Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/10/04

Daily Ruleset Update Summary 2022/10/04

[***] Summary: [***]

9 new OPEN, 15 new PRO (9 + 6) DonotGroup, Comm100, TA569, and
Various Coinminers

Thanks @Crowdstrike

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039085 - ET MALWARE DonotGroup Pult Downloader Activity (POST) M2
(malware.rules)
2039086 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain
(amazonawsreplay .com) (malware.rules)
2039087 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain
(microsoftfileapis .com) (malware.rules)
2039088 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain
(windowstearns .com) (malware.rules)
2039089 - ET ATTACK_RESPONSE JS/Comm100 Trojan Backdoor Inbound
(attack_response.rules)
2039090 - ET ATTACK_RESPONSE JS/Comm100 Trojan CnC Payload Inbound
(attack_response.rules)
2039091 - ET INFO Baidu MiniDownloader System Fingerprint
Exfiltration (info.rules)
2039092 - ET MALWARE TA569 Domain in DNS Lookup (gloogletag .com)
(malware.rules)
2039093 - ET MALWARE TA569 Domain in DNS Lookup (brocode3s .com)
(malware.rules)

Pro:

2852478 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-10-04 1) (coinminer.rules)
2852479 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-10-04 2) (coinminer.rules)
2852480 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-10-04 3) (coinminer.rules)
2852483 - ETPRO USER_AGENTS Suspicious User-Agent (mozilla firefox)
(user_agents.rules)

Date:
Summary title:
9 new OPEN, 15 new PRO (9 + 6) DonotGroup, Comm100, TA569, and Various Coinminers