Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/11/15

[***] Summary: [***]

11 new OPEN, 14 new PRO (11 + 3). Fodcha Botnet, Win32/TyphonReborn
Stealer, Miners and Various Phishing.

Thanks @MalGamy12, @Unit42_Intel, @360Netlab

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2039782 - ET INFO Trend Micro Phishing Simulation Service (info.rules)
2039783 - ET MALWARE Fodcha Botnet Style DNS Server Lookup (malware.rules)
2039784 - ET INFO ZeroTier Related Activity (udp) (info.rules)
2039785 - ET MALWARE Win32/TyphonReborn Telegram CnC Checkin (malware.rules)
2039786 - ET MOBILE_MALWARE Android/RatMilad CnC Checkin
(mobile_malware.rules)
2039787 - ET MOBILE_MALWARE Android/RatMilad CnC Domain (api
.numrent .shop) in DNS Lookup (mobile_malware.rules)
2039788 - ET MALWARE SocGholish Domain in DNS Lookup (casting
.austinonline .shop) (malware.rules)
2039789 - ET MALWARE SocGholish Domain in DNS Lookup (collapse
.tradingiswar .com) (malware.rules)
2039790 - ET MALWARE SocGholish Domain in DNS Lookup (founder
.carflower .pics) (malware.rules)
2039791 - ET MALWARE SocGholish Domain in DNS Lookup (travel
.dianatokaji .com) (malware.rules)
2039792 - ET MALWARE SocGholish CnC Domain in DNS Lookup (diary
.lojjh .com) (malware.rules)

Pro:

2852819 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-11-12 1) (coinminer.rules)
2852820 - ETPRO PHISHING Fake Find My iPhone Landing Page 2022-11-15
(phishing.rules)
2852821 - ETPRO PHISHING Successful Apple ID Credential Phish
2022-11-15 (phishing.rules)

[---] Disabled and modified rules: [---]

2018313 - ET WEB_CLIENT Possible Word RTF Memory Corruption Payload
Inbound (CVE-2014-1761) (web_client.rules)
2807803 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-0302) (web_client.rules)
2807933 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After
free (CVE-2014-1751) (web_client.rules)

Date:
Summary title:
11 new OPEN, 14 new PRO (11 + 3). Fodcha Botnet, Win32/TyphonReborn Stealer, Miners and Various Phishing.