Daily Ruleset Update Summary 2022/10/10

Daily Ruleset Update Summary

[***] Summary: [***]

8 new OPEN, 13 new PRO (8 + 5). SocGholish, Various Phish, Various
Modifications.

Thanks @Thingzeye, @moodYmOnster8

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039133 - ET PHISHING Successful Generic Credential Phish 2022-10-10
(phishing.rules)
2039134 - ET PHISHING Account Credential Phish Landing Page 2022-10-10
(phishing.rules)
2039135 - ET PHISHING Generic Credential Phish Landing Page 2022-10-10
(phishing.rules)
2039136 - ET MALWARE SocGholish Domain in DNS Lookup (repo
.allgoodsnservices .com) (malware.rules)
2039137 - ET MALWARE SocGholish Domain in DNS Lookup (family
.1ablecommunity .com) (malware.rules)
2039138 - ET MALWARE SocGholish Domain in DNS Lookup (resort
.reliablecommunityservices .com) (malware.rules)
2039139 - ET MALWARE SocGholish Domain in DNS Lookup (ecar .allsunstates
.com) (malware.rules)
2039140 - ET MALWARE SocGholish CnC Domain in DNS Lookup (houses
.in-vermont .com) (malware.rules)

[///] Modified active rules: [///]

2038972 - ET MALWARE SocGholish Domain in DNS Lookup (tutorials
.girandolashutkindconstruction .com) (malware.rules)
2839328 - ETPRO USER_AGENTS Suspicious XXXX User-Agent Observed
(user_agents.rules)

[---] Disabled and modified rules: [---]

2033242 - ET MALWARE Mirai pTea Variant - Attack Command Outbound
(malware.rules)
2033243 - ET MALWARE Mirai pTea Variant - Attack Command Inbound
(malware.rules)

[---] Removed rules: [---]

2824369 - ETPRO MALWARE Oilrig DNS TXT Response (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Monday, October 10, 2022

Summary title:

8 new OPEN, 13 new PRO (8 + 5). SocGholish, Various Phish, Various Modifications.