Daily Ruleset Update Summary 2022/12/27

Daily Ruleset Update Summary

[***] Summary: [***]

18 new OPEN, 20 new PRO (18 + 2). Various Exploit, Antinum, Aurora
Stealer and others.

Thanks @0xrb, @ViriBack, @DuskRiseInc, @_CPResearch_, NoahWolf

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2043008 - ET ADWARE_PUP Win32/Atshz.A Checkin (adware_pup.rules)
2043009 - ET ADWARE_PUP Win32/Atshz.A Checkin M2 (adware_pup.rules)
2043010 - ET EXPLOIT Possible Cacti Unauthenticated RCE Inbound M1
(CVE-2022-46169) (exploit.rules)
2043011 - ET EXPLOIT Possible Cacti Unauthenticated RCE Inbound M2
(CVE-2022-46169) (exploit.rules)
2043012 - ET MALWARE Antinum WebSockets Start (malware.rules)
2043013 - ET MALWARE Antinum HTTP Checkin (malware.rules)
2043014 - ET MALWARE Win32/Drokbk Checkin Activity (GET) (malware.rules)
2043015 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup
(malware.rules)
2043016 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup
(malware.rules)
2043017 - ET MALWARE Aurora Stealer Admin Console In HTTP Response
(malware.rules)
2043018 - ET MALWARE Observed DNS Query to Alibaba2044 Domain
(service-fatturecloud .de) (malware.rules)
2043019 - ET MALWARE Observed DNS Query to Alibaba2044 Domain
(utente .service-fatturecloud .de) (malware.rules)
2043020 - ET MALWARE Observed DNS Query to Alibaba2044 Domain
(downloadpdf-fattura .de) (malware.rules)
2043021 - ET PHISHING Facebook Credential Phish Landing Page
2022-12-27 (phishing.rules)
2043022 - ET PHISHING Generic Credential Phish Landing Page
2022-12-27 (phishing.rules)
2043023 - ET MALWARE TA444/Lazarus Related Domain in DNS Lookup
(thedoodles .site) (malware.rules)
2043024 - ET MALWARE SocGholish Domain in DNS Lookup (people
.fl2wealth .com) (malware.rules)
2043025 - ET MALWARE SocGholish Domain in DNS Lookup (taxes .rpacx
.com) (malware.rules)

Pro:

2852982 - ETPRO PHISHING Twitter Phish Landing Page 2022-12-23
(phishing.rules)
2852983 - ETPRO PHISHING Successful Twitter Credential Phish
2022-12-23 (phishing.rules)

[///] Modified active rules: [///]

2810290 - ETPRO MALWARE NanoCore RAT Keepalive Response 1 (malware.rules)

[---] Removed rules: [---]

2042766 - ET INFO localtunnel Tunneling Domain in DNS Lookup
(localtunnel .me) (info.rules)
2830630 - ETPRO ADWARE_PUP Win32/Atshz.A Checkin (adware_pup.rules)
2830631 - ETPRO ADWARE_PUP Win32/Atshz.A Checkin M2 (adware_pup.rules)

Date:

Tuesday, December 27, 2022

Summary title:

18 new OPEN, 20 new PRO (18 + 2). Various Exploit, Antinum, Aurora Stealer and others.