Daily Ruleset Update Summary 2022/08/23

Daily Ruleset Update Summary

[***] Summary: [***]

10 new OPEN, 18 new PRO (10 + 8). VileRAT, Phishing, Android Banker
and Win32/CargoBay.

Thanks Google TAG, @proxylife, @MaxMal

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038592 - ET MALWARE VileRAT Related Domain in DNS Lookup (hubflash
.co) (malware.rules)
2038593 - ET MALWARE Suspected VileRAT Related Request Activity
(GET) (malware.rules)
2038594 - ET MALWARE TA453/APT35 HYPERSCRAPE Tool Check-in Activity
(GET) (malware.rules)
2038595 - ET MALWARE TA453/APT35 HYPERSCRAPE Tool Identity Check
Activity (GET) (malware.rules)
2038596 - ET MALWARE TA453/APT35 HYPERSCRAPE Tool Sending System
Information (POST) (malware.rules)
2038597 - ET MALWARE Trojan:Win32/WinLNK.APA!MTB Payload Request
(malware.rules)
2038598 - ET PHISHING Successful Generic Credential Theft 2022-08-23
(phishing.rules)
2038599 - ET PHISHING Generic Credential Theft Landing Page
2022-08-23 (phishing.rules)
2038600 - ET INFO SAFIB Assistant Remote Administration Tool CnC
Checkin (info.rules)
2038601 - ET INFO SAFIB Assistant Remote Administration Tool
Keepalive (info.rules)

Pro:

2852166 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Cerberus /
Anubis Checkin 2 (mobile_malware.rules)
2852167 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Wroba.o
Response (mobile_malware.rules)
2852168 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-08-20 1) (coinminer.rules)
2852169 - ETPRO EXPLOIT Possible Microsoft Windows Server HTTP.sys
DOS Inbound (CVE-2022-35748) (exploit.rules)
2852170 - ETPRO INFO Remote Utilities Viewer Update Activity (info.rules)
2852171 - ETPRO MALWARE Win32/CargoBay Job Request (GET) (malware.rules)

[+++] Enabled and modified rules: [+++]

2852156 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.afz
Checkin (mobile_malware.rules)

[---] Disabled and modified rules: [---]

2018093 - ET WEB_SERVER Oracle Reports Parse Query Returned Creds
CVE-2012-3153 (web_server.rules)
2807644 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-0274) (web_client.rules)
2807650 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-0277) 1 (web_client.rules)
2807651 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-0277) 2 (web_client.rules)
2807655 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-0284) (web_client.rules)
2807658 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-0287) (web_client.rules)
2807661 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free 1 (CVE-2014-0290) (web_client.rules)

[---] Removed rules: [---]

2852137 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.ed
Checkin (mobile_malware.rules)

Date:

Tuesday, August 23, 2022

Summary title:

10 new OPEN, 18 new PRO (10 + 8). VileRAT, Phishing, Android Banker and Win32/CargoBay.