Daily Ruleset Update Summary 2022/09/08

Daily Ruleset Update Summary

[***] Summary: [***]

8 new OPEN, 10 new PRO (8 + 2) Bitter APT, Gamaredon, Qbot, BECU Phish
and Win32/Lypserat.O.

Thanks @AuCyble and @h2jazi

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038756 - ET INFO Temporary File Hosting Domain in TLS SNI (temp .sh)
(info.rules)
2038773 - ET MALWARE Bitter APT Related Domain in DNS Lookup
(signal-premium-app .org) (malware.rules)
2038774 - ET MALWARE Bitter APT Related Domain in DNS Lookup
(signalpremium .com) (malware.rules)
2038775 - ET MALWARE Bitter APT Related Domain in DNS Lookup
(youtubepremiumapp .com) (malware.rules)
2038776 - ET MALWARE Win32/Qbot CnC Activity M3 (POST) (malware.rules)
2038777 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2038778 - ET MALWARE Win32/Zegost!ml CnC Checkin (malware.rules)
2038779 - ET PHISHING Successful BECU Phish 2022-09-08 (phishing.rules)

Pro:

2852310 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-09-08 1) (coinminer.rules)
2852311 - ETPRO MALWARE Win32/Lypserat.O CnC Activity (malware.rules)

[---] Removed rules: [---]

2038756 - ET MALWARE Temporary File Hosting Domain in TLS SNI (temp .sh)
(malware.rules)

Date:

Thursday, September 8, 2022

Summary title:

8 new OPEN, 10 new PRO (8 + 2) Bitter APT, Gamaredon, Qbot, BECU Phish and Win32/Lypserat.O.