Daily Ruleset Update Summary 2022/09/19

Daily Ruleset Update Summary

[***] Summary: [***]

8 new OPEN, 12 new PRO (8 + 4) Warzone RAT, Mercury APT,
Golang/Webbfustator, Remcos and some random malware.

Thanks @msftsecurity, @RecordedFuture, and @Securonix

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038895 - ET POLICY Vulnerable Java Version 18.0.x Detected (policy.rules)
2038896 - ET MALWARE Mercury APT Related Domain in DNS Lookup
(sygateway .com) (malware.rules)
2038897 - ET MALWARE Warzone RAT Response (Inbound) (malware.rules)
2038898 - ET MALWARE Golang/Webbfustator DNS Tunneling Activity
(malware.rules)
2038899 - ET HUNTING Office UA Retrieving Content on Unusually High
Port (hunting.rules)
2038900 - ET MALWARE Win32/Agent.XXZ Checkin (malware.rules)
2038901 - ET MALWARE Win32/Covagent Checkin (malware.rules)
2038902 - ET MALWARE Win32/QQPass Checkin (malware.rules)

Pro:

2852383 - ETPRO MALWARE Win32/Remcos RAT Checkin 836 (malware.rules)
2852384 - ETPRO MALWARE Win32/Remcos RAT Checkin 835 (malware.rules)
2852385 - ETPRO ATTACK_RESPONSE Win32/Delf.NBX CnC Response
(attack_response.rules)

[///] Modified active rules: [///]

2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
2034817 - ET POLICY Vulnerable Java Version 17.0.x Detected (policy.rules)
2851698 - ETPRO MALWARE Suspected Maldoc Sending Base64 Encoded URI
(GET) (malware.rules)

Date:

Monday, September 19, 2022

Summary title:

8 new OPEN, 12 new PRO (8 + 4) Warzone RAT, Mercury APT, Golang/Webbfustator, Remcos and some random malware.