Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/11/18

[***] Summary: [***]

8 new OPEN, 10 new PRO (8 + 2). Various Maldoc, APT and Phishing.

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2039805 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
2039806 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
2039807 - ET MALWARE Maldoc Retrieving Remote Template (GET) (malware.rules)
2039808 - ET MALWARE TA444 Domain in DNS Lookup (gdocshare .one)
(malware.rules)
2039809 - ET MALWARE Observed TA444 Domain (gdocshare .one in TLS
SNI) (malware.rules)
2039810 - ET PHISHING TA398/Sidewinder Credential Phish Landing Page
M1 2022-11-18 (phishing.rules)
2039811 - ET PHISHING TA398/Sidewinder Credential Phish Landing Page
M2 2022-11-18 (phishing.rules)
2039812 - ET PHISHING TA398/Sidewinder Credential Phish Landing Page
M3 2022-11-18 (phishing.rules)

Pro:

2852833 - ETPRO PHISHING Successful FIFA Related Phish 2022-11-18
(set) (phishing.rules)
2852834 - ETPRO PHISHING Success FIFA Related Phish 2022-11-18
(phishing.rules)

[///] Modified active rules: [///]

2034609 - ET MALWARE NOBELIUM (TA421) Cobalt Strike CnC Domain in
DNS Lookup (malware.rules)
2038535 - ET MALWARE Shuckworm/Gamaredon CnC Domain (pasamart .ru)
in DNS Lookup (malware.rules)
2852487 - ETPRO MALWARE Win32/XWorm CnC Command (PING?) (malware.rules)
2852488 - ETPRO MALWARE Win32/XWorm CnC Command (PING!) (malware.rules)
2852489 - ETPRO MALWARE Win32/XWorm CnC Command (DDosS) (malware.rules)
2852490 - ETPRO MALWARE Win32/XWorm CnC Command (DDosT) (malware.rules)
2852491 - ETPRO MALWARE Win32/XWorm CnC Command (Cilpper) (malware.rules)
2852492 - ETPRO MALWARE Win32/XWorm CnC Command (hidefolderfile)
(malware.rules)
2852493 - ETPRO MALWARE Win32/XWorm CnC Command (showfolderfile)
(malware.rules)
2852494 - ETPRO MALWARE Win32/XWorm CnC Command (creatnewfolder)
(malware.rules)
2852495 - ETPRO MALWARE Win32/XWorm CnC Command (creatfile) (malware.rules)

[---] Removed rules: [---]

2034622 - ET MALWARE NOBELIUM (TA421) CnC Domain in DNS Lookup (malware.rules)
2038911 - ET MALWARE Gamaredon CnC Domain (pasamart .ru) in DNS
Lookup (malware.rules)

Date:
Summary title:
8 new OPEN, 10 new PRO (8 + 2). Various Maldoc, APT and Phishing.