Daily Ruleset Update Summary
Daily Ruleset Update Summary 2022/12/20

[***] Summary: [***]

8 new OPEN, 17 new PRO (8 + 9)
Lucy Phishing, Gamaredon, Coinminers

Thanks @teamcymru, @Unit42_Intel

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2042969 - ET INFO Observed External IP Lookup Domain in TLS SNI (api
.myip .com) (info.rules)
2042970 - ET PHISHING Lucy Security Phishing Server Reply (phishing.rules)
2042971 - ET PHISHING Lucy Security Phishing Awareness Landing Page
(phishing.rules)
2042972 - ET PHISHING Lucy Security Time Tracking POST (phishing.rules)
2042973 - ET MALWARE Win32/Vulturi CnC Activity (GET) (malware.rules)
2042974 - ET MALWARE Charming Kitten APT Related DNS Activity (malware.rules)
2042975 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2042976 - ET PHISHING Lucy Security Phishing Landing Page M2 (phishing.rules)

Pro:

2852961 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-12-20 1) (coinminer.rules)
2852962 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-12-20 2) (coinminer.rules)
2852963 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2022-12-20 3) (coinminer.rules)
2852964 - ETPRO MALWARE Qbot IP Block Check - Likely Compromised Web
Server (malware.rules)
2852965 - ETPRO MALWARE Qbot Payload Request - Likely Compromised
Web Server (malware.rules)
2852968 - ETPRO MALWARE Win32/Lypserat CnC Activity (malware.rules)
2852969 - ETPRO MALWARE Virus.Win32.Sality.k Checkin M2 (malware.rules)
2852971 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (a8163)
(web_client.rules)
2852972 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (b15e4)
(web_client.rules)

[///] Modified active rules: [///]

2030214 - ET PHISHING Lucy Security Phishing Landing Page M1 (phishing.rules)
2803502 - ETPRO MALWARE Virus.Win32.Sality.k Checkin M1 (malware.rules)
2833782 - ETPRO PHISHING Successful Paypal Billing Information Phish
2018-12-03 (phishing.rules)

[---] Removed rules: [---]

2845225 - ETPRO POLICY Observed External IP Lookup Domain in TLS SNI
(api .myip .com) (policy.rules)
2850868 - ETPRO MALWARE Win32/Vulturi CnC Activity (GET) (malware.rules)

---------------------------------------------------------

Date:
Summary title:
8 new OPEN, 17 new PRO (8 + 9) Lucy Phishing, Gamaredon, Coinminers