Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/09/23

[***] Summary: [***]

15 new OPEN, 15 new PRO (15 + 0) APT28/FancyBear, CVE-2022-3184,
DownWare, Matador and dYdX DNS sigs.

Thanks @h2jazi, @DuskRiseInc, @MBThreatIntel, @SentinelOne,
@BleepinComputer, @maciejmensfeld and @Claroty

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2038958 - ET MALWARE APT28/FancyBear Related Activity (POST) (malware.rules)
2038959 - ET ATTACK_RESPONSE MalDoc/Generik.ILNMZZB Payload Inbound
(attack_response.rules)
2038960 - ET ATTACK_RESPONSE JS/Spy.Banker.LD Credit Card Skimmer
Inbound (attack_response.rules)
2038961 - ET PHISHING Generic Credential Phish Landing Page
2022-09-23 (phishing.rules)
2038962 - ET PHISHING Successful Credential Phish M1 2022-09-23
(phishing.rules)
2038963 - ET PHISHING Successful Credential Phish M2 2022-09-23
(phishing.rules)
2038964 - ET PHISHING Successful Credential Phish M3 2022-09-23
(phishing.rules)
2038965 - ET EXPLOIT Dataprobe iBoot-PDU Pre-Auth Remote Code
Execution Attempt via git-update.php (CVE-2022-3184) M1
(exploit.rules)
2038966 - ET EXPLOIT Dataprobe iBoot-PDU Pre-Auth Remote Code
Execution Attempt via git-update.php (CVE-2022-3184) M2
(exploit.rules)
2038967 - ET INFO SSH-2.0-Go version string Observed in Network
Traffic - Inbound (info.rules)
2038968 - ET INFO SSH-2.0-Go version string Observed in Network
Traffic - Outbound (info.rules)
2038969 - ET ADWARE_PUP Win32/DownWare.G Installer Request (adware_pup.rules)
2038970 - ET MALWARE Metador CnC Domain (networkselfhelp .com) in
DNS Lookup (malware.rules)
2038971 - ET MALWARE dYdX NPM Package Backdoor Exfiltration Domain
(api .circle-cdn .com) in DNS Lookup (malware.rules)
2038972 - ET MALWARE SocGholish Domain in DNS Lookup (malware.rules)

[///] Modified active rules: [///]

2037716 - ET MALWARE Win32/TrojanDownloader.AutoHK.MT CnC Checkin
(malware.rules)
2038930 - ET EXPLOIT Atlassian Bitbucket CVE-2022-36804 Exploit
Attempt (exploit.rules)
2814068 - ETPRO MALWARE XCodeGhost Beacon (malware.rules)

[---] Removed rules: [---]

Date:
Summary title:
15 new OPEN, 15 new PRO (15 + 0) APT28/FancyBear, CVE-2022-3184, DownWare, Matador and dYdX DNS sigs.