Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/12/19

[***] Summary: [***]

10 new OPEN, 12 new PRO (10 + 2)
TrueBot, Qbot, Various Phishing

Thanks @ecarlesi, @James_inthe_box

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2042959 - ET MALWARE TrueBot/Silence.Downloader CnC Checkin 3 (malware.rules)
2042960 - ET MALWARE TA444 Related Domain in DNS Lookup
(cloudprotect .us .org) (malware.rules)
2042961 - ET MALWARE TA444 Related Domain in DNS Lookup (cloud
.prosec .ink) (malware.rules)
2042962 - ET MALWARE Win32/Phoenix Grabber Sending System
Information (POST) (malware.rules)
2042963 - ET PHISHING Suncoast Credit Union Credential Phish Landing
Page 2022-12-19 (phishing.rules)
2042964 - ET PHISHING Possible DarkX Credential Phishing Landing
Page 2022-12-19 (phishing.rules)
2042965 - ET PHISHING Successful DarkX Credential Phish 2022-12-19
(phishing.rules)
2042966 - ET MALWARE TA453 Related Domain in DNS Lookup
(universityofmhealth .biz) (malware.rules)
2042967 - ET PHISHING Successful o365 Credential Phish 2022-12-19
(phishing.rules)
2042968 - ET MALWARE SocGholish Domain in DNS Lookup (navyseal
.bezmail .com) (malware.rules)

Pro:

2852957 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-12-14 1) (coinminer.rules)
2852960 - ETPRO MALWARE Sylavriu.A/TorCT RAT CnC Checkin M2 (malware.rules)

[///] Modified active rules: [///]

2816110 - ETPRO MALWARE Sylavriu.A/TorCT RAT CnC Checkin M1 (malware.rules)
2852803 - ETPRO PHISHING Twitter Credential Phish Landing Page
2022-11-04 (phishing.rules)
2852953 - ETPRO MALWARE Qbot Style Payload Request (malware.rules)

[---] Disabled and modified rules: [---]

2038948 - ET MALWARE SocGholish Domain in DNS Lookup (casting
.faeryfox .com) (malware.rules)
2039780 - ET MALWARE SocGholish Domain in DNS Lookup (community
.backpacktrader .com) (malware.rules)
2039781 - ET MALWARE TA569 Domain in DNS Lookup (friscomusicgroup
.com) (malware.rules)
2039788 - ET MALWARE SocGholish Domain in DNS Lookup (casting
.austinonline .shop) (malware.rules)
2039792 - ET MALWARE SocGholish CnC Domain in DNS Lookup (diary
.lojjh .com) (malware.rules)
2039798 - ET MALWARE SocGholish Domain in DNS Lookup (factors .djbel
.com) (malware.rules)

[---] Removed rules: [---]

2834446 - ETPRO MALWARE TrueBot/Silence.Downloader CnC Checkin 3
(malware.rules)
2851990 - ETPRO MALWARE TA453 Related Domain in DNS Lookup (malware.rules)

---------------------------------------------------------

Date:
Summary title:
10 new OPEN, 12 new PRO (10 + 2) TrueBot, Qbot, Various Phishing