Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/10/05

Daily Ruleset Update Summary 2022/10/05

[***] Summary: [***]

9 new OPEN, 10 new PRO (9 + 1) Malicious Browser Installer, XWorm
RAT, AllcomeClipper and TA569

Thanks @kaspersky @James_inthe_box @3xp0rtblog

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039094 - ET MALWARE Malicious Browser Installer Domain in DNS
Lookup (torbrowser .io) (malware.rules)
2039095 - ET MALWARE Malicious Browser Installer Domain in DNS
Lookup (tor-browser .io) (malware.rules)
2039096 - ET MALWARE Malicious Browser Installer Checkin (POST)
(malware.rules)
2039097 - ET HUNTING PNG in HTTP POST (Outbound) (hunting.rules)
2039098 - ET MALWARE Observed DNS Query to XWorm RAT Domain
(system6458 .ddns .net) (malware.rules)
2039099 - ET MALWARE AllcomeClipper CnC Domain (dba692117be7b6d3480fe5220fdd5
8b38bf .xyz) in DNS Lookup (malware.rules)
2039100 - ET MALWARE AllcomeClipper CnC Checkin (malware.rules)
2039101 - ET MALWARE TA569 Domain in DNS Lookup (pastukhova .com)
(malware.rules)
2039102 - ET MALWARE TA569 Fake Browser Update Domain in DNS Lookup
(profi-stom .com) (malware.rules)

Pro:

[///] Modified active rules: [///]

2039085 - ET MALWARE DonotGroup Pult Downloader Activity (POST) M2
(malware.rules)

Date:
Summary title:
9 new OPEN, 10 new PRO (9 + 1) Malicious Browser Installer, XWorm RAT, AllcomeClipper and TA569