Daily Ruleset Update Summary 2022/10/14

Daily Ruleset Update Summary

[***] Summary: [***]

2 new OPEN, 48 new PRO (2 + 46) Havoc Framework, Various Phish, Various
Coinminers

@Slash30Miata

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039417 - ET MALWARE Win32/TrojanDropper.Agent.SRM Exfil via Discord
(malware.rules)
2039418 - ET MALWARE Win32/TrojanDropper.Agent.SSQ Checkin (malware.rules)

Pro:

2852549 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-10-13 1) (coinminer.rules)
2852550 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-10-13 2) (coinminer.rules)
2852551 - ETPRO PHISHING Successful Generic Phish 2022-10-14
(phishing.rules)
2852552 - ETPRO PHISHING Successful Generic Phish 2022-10-14
(phishing.rules)
2852553 - ETPRO PHISHING Successful Raiffeisenbank Phish 2022-10-14
(phishing.rules)
2852554 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852555 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852556 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852557 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852558 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852559 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852560 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852561 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852562 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852563 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852564 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852565 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852566 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852567 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852568 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852569 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852570 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852571 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852572 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852573 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852574 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852575 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852576 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852577 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852578 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852579 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852580 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852581 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852582 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852583 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852584 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852585 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852586 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852587 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852588 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852589 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852590 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852591 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852592 - ETPRO MALWARE Possible Havoc Framework SSL Certificate Observed
(malware.rules)
2852593 - ETPRO MALWARE Generic HTA Checkin (malware.rules)
2852594 - ETPRO MALWARE Michael Page Phish to Malicious HTA Landing Page
(malware.rules)

[///] Modified active rules: [///]

2039182 - ET MALWARE MSSQL maggie backdoor Accessall Query Observed
(malware.rules)
2039183 - ET MALWARE MSSQL maggie backdoor ListIP Query Observed
(malware.rules)
2039184 - ET MALWARE MSSQL maggie backdoor ls Query Observed
(malware.rules)
2039185 - ET MALWARE MSSQL maggie backdoor sysinfo Query Observed
(malware.rules)
2039186 - ET MALWARE MSSQL maggie backdoor whoami Query Observed
(malware.rules)
2039415 - ET MALWARE MSSQL maggie backdoor Query Observed (other
functions) (malware.rules)

Date:

Friday, October 14, 2022

Summary title:

2 new OPEN, 48 new PRO (2 + 46) Havoc Framework, Various Phish, Various Coinminers