanks @Lookout, @TeamDreier, @h2jazi, @James_inthe_box,
@malwareforme, @netresec, @_CERT_UA, @akamai_research

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037055 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037056 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037057 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037058 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037059 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037060 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037061 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037062 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037063 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037064 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037065 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037066 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037067 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037068 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037069 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037070 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037071 - ET MOBILE_MALWARE Android Spy Hermit CnC Domain in DNS
Lookup (mobile_malware.rules)
2037072 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037073 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037074 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037075 - ET MALWARE Observed Malicious SSL/TLS Certificate
(SilentLibrarian) (malware.rules)
2037076 - ET MALWARE TA459 Related Activity (POST) (malware.rules)
2037077 - ET INFO Commonly Abused File Sharing Domain in DNS Lookup
(ftpupload .net) (info.rules)
2037078 - ET MALWARE TA459 Related Domain in DNS Lookup (open
.zerdeopen .top) (malware.rules)
2037079 - ET MALWARE TA459 Related Domain in DNS Lookup (sign
.sanaqsign .org) (malware.rules)
2037080 - ET MALWARE TA459 Related Activity (Inbound) (malware.rules)
2037081 - ET MALWARE Konni APT MalDoc Activity (GET) (malware.rules)
2037082 - ET ACTIVEX Possible Follina Payload Delivery Page (activex.rules)
2037083 - ET EXPLOIT Possible Microsoft Support Diagnostic Tool
Exploitation Inbound (CVE-2022-30190) (exploit.rules)
2037084 - ET MALWARE Win32/Unknown Stealer Command (filegrab)
(Outbound) (malware.rules)
2037085 - ET MALWARE Win32/Unknown Stealer Command (loader)
(Outbound) (malware.rules)
2037086 - ET MALWARE Win32/Unknown Stealer Command (domaindetect)
(Outbound) (malware.rules)
2037087 - ET MALWARE Win32/Unknown Stealer Command (geoblock)
(Outbound) (malware.rules)
2037088 - ET MALWARE Win32/Unknown Stealer CnC Log Exfil (malware.rules)
2037089 - ET MALWARE Win32/Unknown Stealer Command Response
(filegrab) (Inbound) (malware.rules)
2037090 - ET MALWARE Win32/APT28 Host Fingerprint Exfiltration via
IMAP (malware.rules)
2037091 - ET HUNTING Suspicious Zipped Filename in Outbound POST
Request (Steam_htmlcache.txt) M1 (hunting.rules)
2037092 - ET HUNTING Suspicious Zipped Filename in Outbound POST
Request (Steam_htmlcache.txt) M2 (hunting.rules)
2037093 - ET MALWARE [Akamai] Panchan Miner Botnet Checkin (malware.rules)
2037094 - ET PHISHING Successful Phish OWA Credentials 2022-06-20
(phishing.rules)

Pro:

2851815 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 (malware.rules)
2851816 - ETPRO MALWARE Win32/Yunsip Stealer Variant Activity (FTP)
M1 (malware.rules)
2851817 - ETPRO MALWARE Win32/Yunsip Stealer Variant Activity (FTP)
M2 (malware.rules)
2851818 - ETPRO MALWARE MSIL/MindLated Variant Activity (POST) (malware.rules)
2851819 - ETPRO MALWARE Phoenix/404 Keylogger FTP Data Exfiltration
(malware.rules)
2851820 - ETPRO PHISHING Successful Generic Phish 2022-06-22 (phishing.rules)
2851821 - ETPRO MALWARE Win32/deufaltchrometroll Checkin (malware.rules)

Date:
Summary title:
40 new OPEN, 47 new PRO (40 + 7) Android Spy Hermit, SilentLibrarian, TA459 Sigs, Win32/Yunsip Stealer, and MSIL/MindLated.