Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/08/02

[***] Summary: [***]

19 new OPEN, 24 new PRO (19 + 5). Various APT, Manjusaka, Miners,
Remcos and Phishing.

Thanks @h2jazi

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037880 - ET HUNTING Terse Request for WordPress Site ending in all
digits (hunting.rules)
2037881 - ET MALWARE Win32/VBS.Sload Activity (GET) (malware.rules)
2037882 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2037883 - ET MALWARE TA444 Related Domain in DNS Lookup (inst
.shconstmarket .com) (malware.rules)
2037884 - ET MALWARE TA444 Related Domain in DNS Lookup (web
.shconstmarket .com) (malware.rules)
2037885 - ET MALWARE TA444 Related Domain in DNS Lookup (wordonline
.cloud) (malware.rules)
2037886 - ET ATTACK_RESPONSE HTML Smuggling Powershell Payload In
href (attack_response.rules)
2037887 - ET ATTACK_RESPONSE HTML Smuggling Powershell Payload In
iframe (attack_response.rules)
2037888 - ET MALWARE Manjusaka CnC Server Response (malware.rules)
2037889 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (ui .0x0x0x0x0
.xyz) in DNS Lookup (malware.rules)
2037890 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (rp .oiwcvbnc2e
.stream) in DNS Lookup (malware.rules)
2037891 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (aj .0x0x0x0x0
.best) in DNS Lookup (malware.rules)
2037892 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (xs .0x0x0x0x0
.club) in DNS Lookup (malware.rules)
2037893 - ET MALWARE W32/CoinMiner.ESJ!tr CnC Domain (qb .1c1c1c1c
.best) in DNS Lookup (malware.rules)
2037894 - ET MALWARE W32/CoinMinerESJ!tr CnC Domain (ox .mygoodluck
.best) in DNS Lookup (malware.rules)
2037895 - ET ADWARE_PUP Observed DNS Query to DriverPack Domain (
.drp .su) (adware_pup.rules)
2037896 - ET ADWARE_PUP DriverPack Update Checkin (adware_pup.rules)
2037897 - ET PHISHING Successful Generic Phish 2022-08-01 (phishing.rules)
2037898 - ET MALWARE Win32/Agent.TWI CnC Checkin (malware.rules)

Pro:

2851992 - ETPRO MALWARE Win32/Remcos RAT Checkin 820 (malware.rules)

[///] Modified active rules: [///]

2029706 - ET HUNTING Possible COVID-19 Domain in SSL Certificate M2
(hunting.rules)
2029707 - ET HUNTING Suspicious TLS SNI Request for Possible
COVID-19 Domain M1 (hunting.rules)

Date:
Summary title:
19 new OPEN, 24 new PRO (19 + 5). Various APT, Manjusaka, Miners, Remcos and Phishing.