Daily Ruleset Update Summary 2023/01/18

Daily Ruleset Update Summary

[***] Summary: [***]

22 new OPEN, 27 new PRO (22 + 5) IcedID, EvilProxy, Qakbot, Vidar,
MetaStealer and more.

Thanks @boredhackerblog, @EclecticIQ, @1ZRR4H

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2043313 - ET MALWARE IcedID CnC Domain in DNS Lookup (pkusamain
.cloud) (malware.rules)
2043314 - ET MALWARE IcedID CnC Domain in DNS Lookup (brakudafear
.pics) (malware.rules)
2043315 - ET MALWARE IcedID CnC Domain in DNS Lookup (pahtafinlund
.com) (malware.rules)
2043316 - ET MALWARE IcedID CnC Domain in DNS Lookup (owisportlittle
.com) (malware.rules)
2043317 - ET MALWARE IcedID CnC Domain in DNS Lookup (nigaragusoups
.com) (malware.rules)
2043318 - ET MALWARE IcedID CnC Domain in DNS Lookup (tonikantos
.one) (malware.rules)
2043319 - ET MALWARE IcedID CnC Domain in DNS Lookup (needzolapa
.com) (malware.rules)
2043320 - ET MALWARE IcedID CnC Domain in DNS Lookup (wendypior
.ink) (malware.rules)
2043321 - ET MALWARE IcedID CnC Domain in DNS Lookup (avoymratax
.com) (malware.rules)
2043322 - ET MALWARE IcedID CnC Domain in DNS Lookup (stillprunnert
.com) (malware.rules)
2043323 - ET MALWARE IcedID CnC Domain in DNS Lookup (marmelokpa
.com) (malware.rules)
2043324 - ET MALWARE IcedID CnC Domain in DNS Lookup (likasertik
.shop) (malware.rules)
2043325 - ET MALWARE IcedID CnC Domain in DNS Lookup (trinazhkoma
.club) (malware.rules)
2043326 - ET MALWARE IcedID CnC Domain in DNS Lookup (skafiparod
.com) (malware.rules)
2043327 - ET MALWARE IcedID CnC Domain in DNS Lookup (apretakert
.com) (malware.rules)
2043328 - ET MALWARE IcedID CnC Domain in DNS Lookup (wcollopracket
.com) (malware.rules)
2043329 - ET INFO MSP360 Backup Service Domain in DNS Lookup
(mspbackups .com) (info.rules)
2043330 - ET INFO Observed MSP360 Backup Service Domain (mspbackups
.com in TLS SNI) (info.rules)
2043331 - ET HUNTING Observed Nighthawk 404 Server Response (hunting.rules)
2043332 - ET PHISHING EvilProxy AiTM Cookie Value M2 (phishing.rules)
2043333 - ET MALWARE Win32/Qakbot CnC Activity (POST) (malware.rules)
2043334 - ET MALWARE Possible Vidar Stealer C2 Config In Steam
Profile (malware.rules)

Pro:

2853055 - ETPRO MALWARE Win32/MetaStealer Related Activity (GET) M2
(malware.rules)
2853056 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M2
(malware.rules)
2853057 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M3
(malware.rules)
2853058 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M4
(malware.rules)
2853059 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M5
(malware.rules)

[///] Modified active rules: [///]

2036592 - ET MALWARE Malicious ELF Activity (malware.rules)
2037850 - ET PHISHING [TW] EvilProxy AiTM Cookie Value M1 (phishing.rules)
2043308 - ET MALWARE Win32/Emotet CnC Activity M9 (POST) (malware.rules)
2043312 - ET MALWARE Magecart Skimmer CSS (malware.rules)
2851362 - ETPRO MALWARE Win32/MetaStealer Related Activity (GET) M1
(malware.rules)
2851363 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M1
(malware.rules)
2851550 - ETPRO MALWARE Win32/MetaStealer Fake Avast AV Update (GET)
(malware.rules)

[---] Removed rules: [---]

2853050 - ETPRO INFO MSP360 Backup Service Domain in DNS Lookup (info.rules)
2853051 - ETPRO INFO Observed MSP360 Backup Service Domain
(mspbackups .com in TLS SNI) (info.rules)

Date:

Wednesday, January 18, 2023

Summary title:

22 new OPEN, 27 new PRO (22 + 5) IcedID, EvilProxy, Qakbot, Vidar, MetaStealer and more.