Daily Ruleset Update Summary 2022/09/01

Daily Ruleset Update Summary

[***] Summary: [***]

20 new OPEN, 23 new PRO (20 + 3). CobaltStrike, TA444, ErbiumStealer,
Others.

Thanks @abuse_ch, @3xp0rtblog, @360Netlab

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038705 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup
(fuvataren .com) (malware.rules)
2038706 - ET MALWARE Win32/Orchard Botnet Activity M2 (malware.rules)
2038707 - ET INFO Inveigh Proxy Powershell Script Retrieval (Inbound)
(info.rules)
2038708 - ET ADWARE_PUP ZeroTier P2P VPN Activity M1 (adware_pup.rules)
2038709 - ET MALWARE Observed DNS Query to TA444 Domain (wps .wpsonline
.co) (malware.rules)
2038710 - ET MALWARE Observed DNS Query to TA444 Domain (documentshare
.info) (malware.rules)
2038711 - ET MALWARE Observed DNS Query to TA444 Domain
(unchained-capital .co) (malware.rules)
2038712 - ET MALWARE Observed DNS Query to TA444 Domain (cloud
.globiscapital .co) (malware.rules)
2038713 - ET MALWARE Observed DNS Query to TA444 Domain (shconstmarket
.com) (malware.rules)
2038714 - ET MALWARE Observed DNS Query to TA444 Domain (stablehouses
.info) (malware.rules)
2038715 - ET MALWARE Observed DNS Query to TA444 Domain (edit .wpsonline
.co) (malware.rules)
2038716 - ET MALWARE Observed DNS Query to TA444 Domain (bankofamerica
.us .org) (malware.rules)
2038717 - ET MALWARE Observed DNS Query to TA444 Domain (salt1ending
.com) (malware.rules)
2038718 - ET MALWARE Observed DNS Query to TA444 Domain (cloud .jbic .us)
(malware.rules)
2038720 - ET MALWARE Observed DNS Query to TA444 Domain (share .anobaka
.info) (malware.rules)
2038721 - ET MALWARE Observed DNS Query to TA444 Domain (vote .anobaka
.info) (malware.rules)
2038722 - ET MALWARE Observed DNS Query to TA444 Domain (cloud .wpic
.ink) (malware.rules)
2038723 - ET MALWARE ErbiumStealer Variant CnC Activity (getstub)
(malware.rules)
2038724 - ET MALWARE ErbiumStealer Domain (erbium .ml) in TLS SNI
(malware.rules)
2038725 - ET MALWARE Malicious SSL Certificate detected (BoratRat)
(malware.rules)

Pro:

2852278 - ETPRO MALWARE HTML/TrojanDownloader.Agent.NKU CnC Activity M1
(malware.rules)
2852279 - ETPRO MALWARE HTML/TrojanDownloader.Agent.NKU CnC Activity M2
(malware.rules)
2852280 - ETPRO ATTACK_RESPONSE HTML/TrojanDownloader.Agent.NKU CnC
Response (attack_response.rules)

[///] Modified active rules: [///]

2849856 - ETPRO MALWARE Win32/Orchard Botnet Activity (malware.rules)

[///] Modified inactive rules: [///]

2038495 - ET PHISHING Possible Phish with cazanova= Cookie
(phishing.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Thursday, September 1, 2022

Summary title:

20 new OPEN, 23 new PRO (20 + 3). CobaltStrike, TA444, ErbiumStealer, Others.