Daily Ruleset Update Summary 2022/08/22

Daily Ruleset Update Summary

[***] Summary: [***]

17 new OPEN, 60 new PRO (17 + 43). Various Ransomware, CargoBay,
DonotGroup APT, Android Malware and ActionLoader.

Thanks @trustwave, @SentinelOne, @morphisec

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038575 - ET INFO Cloud File Sharing Domain in DNS Lookup (.filebase
.io) (info.rules)
2038576 - ET INFO Cloud IPFS Service Domain in DNS Lookup
(nftstorage .link) (info.rules)
2038577 - ET MALWARE Win32/Atomsilo Ransomware Activity (POST) (malware.rules)
2038578 - ET MALWARE Successful CargoBay Exfil (malware.rules)
2038579 - ET MALWARE CargoBay CnC Activity (malware.rules)
2038580 - ET PHISHING Facebook Credential Theft Landing Page
2022-08-22 (phishing.rules)
2038581 - ET PHISHING PUBG Credential Theft Landing Page 2022-08-22
(phishing.rules)
2038582 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(clipboardgames .xyz) (malware.rules)
2038583 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(esr .suppservices .xyz) (malware.rules)
2038584 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(globalseasurfer .xyz) (malware.rules)
2038585 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(worldpro .buzz) (malware.rules)
2038586 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(doctorstrange .buzz) (malware.rules)
2038587 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(fitnesscheck .xyz) (malware.rules)
2038588 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(beetelson .xyz) (malware.rules)
2038589 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(ser .dermlogged .xyz) (malware.rules)
2038590 - ET MALWARE DonotGroup APT Related Domain in DNS Lookup
(kotlinn .xyz) (malware.rules)
2038591 - ET HUNTING Possible Obfuscator io JavaScript Obfuscation
Exclusion (hunting.rules)

Pro:

2852122 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Teardroid.a CnC
Domain in DNS Lookup (mobile_malware.rules)
2852123 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Rkor.cn CnC
Domain in DNS Lookup (mobile_malware.rules)
2852124 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Rkor.cn CnC
Domain in DNS Lookup (mobile_malware.rules)
2852125 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852126 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852127 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852128 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852129 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852130 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852131 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852132 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852133 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852134 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852135 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852136 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bj CnC
Domain in DNS Lookup (mobile_malware.rules)
2852137 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.ed
Checkin (mobile_malware.rules)
2852138 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852139 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852140 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852141 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852142 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852143 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852144 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852145 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852146 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852147 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852148 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852149 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852150 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.JFW CnC
Domain in DNS Lookup (mobile_malware.rules)
2852151 - ETPRO MOBILE_MALWARE Android/Obfus.UX CnC Domain in DNS
Lookup (mobile_malware.rules)
2852152 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.abs CnC
Domain in DNS Lookup (mobile_malware.rules)
2852153 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CIO CnC Domain in
DNS Lookup (mobile_malware.rules)
2852154 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Bray.o CnC
Beacon (mobile_malware.rules)
2852156 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.afz
Checkin (mobile_malware.rules)
2852157 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Bray.j CnC
Domain in DNS Lookup (mobile_malware.rules)
2852158 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Bray.j CnC
Domain in DNS Lookup (mobile_malware.rules)
2852159 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.di CnC
Domain in DNS Lookup (mobile_malware.rules)
2852160 - ETPRO MALWARE Win32/Remcos RAT Checkin 828 (malware.rules)
2852161 - ETPRO MALWARE Win32/Remcos RAT Checkin 829 (malware.rules)
2852162 - ETPRO MALWARE ActionLoader CnC Domain in DNS Lookup (malware.rules)
2852163 - ETPRO MALWARE ActionLoader CnC Activity M2 (malware.rules)

[///] Modified active rules: [///]

2016097 - ET MALWARE Unknown - Loader - Check .exe Updated (malware.rules)
2038501 - ET HUNTING Possible Obfuscator io JavaScript Obfuscation
(hunting.rules)
2843794 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus /
Anubis Checkin (mobile_malware.rules)

Date:

Monday, August 22, 2022

Summary title:

17 new OPEN, 60 new PRO (17 + 43). Various Ransomware, CargoBay, DonotGroup APT, Android Malware and ActionLoader.