Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/09/16

[***] Summary: [***]

35 new OPEN, 35 new PRO (35 + 0). Sidewinder APT and Malvertising.

Thanks @uslss_etr and @malwarebytes

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038860 - ET MALWARE Sidewinder APT Related Domain in DNS Lookup
(ptcl-gov .com) (malware.rules)
2038861 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (mamsolutions .us) (current_events.rules)
2038862 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (minielectronic .in) (current_events.rules)
2038863 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (newsforward .quest) (current_events.rules)
2038864 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (polussuo .com) (current_events.rules)
2038865 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (mamsolution .us) (current_events.rules)
2038866 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (antivirusphonenumber .org) (current_events.rules)
2038867 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (a-techsolutions .us) (current_events.rules)
2038868 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (puppyandcats .online) (current_events.rules)
2038869 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (newsagent .quest) (current_events.rules)
2038870 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (humaantouch .com) (current_events.rules)
2038871 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (mvpconsultant .us) (current_events.rules)
2038872 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (comsecurityessentials .support) (current_events.rules)
2038873 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (everyavenuetravel .site) (current_events.rules)
2038874 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (hardwarecloseout .com) (current_events.rules)
2038875 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (netsecurity-essential .com) (current_events.rules)
2038876 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (weeklylive .info) (current_events.rules)
2038877 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (foddylearn .com) (current_events.rules)
2038878 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (decfurnish .com) (current_events.rules)
2038879 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (glamorousfeeds .com) (current_events.rules)
2038880 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (issat .us) (current_events.rules)
2038881 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (trendingonfeed .com) (current_events.rules)
2038882 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (aksconsulting .us) (current_events.rules)
2038883 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (feedsonbudget .com) (current_events.rules)
2038884 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (tissatweb .us) (current_events.rules)
2038885 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (viralonspot .com) (current_events.rules)
2038886 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (furnitureshopone .us) (current_events.rules)
2038887 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (printertechnicahelp .com) (current_events.rules)
2038888 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (mainlytrendy .com) (current_events.rules)
2038889 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (globalnews .cloud) (current_events.rules)
2038890 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (thespeedoflite .com) (current_events.rules)
2038891 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (quickbooktechnicalsupport .org) (current_events.rules)
2038892 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (financialtrending .com) (current_events.rules)
2038893 - ET CURRENT_EVENTS Observed DNS Query to Known Malvertising
Domain (tissat .us) (current_events.rules)
2038894 - ET MALWARE Win32.Agent.Y!c CnC Checkin (malware.rules)

[///] Modified active rules: [///]

2037235 - ET MALWARE Win32/Wacatac.B!ml CnC Checkin (malware.rules)

Date:
Summary title:
35 new OPEN, 35 new PRO (35 + 0). Sidewinder APT and Malvertising.