Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/11/02

[***] Summary: [***]

3 new OPEN, 7 new PRO (3 + 4) CoinMiner, SocGholish, Win32/StartPage.NOC,
OneDrive Phish, Python Library Backdoor Domain

Also, an out-of-band SocGholish rule was published earlier today, see
link for more details:
https://twitter.com/threatinsight/status/1587866753983389696

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039621 - ET INFO OpenSea API Query NFT Discovery Details (GET)
(info.rules)
2039622 - ET MALWARE Python Library Backdoor Domain (wasp .plague .fun)
in DNS Lookup (malware.rules)
2039623 - ET MALWARE SocGholish Domain in DNS Lookup (podcasts
.momsgrabcoffee .com) (malware.rules)

Pro:

2852767 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-11-01 1) (coinminer.rules)
2852768 - ETPRO MALWARE Win32/StartPage.NOC CnC Activity (malware.rules)
2852769 - ETPRO PHISHING Microsoft OneDrive Phishing Domain (mycourier
.email) in DNS Lookup (phishing.rules)
2852770 - ETPRO PHISHING Observed Microsoft OneDrive Phishing Domain
(mycourier .email) in TLS SNI (phishing.rules)

[///] Modified active rules: [///]

2852487 - ETPRO MALWARE Win32/XWorm CnC Command (PING?) (malware.rules)
2852488 - ETPRO MALWARE Win32/XWorm CnC Command (PING!) (malware.rules)
2852489 - ETPRO MALWARE Win32/XWorm CnC Command (DDosS) (malware.rules)
2852490 - ETPRO MALWARE Win32/XWorm CnC Command (DDosT) (malware.rules)
2852491 - ETPRO MALWARE Win32/XWorm CnC Command (Cilpper) (malware.rules)
2852492 - ETPRO MALWARE Win32/XWorm CnC Command (hidefolderfile)
(malware.rules)
2852493 - ETPRO MALWARE Win32/XWorm CnC Command (showfolderfile)
(malware.rules)
2852494 - ETPRO MALWARE Win32/XWorm CnC Command (creatnewfolder)
(malware.rules)
2852495 - ETPRO MALWARE Win32/XWorm CnC Command (creatfile)
(malware.rules)
2852496 - ETPRO MALWARE Win32/XWorm CnC Command (downloadfile)
(malware.rules)
2852497 - ETPRO MALWARE Win32/XWorm CnC Command (sendfileto)
(malware.rules)
2852498 - ETPRO MALWARE Win32/XWorm CnC Command (DW) (malware.rules)
2852499 - ETPRO MALWARE Win32/XWorm CnC Command (RD-) (malware.rules)
2852500 - ETPRO MALWARE Win32/XWorm CnC Command (RD+) (malware.rules)
2852501 - ETPRO MALWARE Win32/XWorm CnC Command (###) (malware.rules)
2852502 - ETPRO MALWARE Win32/XWorm CnC Command ($$$) (malware.rules)
2852503 - ETPRO MALWARE Win32/XWorm CnC Command (^^^g) (malware.rules)
2852504 - ETPRO MALWARE Win32/XWorm CnC Command (ENC) (malware.rules)
2852505 - ETPRO MALWARE Win32/XWorm CnC Command (HVNC) (malware.rules)
2852707 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SpyNote.ap Checkin 2
(mobile_malware.rules)

Date:
Summary title:
3 new OPEN, 7 new PRO (3 + 4) CoinMiner, SocGholish, Win32/StartPage.NOC, OneDrive Phish, Python Library Backdoor Domain