Daily Ruleset Update Summary 2022/10/26

Daily Ruleset Update Summary

[***] Summary: [***]

20 new OPEN, 20 new PRO (20 + 0) Gamaredon, KnowBe4 Simulated Phish
Domains, QakBot, Win32/Injector.BBYK, Various Phish

Thanks @h2jazi @Unit42_intel

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039564 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
(malware.rules)
2039565 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(magnetonics .com) (policy.rules)
2039566 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(instantrevert .net) (policy.rules)
2039567 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(kb4 .io) (policy.rules)
2039568 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(bloemlight .com) (policy.rules)
2039569 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(com-onlinebanking .com) (policy.rules)
2039570 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(compromisedblog .com) (policy.rules)
2039571 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(net-login .com) (policy.rules)
2039572 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(msftemail .com) (policy.rules)
2039573 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(ancillarycheese .com) (policy.rules)
2039574 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(com-token-auth .com) (policy.rules)
2039575 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(phishwall .net) (policy.rules)
2039576 - ET POLICY Observed DNS Query to KnowBe4 Simulated Phish Domain
(malwarebouncer .com) (policy.rules)
2039577 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot)
(malware.rules)
2039578 - ET MALWARE Observed Malicious SSL/TLS Certificate (QakBot)
(malware.rules)
2039579 - ET MALWARE Win32/Injector.BBYK Checkin (malware.rules)
2039580 - ET PHISHING Generic Credential Phish Landing Page 2022-10-26
(phishing.rules)
2039581 - ET PHISHING Successful Generic Credential Phish 2022-10-26
(phishing.rules)
2039582 - ET PHISHING Successful Generic Credential Phish 2022-10-26
(phishing.rules)
2039583 - ET PHISHING Successful Generic Credential Phish 2022-10-26
(phishing.rules)

[///] Modified active rules: [///]

2038820 - ET MALWARE Bitter APT CHM CnC Activity M1 (GET) (malware.rules)
2852279 - ETPRO MALWARE Bitter APT CHM CnC Activity M2 (GET)
(malware.rules)
2852280 - ETPRO ATTACK_RESPONSE Bitter APT CHM CnC Response
(attack_response.rules)

Date:

Wednesday, October 26, 2022

Summary title:

20 new OPEN, 20 new PRO (20 + 0) Gamaredon, KnowBe4 Simulated Phish Domains, QakBot, Win32/Injector.BBYK, Various Phish