Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/07/25

[***] Summary: [***]

10 new OPEN, 16 new PRO (10 + 6) 8220 Gang, Loli Stealer, Remcos,
Webshell, and Various Phishing.

Thanks @SentinelOne, @Finch39487976, @petrovic082, @James_inthe_box

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037813 - ET MALWARE Loli Stealer CnC Domain in DNS Lookup
(webstealer .ru) (malware.rules)
2037814 - ET MALWARE Win32/Loli Stealer CnC Activity (malware.rules)
2037815 - ET MALWARE 8220 Gang Related Domain in DNS Lookup
(onlypirate .top) (malware.rules)
2037816 - ET MALWARE 8220 Gang Related Domain in DNS Lookup
(letmaker .top) (malware.rules)
2037817 - ET MALWARE 8220 Gang Related Domain in DNS Lookup
(oracleservice .top) (malware.rules)
2037818 - ET MALWARE VBS/Agent.6B29!tr CnC Checkin (malware.rules)
2037819 - ET PHISHING Successful Idaho Central CU Phish 2022-07-24
(phishing.rules)
2037820 - ET PHISHING AlaskaUSA FCU Phish 2022-07-24 (phishing.rules)
2037821 - ET MALWARE Unknown Maldoc CnC Activity (2022-07-25) (malware.rules)
2037822 - ET MALWARE Win32/Kryptik.GSKY CnC Checkin (malware.rules)

Pro:

2851960 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-23 1) (coinminer.rules)
2851961 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-07-23 2) (coinminer.rules)
2851962 - ETPRO MALWARE Suspected DonotGroup Pult Downloader
Activity M3 (malware.rules)
2851963 - ETPRO HUNTING POST to Glitch Hosted Page (hunting.rules)
2851964 - ETPRO MALWARE Win32/Remcos RAT Checkin 817 (malware.rules)
2851965 - ETPRO WEB_SERVER WebShell Generic - t3rr0r cmd Downloader
In Cookie (web_server.rules)

[///] Modified active rules: [///]

2849378 - ETPRO MALWARE Suspected DonotGroup Pult Downloader
Activity M2 (malware.rules)
2851897 - ETPRO INFO Observed Abused File Sharing Domain in TLS SNI
(info.rules)
2851959 - ETPRO MALWARE MSIL/Spy.Agent.AES Telegram Exfil (malware.rules)

[---] Disabled rules: [---]

2034285 - ET MALWARE Observed DonotGroup Maldoc Related Domain
(digitalresolve .live in TLS SNI) (malware.rules)
2034286 - ET MALWARE DonotGroup Maldoc Related Domain in DNS Lookup
(digitalresolve .live) (malware.rules)
2034302 - ET MALWARE Observed Cobalt Strike Related Domain
(croperdate .com in TLS SNI) (malware.rules)
2034303 - ET MALWARE Observed Cobalt Strike Related Domain (kaslose
.com in TLS SNI) (malware.rules)
2034304 - ET MALWARE Observed Cobalt Strike Related Domain (cdnwin
.xyz in TLS SNI) (malware.rules)

Date:
Summary title:
10 new OPEN, 16 new PRO (10 + 6) 8220 Gang, Loli Stealer, Remcos, Webshell, and Various Phishing.