Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/12/06

Daily Ruleset Update Summary 2022/12/06

[***] Summary: [***]

148 new OPEN, 156 new PRO (148 + 8)
DynamicDNS, Remcos, Various Phishing

Thanks @eclypsium

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://urldefense.com/v3/__https://community.emergingthreats.net__;!!O…$

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2041785 - ET INFO DYNAMIC_DNS Query to a *.ezwebsites .com Domain (info.rules)
2041786 - ET INFO DYNAMIC_DNS HTTP Request to a *.ezwebsites .com
Domain (info.rules)
2041787 - ET INFO DYNAMIC_DNS Query to a *.a-quo .com Domain (info.rules)
2041788 - ET INFO DYNAMIC_DNS HTTP Request to a *.a-quo .com Domain
(info.rules)
2041789 - ET INFO DYNAMIC_DNS Query to a *.ayasophia .com Domain (info.rules)
2041790 - ET INFO DYNAMIC_DNS HTTP Request to a *.ayasophia .com
Domain (info.rules)
2041791 - ET INFO DYNAMIC_DNS Query to a *.lain .ch Domain (info.rules)
2041792 - ET INFO DYNAMIC_DNS HTTP Request to a *.lain .ch Domain (info.rules)
2041793 - ET INFO DYNAMIC_DNS HTTP Request to a *.lqtai .com Domain
(info.rules)
2041794 - ET INFO DYNAMIC_DNS Query to a *.mrcork .com Domain (info.rules)
2041795 - ET INFO DYNAMIC_DNS HTTP Request to a *.mrcork .com Domain
(info.rules)
2041796 - ET INFO DYNAMIC_DNS Query to a *.veta .su Domain (info.rules)
2041797 - ET INFO DYNAMIC_DNS HTTP Request to a *.veta .su Domain (info.rules)
2041798 - ET INFO DYNAMIC_DNS Query to a *.automotive .si Domain (info.rules)
2041799 - ET INFO DYNAMIC_DNS HTTP Request to a *.automotive .si
Domain (info.rules)
2041800 - ET INFO DYNAMIC_DNS Query to a *.homaxcorp .com Domain (info.rules)
2041801 - ET INFO DYNAMIC_DNS HTTP Request to a *.homaxcorp .com
Domain (info.rules)
2041802 - ET INFO DYNAMIC_DNS Query to a *.antiphone .net Domain (info.rules)
2041803 - ET INFO DYNAMIC_DNS HTTP Request to a *.antiphone .net
Domain (info.rules)
2041804 - ET INFO DYNAMIC_DNS Query to a *.leonardocastano .com .ar
Domain (info.rules)
2041805 - ET INFO DYNAMIC_DNS HTTP Request to a *.leonardocastano
.com .ar Domain (info.rules)
2041806 - ET INFO DYNAMIC_DNS Query to a *.rogerthedog .com Domain
(info.rules)
2041807 - ET INFO DYNAMIC_DNS HTTP Request to a *.rogerthedog .com
Domain (info.rules)
2041808 - ET INFO DYNAMIC_DNS Query to a *.visalawyer .co .uk Domain
(info.rules)
2041809 - ET INFO DYNAMIC_DNS HTTP Request to a *.visalawyer .co .uk
Domain (info.rules)
2041810 - ET INFO DYNAMIC_DNS Query to a *.blue-jade .net Domain (info.rules)
2041811 - ET INFO DYNAMIC_DNS HTTP Request to a *.blue-jade .net
Domain (info.rules)
2041812 - ET INFO DYNAMIC_DNS Query to a *.eternalimpressions .com
Domain (info.rules)
2041813 - ET INFO DYNAMIC_DNS HTTP Request to a *.eternalimpressions
.com Domain (info.rules)
2041814 - ET INFO DYNAMIC_DNS Query to a *.galipan .org Domain (info.rules)
2041815 - ET INFO DYNAMIC_DNS HTTP Request to a *.galipan .org
Domain (info.rules)
2041816 - ET INFO DYNAMIC_DNS Query to a *.herbalhealthyh20 .com
Domain (info.rules)
2041817 - ET INFO DYNAMIC_DNS HTTP Request to a *.herbalhealthyh20
.com Domain (info.rules)
2041818 - ET INFO DYNAMIC_DNS Query to a *.nunc .se Domain (info.rules)
2041819 - ET INFO DYNAMIC_DNS HTTP Request to a *.nunc .se Domain (info.rules)
2041820 - ET INFO DYNAMIC_DNS Query to a
*.champagnewishesandrvdreams .com Domain (info.rules)
2041821 - ET INFO DYNAMIC_DNS HTTP Request to a
*.champagnewishesandrvdreams .com Domain (info.rules)
2041822 - ET INFO DYNAMIC_DNS Query to a *.furryplace .eu Domain (info.rules)
2041823 - ET INFO DYNAMIC_DNS HTTP Request to a *.furryplace .eu
Domain (info.rules)
2041824 - ET INFO DYNAMIC_DNS Query to a *.n43 .pw Domain (info.rules)
2041825 - ET INFO DYNAMIC_DNS HTTP Request to a *.n43 .pw Domain (info.rules)
2041826 - ET INFO DYNAMIC_DNS Query to a *.hmsolucoes .com Domain (info.rules)
2041827 - ET INFO DYNAMIC_DNS HTTP Request to a *.hmsolucoes .com
Domain (info.rules)
2041828 - ET INFO DYNAMIC_DNS Query to a *.veriler .com Domain (info.rules)
2041829 - ET INFO DYNAMIC_DNS HTTP Request to a *.veriler .com
Domain (info.rules)
2041830 - ET INFO DYNAMIC_DNS Query to a *.hackerzinc .com Domain (info.rules)
2041831 - ET INFO DYNAMIC_DNS HTTP Request to a *.hackerzinc .com
Domain (info.rules)
2041832 - ET INFO DYNAMIC_DNS Query to a *.bizis .si Domain (info.rules)
2041833 - ET INFO DYNAMIC_DNS HTTP Request to a *.bizis .si Domain
(info.rules)
2041834 - ET INFO DYNAMIC_DNS Query to a *.dleon .cl Domain (info.rules)
2041835 - ET INFO DYNAMIC_DNS HTTP Request to a *.dleon .cl Domain
(info.rules)
2041836 - ET INFO DYNAMIC_DNS Query to a *.swds .com .au Domain (info.rules)
2041837 - ET INFO DYNAMIC_DNS HTTP Request to a *.swds .com .au
Domain (info.rules)
2041838 - ET INFO DYNAMIC_DNS Query to a *.redsteedstudios .com
Domain (info.rules)
2041839 - ET INFO DYNAMIC_DNS HTTP Request to a *.redsteedstudios
.com Domain (info.rules)
2041840 - ET INFO DYNAMIC_DNS Query to a *.appswiss .ch Domain (info.rules)
2041841 - ET INFO DYNAMIC_DNS HTTP Request to a *.appswiss .ch
Domain (info.rules)
2041842 - ET INFO DYNAMIC_DNS Query to a *.flink .cl Domain (info.rules)
2041843 - ET INFO DYNAMIC_DNS HTTP Request to a *.flink .cl Domain
(info.rules)
2041844 - ET INFO DYNAMIC_DNS Query to a *.ubernerden .com Domain (info.rules)
2041845 - ET INFO DYNAMIC_DNS HTTP Request to a *.ubernerden .com
Domain (info.rules)
2041846 - ET INFO DYNAMIC_DNS Query to a *.battlecore .ru Domain (info.rules)
2041847 - ET INFO DYNAMIC_DNS HTTP Request to a *.battlecore .ru
Domain (info.rules)
2041848 - ET INFO DYNAMIC_DNS Query to a *.onapon .com Domain (info.rules)
2041849 - ET INFO DYNAMIC_DNS HTTP Request to a *.onapon .com Domain
(info.rules)
2041850 - ET INFO DYNAMIC_DNS Query to a *.milk .is Domain (info.rules)
2041851 - ET INFO DYNAMIC_DNS HTTP Request to a *.milk .is Domain (info.rules)
2041852 - ET INFO DYNAMIC_DNS Query to a *.station .moe Domain (info.rules)
2041853 - ET INFO DYNAMIC_DNS HTTP Request to a *.station .moe
Domain (info.rules)
2041854 - ET INFO DYNAMIC_DNS Query to a *.infe .com .br Domain (info.rules)
2041855 - ET INFO DYNAMIC_DNS HTTP Request to a *.infe .com .br
Domain (info.rules)
2041856 - ET INFO DYNAMIC_DNS Query to a *.darriondemelo .com Domain
(info.rules)
2041857 - ET INFO DYNAMIC_DNS HTTP Request to a *.darriondemelo .com
Domain (info.rules)
2041858 - ET INFO DYNAMIC_DNS Query to a *.hansa-tmp .cn Domain (info.rules)
2041859 - ET INFO DYNAMIC_DNS HTTP Request to a *.hansa-tmp .cn
Domain (info.rules)
2041860 - ET INFO DYNAMIC_DNS Query to a *.sovich .org Domain (info.rules)
2041861 - ET INFO DYNAMIC_DNS HTTP Request to a *.sovich .org Domain
(info.rules)
2041862 - ET INFO DYNAMIC_DNS Query to a *.sibmed .org .ru Domain (info.rules)
2041863 - ET INFO DYNAMIC_DNS HTTP Request to a *.sibmed .org .ru
Domain (info.rules)
2041864 - ET INFO DYNAMIC_DNS Query to a *.earlyriserscoffeeshop
.com Domain (info.rules)
2041865 - ET INFO DYNAMIC_DNS HTTP Request to a
*.earlyriserscoffeeshop .com Domain (info.rules)
2041866 - ET INFO DYNAMIC_DNS Query to a *.myjamesonline .net Domain
(info.rules)
2041867 - ET INFO DYNAMIC_DNS HTTP Request to a *.myjamesonline .net
Domain (info.rules)
2041868 - ET INFO DYNAMIC_DNS Query to a *.alimentoshen .cl Domain
(info.rules)
2041869 - ET INFO DYNAMIC_DNS HTTP Request to a *.alimentoshen .cl
Domain (info.rules)
2041870 - ET INFO DYNAMIC_DNS Query to a *.ecosys .eu Domain (info.rules)
2041871 - ET INFO DYNAMIC_DNS HTTP Request to a *.ecosys .eu Domain
(info.rules)
2041872 - ET INFO DYNAMIC_DNS Query to a *.kidsqt .com Domain (info.rules)
2041873 - ET INFO DYNAMIC_DNS HTTP Request to a *.kidsqt .com Domain
(info.rules)
2041874 - ET INFO DYNAMIC_DNS Query to a *.drupalpixels .com Domain
(info.rules)
2041875 - ET INFO DYNAMIC_DNS HTTP Request to a *.drupalpixels .com
Domain (info.rules)
2041876 - ET INFO DYNAMIC_DNS Query to a *.giantrobotfactory .com
Domain (info.rules)
2041877 - ET INFO DYNAMIC_DNS HTTP Request to a *.giantrobotfactory
.com Domain (info.rules)
2041878 - ET INFO DYNAMIC_DNS Query to a *.pbohara .com Domain (info.rules)
2041879 - ET INFO DYNAMIC_DNS HTTP Request to a *.pbohara .com
Domain (info.rules)
2041880 - ET INFO DYNAMIC_DNS Query to a *.xinit .se Domain (info.rules)
2041881 - ET INFO DYNAMIC_DNS HTTP Request to a *.xinit .se Domain
(info.rules)
2041882 - ET INFO DYNAMIC_DNS Query to a *.jmstudios .com Domain (info.rules)
2041883 - ET INFO DYNAMIC_DNS HTTP Request to a *.jmstudios .com
Domain (info.rules)
2041884 - ET INFO DYNAMIC_DNS Query to a *.pwm .hu Domain (info.rules)
2041885 - ET INFO DYNAMIC_DNS HTTP Request to a *.pwm .hu Domain (info.rules)
2041886 - ET INFO DYNAMIC_DNS Query to a *.triviem .cl Domain (info.rules)
2041887 - ET INFO DYNAMIC_DNS HTTP Request to a *.triviem .cl Domain
(info.rules)
2041888 - ET INFO DYNAMIC_DNS Query to a *.navnirwana .com Domain (info.rules)
2041889 - ET INFO DYNAMIC_DNS HTTP Request to a *.navnirwana .com
Domain (info.rules)
2041890 - ET INFO DYNAMIC_DNS Query to a *.salford-hall .co .uk
Domain (info.rules)
2041891 - ET INFO DYNAMIC_DNS HTTP Request to a *.salford-hall .co
.uk Domain (info.rules)
2041892 - ET INFO DYNAMIC_DNS Query to a *.truewan .co .za Domain (info.rules)
2041893 - ET INFO DYNAMIC_DNS HTTP Request to a *.truewan .co .za
Domain (info.rules)
2041894 - ET INFO DYNAMIC_DNS Query to a *.isyour .guru Domain (info.rules)
2041895 - ET INFO DYNAMIC_DNS HTTP Request to a *.isyour .guru
Domain (info.rules)
2041896 - ET INFO DYNAMIC_DNS Query to a *.toadfishmonastery .org
Domain (info.rules)
2041897 - ET INFO DYNAMIC_DNS HTTP Request to a *.toadfishmonastery
.org Domain (info.rules)
2041898 - ET INFO DYNAMIC_DNS Query to a *.superizeme .com Domain (info.rules)
2041899 - ET INFO DYNAMIC_DNS HTTP Request to a *.superizeme .com
Domain (info.rules)
2041900 - ET INFO DYNAMIC_DNS Query to a *.thetrist .com Domain (info.rules)
2041901 - ET INFO DYNAMIC_DNS HTTP Request to a *.thetrist .com
Domain (info.rules)
2041902 - ET INFO DYNAMIC_DNS Query to a *.gracesiefer .com Domain
(info.rules)
2041903 - ET INFO DYNAMIC_DNS HTTP Request to a *.gracesiefer .com
Domain (info.rules)
2041904 - ET INFO DYNAMIC_DNS Query to a *.siasolution .com Domain
(info.rules)
2041905 - ET INFO DYNAMIC_DNS HTTP Request to a *.siasolution .com
Domain (info.rules)
2041906 - ET INFO DYNAMIC_DNS Query to a *.freetruthordare .com
Domain (info.rules)
2041907 - ET INFO DYNAMIC_DNS HTTP Request to a *.freetruthordare
.com Domain (info.rules)
2041908 - ET INFO DYNAMIC_DNS Query to a *.mchini .com Domain (info.rules)
2041909 - ET INFO DYNAMIC_DNS HTTP Request to a *.mchini .com Domain
(info.rules)
2041910 - ET INFO DYNAMIC_DNS Query to a *.studiovk .com Domain (info.rules)
2041911 - ET INFO DYNAMIC_DNS HTTP Request to a *.studiovk .com
Domain (info.rules)
2041912 - ET INFO DYNAMIC_DNS Query to a *.kreider .org Domain (info.rules)
2041913 - ET INFO DYNAMIC_DNS HTTP Request to a *.kreider .org
Domain (info.rules)
2041914 - ET INFO DYNAMIC_DNS Query to a *.trumpetx .net Domain (info.rules)
2041915 - ET INFO DYNAMIC_DNS HTTP Request to a *.trumpetx .net
Domain (info.rules)
2041916 - ET INFO DYNAMIC_DNS Query to a *.sococoffee .com Domain (info.rules)
2041917 - ET INFO DYNAMIC_DNS HTTP Request to a *.sococoffee .com
Domain (info.rules)
2041918 - ET INFO DYNAMIC_DNS Query to a *.duta .biz Domain (info.rules)
2041919 - ET INFO DYNAMIC_DNS HTTP Request to a *.duta .biz Domain
(info.rules)
2041920 - ET MALWARE GCleaner Downloader Activity M5 (malware.rules)
2041921 - ET ADWARE_PUP Win32/Adware.Neoreklami.MI Activity M1
(adware_pup.rules)
2041922 - ET ADWARE_PUP Win32/Adware.Neoreklami.MI Activity M2
(adware_pup.rules)
2041923 - ET HUNTING Chrome/0 in User-Agent (hunting.rules)
2041924 - ET MALWARE Observed DNS Query to Pirate Stealer Domain
(mdvksublbpczqluqvvbytfprxdwakuke .nl) (malware.rules)
2041925 - ET MALWARE Observed Pirate Stealer Domain in DNS Lookup
(wearenotbbystealer .nl) (malware.rules)
2041926 - ET PHISHING Successful Generic Credential Phish 2022-12-06
(phishing.rules)
2041927 - ET PHISHING iCloud Credential Phish Landing Page
2022-12-06 (phishing.rules)
2041928 - ET MALWARE Confucious APT CnC Checkin (malware.rules)
2041929 - ET MALWARE Confucious APT CnC Domain (microsoftonedriver
.com) in DNS Lookup (malware.rules)
2041930 - ET INFO Observed DNS Query to (proxies .black) Web
Proxy/Anonymizer Domain/Sub-Domain (info.rules)
2041931 - ET EXPLOIT Redfish Exploitation Attempt (CVE-2022-40259)
(exploit.rules)
2041932 - ET EXPLOIT Redfish API User Enumeration Attempt
(CVE-2022-2827) (exploit.rules)

Pro:

2852924 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-12-06 1) (coinminer.rules)
2852925 - ETPRO MALWARE GCleaner Downlaoder - Payload Response (malware.rules)
2852926 - ETPRO MALWARE Win32/Remcos RAT Checkin 853 (malware.rules)
2852927 - ETPRO MALWARE Win32/Remcos RAT Checkin 854 (malware.rules)
2852928 - ETPRO PHISHING Successful Facebook Phish 2022-12-06 (phishing.rules)
2852929 - ETPRO PHISHING Successful Twitter Credential Phish
2022-12-05 (phishing.rules)
2852930 - ETPRO PHISHING Successful Twitter Password Reset Phish
2022-12-05 (phishing.rules)
2852931 - ETPRO PHISHING Twitter Phish Landing Page 2022-12-05
(phishing.rules)

[///] Modified active rules: [///]

2852896 - ETPRO MALWARE VBS/YAV.Minerva.zbqnj Payload Request M1
(malware.rules)
2852897 - ETPRO MALWARE VBS/YAV.Minerva.zbqnj Payload Request M2
(malware.rules)
2852921 - ETPRO MALWARE Win32/Script Downloader Activity (GET) (malware.rules)
2852922 - ETPRO MALWARE Win32/Screenshotter Backdoor Sending
Screenshot (POST) (malware.rules)

[---] Removed rules: [---]

2033210 - ET EXPLOIT ForgeRock Access Manager RCE (CVE-2021-35464)
(exploit.rules)

Date:
Summary title:
148 new OPEN, 156 new PRO (148 + 8) DynamicDNS, Remcos, Various Phishing