[***] Summary: [***]
36 new OPEN, 40 new PRO (36 + 4) Android/Gigabud, SocGholish, and DNS
over HTTPS Domains
Thanks @AuCyble
The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
[+++] Added rules: [+++]
Open:
2043423 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (tuic .salome
.my .id) (info.rules)
2043424 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (doh .ubd .ac
.id) (info.rules)
2043425 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns-family
.esegece .com) (info.rules)
2043426 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (safe .kswro
.web .id) (info.rules)
2043427 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .5ososea
.com) (info.rules)
2043428 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (anggityuls
.my .id) (info.rules)
2043429 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI
(soay38us0r7goa7 .cmsdp .my .id) (info.rules)
2043430 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .esegece
.com) (info.rules)
2043431 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (rdns .faelix
.net) (info.rules)
2043432 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (opennic
.i2pd .xyz) (info.rules)
2043433 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (doh .dns
.sb, doh .sb) (info.rules)
2043434 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .gnb09
.id) (info.rules)
2043435 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (kswro .web
.id) (info.rules)
2043436 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .spil
.co .id) (info.rules)
2043437 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .vmath
.my .id) (info.rules)
2043438 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (d .apemlegit
.my .id) (info.rules)
2043439 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (lionaiothai .com)
in DNS Lookup (mobile_malware.rules)
2043440 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (cmnb9 .cc) in DNS
Lookup (mobile_malware.rules)
2043441 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (bweri6 .cc) in
DNS Lookup (mobile_malware.rules)
2043442 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M1
(mobile_malware.rules)
2043443 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M2
(mobile_malware.rules)
2043444 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M3
(mobile_malware.rules)
2043445 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M4
(mobile_malware.rules)
2043446 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M5
(mobile_malware.rules)
2043447 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M6
(mobile_malware.rules)
2043448 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M7
(mobile_malware.rules)
2043449 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M8
(mobile_malware.rules)
2043450 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M9
(mobile_malware.rules)
2043451 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M10
(mobile_malware.rules)
2043452 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M11
(mobile_malware.rules)
2043453 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M12
(mobile_malware.rules)
2043454 - ET PHISHING Successful Banco Galacia Credential Phish
2023-01-23 (phishing.rules)
2043455 - ET MALWARE Win32/Sventore.B CnC Checkin (malware.rules)
2043456 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .market
.dentureforfree .online) (malware.rules)
2043457 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rendezvous
.tophandsome .gay) (malware.rules)
2043458 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .signing
.unitynotarypublic .com) (malware.rules)
Pro:
2853073 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-01-20 1) (coinminer.rules)
2853074 - ETPRO MALWARE Suspected TA452 Domain in DNS Lookup
(malware.rules)
2853075 - ETPRO MALWARE Suspected TA452 Domain in DNS Lookup
(malware.rules)
2853076 - ETPRO PHISHING Amazon Phish Landing Page 2023-01-23
(phishing.rules)