Daily Ruleset Update Summary 2022/12/05

Daily Ruleset Update Summary

[***] Summary: [***]

109 new OPEN, 114 new PRO (109 + 5). Various Phishing,
Win32/RecordBreaker and ElectronBot.

Thanks @CPResearch, @cloudsek and @crep1x

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2041673 - ET MALWARE Win32/RecordBreaker - Observed UA M4 (20112211)
(malware.rules)
2041674 - ET INFO URL Shortening Service Domain in DNS Lookup (e
.vg) (info.rules)
2041675 - ET INFO Observed URL Shortening Service Domain (e .vg in
TLS SNI) (info.rules)
2041676 - ET MALWARE Observed DNS Query to ElectronBot Domain
(Electron-Bot .s3 .eu-central-1 .amazonaws .com) (malware.rules)
2041677 - ET MALWARE Observed DNS Query to ElectronBot Domain (11k
.online) (malware.rules)
2041678 - ET MALWARE JS.ElectronBot.B.F7A4D930 Downloader (GET)
(malware.rules)
2041679 - ET MALWARE JS.ElectronBot Payload Inbound (malware.rules)
2041680 - ET PHISHING Observed Phish Domain in DNS Lookup
(administrator-enoc .com) 2022-12-05 (phishing.rules)
2041681 - ET PHISHING Observed Phish Domain in DNS Lookup
(registration-adnoc .com) 2022-12-05 (phishing.rules)
2041682 - ET PHISHING Observed Phish Domain in DNS Lookup
(kilimondoilgas-dubai .com) 2022-12-05 (phishing.rules)
2041683 - ET PHISHING Observed Phish Domain in DNS Lookup
(horsespeedtravel .com) 2022-12-05 (phishing.rules)
2041684 - ET PHISHING Observed Phish Domain in DNS Lookup
(snocprojectae .com) 2022-12-05 (phishing.rules)
2041685 - ET PHISHING Observed Phish Domain in DNS Lookup
(snoc-projectae .com) 2022-12-05 (phishing.rules)
2041686 - ET PHISHING Observed Phish Domain in DNS Lookup
(qatarenergys .com) 2022-12-05 (phishing.rules)
2041687 - ET PHISHING Observed Phish Domain in DNS Lookup
(nowmcopetroleum .com) 2022-12-05 (phishing.rules)
2041688 - ET PHISHING Observed Phish Domain in DNS Lookup
(bidders-enoc .com) 2022-12-05 (phishing.rules)
2041689 - ET PHISHING Observed Phish Domain in DNS Lookup
(proposal-enoc .com) 2022-12-05 (phishing.rules)
2041690 - ET PHISHING Observed Phish Domain in DNS Lookup
(llhhospitals .com) 2022-12-05 (phishing.rules)
2041691 - ET PHISHING Observed Phish Domain in DNS Lookup
(alzarafatravellsae .com) 2022-12-05 (phishing.rules)
2041692 - ET PHISHING Observed Phish Domain in DNS Lookup
(specgulfae .com) 2022-12-05 (phishing.rules)
2041693 - ET PHISHING Observed Phish Domain in DNS Lookup
(eaglestravels-ae .com) 2022-12-05 (phishing.rules)
2041694 - ET PHISHING Observed Phish Domain in DNS Lookup
(stalinschoolintlacademy .com) 2022-12-05 (phishing.rules)
2041695 - ET PHISHING Observed Phish Domain in DNS Lookup
(consultant-enoc .com) 2022-12-05 (phishing.rules)
2041696 - ET PHISHING Observed Phish Domain in DNS Lookup
(vendor-enocbid .com) 2022-12-05 (phishing.rules)
2041697 - ET PHISHING Observed Phish Domain in DNS Lookup
(proposal-ae-enoc .com) 2022-12-05 (phishing.rules)
2041698 - ET PHISHING Observed Phish Domain in DNS Lookup (zbavitae
.com) 2022-12-05 (phishing.rules)
2041699 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-taqa
.com) 2022-12-05 (phishing.rules)
2041700 - ET PHISHING Observed Phish Domain in DNS Lookup
(safetravel-services .com) 2022-12-05 (phishing.rules)
2041701 - ET PHISHING Observed Phish Domain in DNS Lookup
(gulfcoastoilngas-ae .com) 2022-12-05 (phishing.rules)
2041702 - ET PHISHING Observed Phish Domain in DNS Lookup
(camschooluae .com) 2022-12-05 (phishing.rules)
2041703 - ET PHISHING Observed Phish Domain in DNS Lookup
(alhmodzinoilfildservices .com) 2022-12-05 (phishing.rules)
2041704 - ET PHISHING Observed Phish Domain in DNS Lookup (nipmse
.com) 2022-12-05 (phishing.rules)
2041705 - ET PHISHING Observed Phish Domain in DNS Lookup
(globalhospae .com) 2022-12-05 (phishing.rules)
2041706 - ET PHISHING Observed Phish Domain in DNS Lookup
(gulfins-ae .com) 2022-12-05 (phishing.rules)
2041707 - ET PHISHING Observed Phish Domain in DNS Lookup
(zirvaenergy .com) 2022-12-05 (phishing.rules)
2041708 - ET PHISHING Observed Phish Domain in DNS Lookup
(tenders-adio .com) 2022-12-05 (phishing.rules)
2041709 - ET PHISHING Observed Phish Domain in DNS Lookup
(uae-snocproject .com) 2022-12-05 (phishing.rules)
2041710 - ET PHISHING Observed Phish Domain in DNS Lookup
(alfayhaatravels .com) 2022-12-05 (phishing.rules)
2041711 - ET PHISHING Observed Phish Domain in DNS Lookup
(contract-snoc .com) 2022-12-05 (phishing.rules)
2041712 - ET PHISHING Observed Phish Domain in DNS Lookup
(biding-enoc .com) 2022-12-05 (phishing.rules)
2041713 - ET PHISHING Observed Phish Domain in DNS Lookup
(dibfinancialservice-uae .com) 2022-12-05 (phishing.rules)
2041714 - ET PHISHING Observed Phish Domain in DNS Lookup
(registrations-adnoc .com) 2022-12-05 (phishing.rules)
2041715 - ET PHISHING Observed Phish Domain in DNS Lookup (enocbids
.com) 2022-12-05 (phishing.rules)
2041716 - ET PHISHING Observed Phish Domain in DNS Lookup
(snocprojectuae .com) 2022-12-05 (phishing.rules)
2041717 - ET PHISHING Observed Phish Domain in DNS Lookup (adio-gov
.com) 2022-12-05 (phishing.rules)
2041718 - ET PHISHING Observed Phish Domain in DNS Lookup
(gulfmarineoilservices .com) 2022-12-05 (phishing.rules)
2041719 - ET PHISHING Observed Phish Domain in DNS Lookup
(fenczyflyemiratetravels .com) 2022-12-05 (phishing.rules)
2041720 - ET PHISHING Observed Phish Domain in DNS Lookup
(abienceinvestments-fze .com) 2022-12-05 (phishing.rules)
2041721 - ET PHISHING Observed Phish Domain in DNS Lookup
(flywaytravelandtourism .com) 2022-12-05 (phishing.rules)
2041722 - ET PHISHING Observed Phish Domain in DNS Lookup
(aiischools .com) 2022-12-05 (phishing.rules)
2041723 - ET PHISHING Observed Phish Domain in DNS Lookup
(emspgenerahospae .com) 2022-12-05 (phishing.rules)
2041724 - ET PHISHING Observed Phish Domain in DNS Lookup
(investinadio .com) 2022-12-05 (phishing.rules)
2041725 - ET PHISHING Observed Phish Domain in DNS Lookup
(mohregov-ae .com) 2022-12-05 (phishing.rules)
2041726 - ET PHISHING Observed Phish Domain in DNS Lookup
(enacopetroleum .com) 2022-12-05 (phishing.rules)
2041727 - ET PHISHING Observed Phish Domain in DNS Lookup
(emsclikoil .com) 2022-12-05 (phishing.rules)
2041728 - ET PHISHING Observed Phish Domain in DNS Lookup
(westernmedicalspecialisthosp .com) 2022-12-05 (phishing.rules)
2041729 - ET PHISHING Observed Phish Domain in DNS Lookup
(contact-adnocae .com) 2022-12-05 (phishing.rules)
2041730 - ET PHISHING Observed Phish Domain in DNS Lookup
(quickcitytravel .com) 2022-12-05 (phishing.rules)
2041731 - ET PHISHING Observed Phish Domain in DNS Lookup
(snoc-projectuae .com) 2022-12-05 (phishing.rules)
2041732 - ET PHISHING Observed Phish Domain in DNS Lookup
(consultant-ae-enoc .com) 2022-12-05 (phishing.rules)
2041733 - ET PHISHING Observed Phish Domain in DNS Lookup
(salacomimmigration .com) 2022-12-05 (phishing.rules)
2041734 - ET PHISHING Observed Phish Domain in DNS Lookup
(dubaiferryae .com) 2022-12-05 (phishing.rules)
2041735 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-adnoc
.com) 2022-12-05 (phishing.rules)
2041736 - ET PHISHING Observed Phish Domain in DNS Lookup (adbntogo
.com) 2022-12-05 (phishing.rules)
2041737 - ET PHISHING Observed Phish Domain in DNS Lookup
(iconiqueimmigration .com) 2022-12-05 (phishing.rules)
2041738 - ET PHISHING Observed Phish Domain in DNS Lookup
(alfujairah-ae .com) 2022-12-05 (phishing.rules)
2041739 - ET PHISHING Observed Phish Domain in DNS Lookup
(contractors-adnoc .com) 2022-12-05 (phishing.rules)
2041740 - ET PHISHING Observed Phish Domain in DNS Lookup (stabluk
.com) 2022-12-05 (phishing.rules)
2041741 - ET PHISHING Observed Phish Domain in DNS Lookup (bid-enoc
.com) 2022-12-05 (phishing.rules)
2041742 - ET PHISHING Observed Phish Domain in DNS Lookup
(siemenoilandgas .com) 2022-12-05 (phishing.rules)
2041743 - ET PHISHING Observed Phish Domain in DNS Lookup
(proposals-ae-enoc .com) 2022-12-05 (phishing.rules)
2041744 - ET PHISHING Observed Phish Domain in DNS Lookup
(hamraoilgroup .com) 2022-12-05 (phishing.rules)
2041745 - ET PHISHING Observed Phish Domain in DNS Lookup
(flylinkimmigration .com) 2022-12-05 (phishing.rules)
2041747 - ET PHISHING Observed Phish Domain in DNS Lookup
(ae-snoctenders .com) 2022-12-05 (phishing.rules)
2041748 - ET PHISHING Observed Phish Domain in DNS Lookup
(contracts-adnoc .com) 2022-12-05 (phishing.rules)
2041749 - ET PHISHING Observed Phish Domain in DNS Lookup
(registrations-enoc .com) 2022-12-05 (phishing.rules)
2041750 - ET PHISHING Observed Phish Domain in DNS Lookup
(uae-snoctenders .com) 2022-12-05 (phishing.rules)
2041751 - ET PHISHING Observed Phish Domain in DNS Lookup
(oceanicflyimmigration .com) 2022-12-05 (phishing.rules)
2041752 - ET PHISHING Observed Phish Domain in DNS Lookup (rfq-taziz
.com) 2022-12-05 (phishing.rules)
2041753 - ET PHISHING Observed Phish Domain in DNS Lookup
(consultants-ae-enoc .com) 2022-12-05 (phishing.rules)
2041754 - ET PHISHING Observed Phish Domain in DNS Lookup
(abbrossgeneralhospital .com) 2022-12-05 (phishing.rules)
2041755 - ET PHISHING Observed Phish Domain in DNS Lookup
(snocproject-ae .com) 2022-12-05 (phishing.rules)
2041756 - ET PHISHING Observed Phish Domain in DNS Lookup
(dahilalcapitalinvest .com) 2022-12-05 (phishing.rules)
2041757 - ET PHISHING Observed Phish Domain in DNS Lookup
(duramtravelagency .com) 2022-12-05 (phishing.rules)
2041758 - ET PHISHING Observed Phish Domain in DNS Lookup
(biddings-enoc .com) 2022-12-05 (phishing.rules)
2041759 - ET PHISHING Observed Phish Domain in DNS Lookup
(hpschooluae .com) 2022-12-05 (phishing.rules)
2041760 - ET PHISHING Observed Phish Domain in DNS Lookup
(rakpetrolae .com) 2022-12-05 (phishing.rules)
2041761 - ET PHISHING Observed Phish Domain in DNS Lookup
(arabianmigration .com) 2022-12-05 (phishing.rules)
2041762 - ET PHISHING Observed Phish Domain in DNS Lookup (snocuae
.com) 2022-12-05 (phishing.rules)
2041763 - ET PHISHING Observed Phish Domain in DNS Lookup (atenaeps
.com) 2022-12-05 (phishing.rules)
2041764 - ET PHISHING Observed Phish Domain in DNS Lookup
(ae-snocproject .com) 2022-12-05 (phishing.rules)
2041765 - ET PHISHING Observed Phish Domain in DNS Lookup
(harvesttravelagency .com) 2022-12-05 (phishing.rules)
2041766 - ET PHISHING Observed Phish Domain in DNS Lookup
(registration-ae-enoc .com) 2022-12-05 (phishing.rules)
2041767 - ET PHISHING Observed Phish Domain in DNS Lookup
(toursolutions4u .com) 2022-12-05 (phishing.rules)
2041768 - ET PHISHING Observed Phish Domain in DNS Lookup
(easternbaytravels .com) 2022-12-05 (phishing.rules)
2041769 - ET PHISHING Observed Phish Domain in DNS Lookup
(contractor-enoc .com) 2022-12-05 (phishing.rules)
2041770 - ET PHISHING Observed Phish Domain in DNS Lookup
(ahaliahospitalae .com) 2022-12-05 (phishing.rules)
2041771 - ET PHISHING Observed Phish Domain in DNS Lookup
(tenders-adnoc .com) 2022-12-05 (phishing.rules)
2041772 - ET PHISHING Observed Phish Domain in DNS Lookup
(emarataljabrisolicitors .com) 2022-12-05 (phishing.rules)
2041773 - ET PHISHING Observed Phish Domain in DNS Lookup
(abdul-sattar-abdul-tr .com) 2022-12-05 (phishing.rules)
2041774 - ET PHISHING Observed Phish Domain in DNS Lookup
(tenders-aisschools .com) 2022-12-05 (phishing.rules)
2041775 - ET PHISHING Observed Phish Domain in DNS Lookup
(builds-emaar .com) 2022-12-05 (phishing.rules)
2041776 - ET PHISHING Observed Phish Domain in DNS Lookup
(tender-adnoc .com) 2022-12-05 (phishing.rules)
2041777 - ET PHISHING Observed Phish Domain in DNS Lookup
(sheikhmouradoil .com) 2022-12-05 (phishing.rules)
2041778 - ET PHISHING Observed Phish Domain in DNS Lookup
(diligencefinconsultants .com) 2022-12-05 (phishing.rules)
2041779 - ET PHISHING Observed Phish Domain in DNS Lookup
(rambolloil .com) 2022-12-05 (phishing.rules)
2041780 - ET MALWARE Win32/XFILES Stealer Data Exfiltration Attempt
(malware.rules)
2041783 - ET MALWARE TA569 Domain in DNS Lookup (ergpractice .com)
(malware.rules)
2041784 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .fate
.truelance .com) (malware.rules)

Pro:

2852919 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-11-29 1) (coinminer.rules)
2852920 - ETPRO PHISHING Successful Wells Fargo Phish 2022-12-05
(phishing.rules)
2852921 - ETPRO MALWARE Win32/Screenshotter Backdoor Related Checkin
Activity (GET) (malware.rules)
2852922 - ETPRO MALWARE Win32/Screenshotter Backdoor Sending
Screenshot (POST) (malware.rules)
2852923 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix
Bytes (Client) (malware.rules)

Date:

Monday, December 5, 2022

Summary title:

109 new OPEN, 114 new PRO (109 + 5). Various Phishing, Win32/RecordBreaker and ElectronBot.