Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/10/12

[***] Summary: [***]

19 new OPEN, 24 new PRO (19 + 5) MSSQL Maggie Backdoor, FortiOS Auth
Bypass, Various Phish, Arid Viper.

Thanks @MBThreatIntel, @cluster25_io, @DCSO_CyTec, @jaydinbas, @botlabsDev

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039171 - ET MALWARE Arid Viper APT Related Activity (POST)
(malware.rules)
2039172 - ET MALWARE Magecart Related Domain in DNS Lookup (cdn-mediahub
.com) (malware.rules)
2039173 - ET WEB_SERVER Cluster25 FortiOS Possible Auth Bypass Attempt
(web_server.rules)
2039174 - ET PHISHING Generic Credential Phish Landing Page 2022-10-12
(phishing.rules)
2039175 - ET PHISHING Successful Generic Credential Phish 2022-10-12
(phishing.rules)
2039176 - ET PHISHING Generic Credential Phish 2022-10-12 (phishing.rules)
2039177 - ET MALWARE Mekotio Banking Trojan CnC Domain (zautoservice .eu)
in DNS Lookup (malware.rules)
2039178 - ET INFO Observed File Sharing Service (www .uplooder .net) in
DNS Lookup (info.rules)
2039179 - ET MALWARE Win32/Spy.Mekotio.EY Payload Request (malware.rules)
2039180 - ET INFO Observed File Sharing Service Domain (www .uplooder
.net) in TLS SNI (info.rules)
2039181 - ET INFO MSSQL SELECT SPID Query Observed (info.rules)
2039182 - ET MALWARE MSSQL maggie backdoor Accessall Query Observed
(malware.rules)
2039183 - ET MALWARE MSSQL maggie backdoor ListIP Query Observed
(malware.rules)
2039184 - ET MALWARE MSSQL maggie backdoor ls Query Observed
(malware.rules)
2039185 - ET MALWARE MSSQL maggie backdoor sysinfo Query Observed
(malware.rules)
2039186 - ET MALWARE MSSQL maggie backdoor whoami Query Observed
(malware.rules)
2039187 - ET MALWARE MSSQL maggie backdoor sp_addextendedproc Command
Observed (malware.rules)
2039188 - ET INFO MSSQL sp_addextendedproc Command Observed (info.rules)
2039189 - ET MALWARE VBA/Agent.AAV CnC Checkin (malware.rules)

Pro:

2852541 - ETPRO PHISHING Successful Bancolombia Phish 2022-10-12
(phishing.rules)
2852542 - ETPRO MALWARE Win32/TrojanDownloader.Agent.K CnC Activity
(malware.rules)
2852543 - ETPRO MALWARE Generic Malicious Download Web Inject
(malware.rules)

[///] Modified active rules: [///]

2850598 - ETPRO MALWARE Ettersilent MalDoc C2 Beacon (malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:
Summary title:
19 new OPEN, 24 new PRO (19 + 5) MSSQL Maggie Backdoor, FortiOS Auth Bypass, Various Phish, Arid Viper.