Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/10/07

[***] Summary: [***]

13 new OPEN, 33 new PRO (13 + 20) Various Android/Spy, Various
Trojan-Spy.AndroidOS, Truebot/Silence.Downloader, Win32/RM3Loader,
Various Phishing, and Various Adware

Thanks @malwareforme @viriback @Slash30Miata

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039120 - ET MALWARE TrueBot/Silence.Downlaoder Screenshot Post M1
(malware.rules)
2039121 - ET MALWARE TrueBot/Silence.Downlaoder Screenshot Post M2
(malware.rules)
2039122 - ET MALWARE Win32/RM3Loader Activity (set) (malware.rules)
2039123 - ET MALWARE Observed DNS Query to DonotGroup Domain
(stokpro .buzz) (malware.rules)
2039124 - ET USER_AGENTS Discord Bot User-Agent Observed
(DiscordBot) (user_agents.rules)
2039125 - ET PHISHING DHL Credential Phish Landing Page 2022-10-07
(phishing.rules)
2039126 - ET PHISHING Binance Credential Phish Landing Page
2022-10-07 (phishing.rules)
2039127 - ET ADWARE_PUP Win32/Adware.WDJiange.A CnC Checkin M1
(adware_pup.rules)
2039128 - ET ADWARE_PUP Win32/Adware.Agent.NSF CnC Checkin M1
(adware_pup.rules)
2039129 - ET EXPLOIT ZKBioSecurity SQL Injection Attempt
(CVE-2022-36635) (exploit.rules)
2039130 - ET MALWARE Win32/RM3Loader Server Response (malware.rules)
2039131 - ET PHISHING Successful Binance Credential Phish 2022-10-07
(phishing.rules)
2039132 - ET PHISHING Successful Outlook Phish 2022-10-06 (phishing.rules)

Pro:

2852507 - ETPRO MOBILE_MALWARE Android.Joker.1765 CnC Domain in DNS
Lookup (mobile_malware.rules)
2852508 - ETPRO MOBILE_MALWARE Android.Joker.1765 CnC Beacon
(mobile_malware.rules)
2852509 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Harly.p CnC Domain
in DNS Lookup (mobile_malware.rules)
2852510 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Pletor
.a Checkin (mobile_malware.rules)
2852511 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.IZL CnC
Beacon (mobile_malware.rules)
2852512 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.IZL CnC
Domain in DNS Lookup (mobile_malware.rules)
2852513 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.sx CnC
Domain in DNS Lookup (mobile_malware.rules)
2852514 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Gustuff.d
Checkin (mobile_malware.rules)
2852515 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.WT CnC Domain in
DNS Lookup (mobile_malware.rules)
2852516 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Malaspy.a
Checkin (mobile_malware.rules)
2852517 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.WT CnC Domain in
DNS Lookup (mobile_malware.rules)
2852518 - ETPRO MOBILE_MALWARE Android.Spy.1010.origin Checkin
(mobile_malware.rules)
2852519 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CCM CnC Domain in
DNS Lookup (mobile_malware.rules)
2852520 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BXZ CnC Domain in
DNS Lookup (mobile_malware.rules)
2852521 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba CnC
Response (mobile_malware.rules)
2852522 - ETPRO MOBILE_MALWARE Observed Android.SmsSpy.11416 Domain
in TLS SNI (mobile_malware.rules)
2852523 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.ZB CnC Domain
in DNS Lookup (mobile_malware.rules)
2852524 - ETPRO MALWARE Win32/Remcos RAT Checkin 841 (malware.rules)
2852525 - ETPRO PHISHING Successful Generic Phish 2022-10-07 (phishing.rules)
2852526 - ETPRO PHISHING Successful Ent Credit Union Phish
2022-10-07 (phishing.rules)

Date:
Summary title:
13 new OPEN, 33 new PRO (13 + 20) Various Android/Spy, Various Trojan-Spy.AndroidOS, Truebot/Silence.Downloader, Win32/RM3Loader, Various Phishing, and Various Adware