Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/07/08

[***] Summary: [***]

10 new OPEN, 14 new PRO (10 + 4). MSIL/PSW.Agent.RXP,
MSIL/Spy.Agent.AES Zipped Exfil, Various Phishing and Miners.

Thanks @TomHegel and @SentinelOne

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037722 - ET MALWARE TontoTeam APT Related Bisonal CnC Activity
(malware.rules)
2037723 - ET MALWARE CN Based APT Related Domain in DNS Lookup
(supportteam .lingrevelat .com) (malware.rules)
2037724 - ET MALWARE CN Based APT Related Domain in DNS Lookup (news
.wooordhunts .com) (malware.rules)
2037725 - ET INFO Observed DNS Query to Dynamic DNS Service (giize
.com) (info.rules)
2037726 - ET MALWARE CN Based APT Related Domain in DNS Lookup
(instructor .giize .com) (malware.rules)
2037727 - ET PHISHING Successful Adobe Credential Phish 2022-07-08
(phishing.rules)
2037728 - ET PHISHING Successful Generic Credential Phish 2022-07-08
(phishing.rules)
2037729 - ET MALWARE MSIL/PSW.Agent.RXP Checkin (malware.rules)
2037730 - ET MALWARE MSIL/Spy.Agent.AES Zipped Exfil (malware.rules)
2037731 - ET MALWARE MSIL/Spy.Agent.DYS Exfil (malware.rules)

Pro:

2851870 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.hf
Checkin (mobile_malware.rules)
2851871 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-07 1) (coinminer.rules)
2851872 - ETPRO PHISHING Generic Credential Phish Landing Page
2022-07-08 (phishing.rules)
2851873 - ETPRO MALWARE Observed Malicious SSL Cert (companypolicy
.ie) (malware.rules)

[///] Modified active rules: [///]

2037076 - ET MALWARE CN Based APT Related Activity (POST) (malware.rules)
2037078 - ET MALWARE CN Based APT Related Domain in DNS Lookup (open
.zerdeopen .top) (malware.rules)
2037079 - ET MALWARE CN Based APT Related Domain in DNS Lookup (sign
.sanaqsign .org) (malware.rules)

[---] Disabled and modified rules: [---]

2807211 - ETPRO WEB_CLIENT Microsoft Internet Explorer
Use-After-Free (CVE-2013-3916) (web_client.rules)
2807239 - ETPRO WEB_CLIENT Adobe PDF file corrupted download
(CVE-2013-3351) 1 (web_client.rules)
2807240 - ETPRO WEB_CLIENT Adobe PDF file corrupted download
(CVE-2013-3351) 2 (web_client.rules)

[---] Removed rules: [---]

2017790 - ET EXPLOIT Adobe PDF CVE-2013-0640 (exploit.rules)
2849172 - ETPRO MALWARE TontoTeam APT Related Bisonal CnC Activity
(malware.rules)

Date:
Summary title:
10 new OPEN, 14 new PRO (10 + 4). MSIL/PSW.Agent.RXP, MSIL/Spy.Agent.AES Zipped Exfil, Various Phishing and Miners.