Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/09/12

[***] Summary: [***]

12 new OPEN, 19 new PRO (12 + 7). SideCopy APT, Various File
Sharing, Powershell/PowHeartBeat, Remcos RAT and Mobile/Android.

Thanks @entdark_, @MalGamy12, @ESET, @TalosSecurity, @sans_isc and @bofheaded

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038795 - ET MALWARE MSIL/TrojanDownloader.Agent.ITY Screenshot
Upload Attempt (malware.rules)
2038798 - ET MALWARE Sidecopy APT Related Backdoor Activity (malware.rules)
2038799 - ET INFO Abused File Sharing Site Domain Observed (qaz .im)
in DNS Lookup (info.rules)
2038800 - ET INFO Abused File Sharing Site Domain Observed (qaz .su)
in DNS Lookup (info.rules)
2038801 - ET INFO Abused File Sharing Site Domain Observed (qaz .su)
in TLS SNI (info.rules)
2038802 - ET INFO Abused File Sharing Site Domain Observed (qaz .im)
in TLS SNI (info.rules)
2038803 - ET MALWARE PowerShell/PowHeartBeat CnC Domain (central
.suhypercloud .org) in DNS Lookup (malware.rules)
2038804 - ET MALWARE PowerShell/PowHeartBeat CnC Domain (airplane
.travel-commercials .agency) in DNS Lookup (malware.rules)
2038805 - ET INFO Observed DNS Query to Pastebin-style Service
(justpaste .it) (info.rules)
2038806 - ET INFO Observed Pastebin-style Service Domain (justpaste
.it) in TLS SNI (info.rules)
2038807 - ET MOBILE_MALWARE Android/Zanubis CnC Domain
(fullcircleteam .com) in DNS Lookup (mobile_malware.rules)
2038808 - ET MALWARE Win32/TrojanDownloader.VB.RTN Payload Delivery
Request (malware.rules)

Pro:

2852360 - ETPRO MALWARE Win32/Remcos RAT Checkin 833 (malware.rules)
2852361 - ETPRO MALWARE Win32/Remcos RAT Checkin 834 (malware.rules)
2852362 - ETPRO MALWARE Script/Unknown CnC Activity (malware.rules)
2852363 - ETPRO MALWARE Observed DNS Query to Suspicious Domain
(threatactor .lol) (malware.rules)
2852364 - ETPRO MALWARE Observed DNS Query to Suspicious Domain
(apt29 .lol) (malware.rules)

[///] Modified active rules: [///]

2851826 - ETPRO MALWARE Arkei/Vidar Stealer Variant - Telegram
Mirror Checkin (malware.rules)

[---] Removed rules: [---]

2038795 - ET ADWARE_PUP MSIL/TrojanDownloader.Agent.ITY Screenshot
Upload Attempt (adware_pup.rules)

Date:
Summary title:
12 new OPEN, 19 new PRO (12 + 7). SideCopy APT, Various File Sharing, Powershell/PowHeartBeat, Remcos RAT and Mobile/Android.