Daily Ruleset Update Summary 2022/08/03

Daily Ruleset Update Summary

[***] Summary: [***]

12 new OPEN, 21 new PRO (12 + 9). Knotweed/SubZero, Solaris2, Ave
Maria/Warzone RAT and Miners.

Thanks @malwrhunterteam and @Fortinet

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2037899 - ET MALWARE Observed Malicious SSL/TLS Certificate
(Knotweed/SubZero) (malware.rules)
2037900 - ET MALWARE Observed DNS Query to Known Knotweed/SubZero
Domain (malware.rules)
2037901 - ET MALWARE Observed Malicious SSL/TLS Certificate
(Knotweed/SubZero) (malware.rules)
2037902 - ET MALWARE Observed DNS Query to Known Knotweed/SubZero
Domain (malware.rules)
2037903 - ET MALWARE Observed Malicious SSL/TLS Certificate
(Knotweed/SubZero) (malware.rules)
2037904 - ET MALWARE Observed DNS Query to Known Knotweed/SubZero
Domain (malware.rules)
2037905 - ET GAMES Solaris2 Checkin (games.rules)
2037906 - ET MALWARE Suspected BTC Swapper Activity (GET) (malware.rules)
2037907 - ET MALWARE Ave Maria/Warzone RAT Credential Exfil (malware.rules)
2037908 - ET MALWARE Possible T-RAT Encrypted Zip Request M2 (malware.rules)
2037909 - ET MALWARE ENV Variable Data Exfiltration Domain (ovz1
.j19544519 .pr46m .vps .myjino .ru) in DNS Lookup (malware.rules)
2037910 - ET MALWARE ENV Variable Data Exfiltration Attempt (HTTP
POST) (malware.rules)

Pro:

2851997 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-02 1) (coinminer.rules)
2851998 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-02 2) (coinminer.rules)
2851999 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-02 3) (coinminer.rules)
2852000 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-02 4) (coinminer.rules)
2852001 - ETPRO ATTACK_RESPONSE LNK/LALALA Stealer Payload Inbound
(attack_response.rules)
2852002 - ETPRO ATTACK_RESPONSE LNK/LALALA Stealer Payload Inbound
(attack_response.rules)

[///] Modified active rules: [///]

2020084 - ET ATTACK_RESPONSE Microsoft Powershell Banner Outbound
(attack_response.rules)
2031081 - ET MALWARE Possible T-RAT Encrypted Zip Request M1 (malware.rules)

Date:

Wednesday, August 3, 2022

Summary title:

12 new OPEN, 21 new PRO (12 + 9). Knotweed/SubZero, Solaris2, Ave Maria/Warzone RAT and Miners.