Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/01/30

[***] Summary: [***]

17 new OPEN, 32 new PRO (17 + 15) SocGholish, ConnectWise Control Abuse,
Mobile Malware, AU myGov Phish

Thanks @h2jazi, @k3yp0d

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net/

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2044014 - ET INFO DYNAMIC_DNS Query to a *.dickeyfam .com domain
(info.rules)
2044015 - ET INFO DYNAMIC_DNS HTTP Request to a *.dickeyfam .com domain
(info.rules)
2044016 - ET INFO DYNAMIC_DNS Query to a *.trudireaume .com domain
(info.rules)
2044017 - ET INFO DYNAMIC_DNS HTTP Request to a *.trudireaume .com domain
(info.rules)
2044018 - ET INFO DYNAMIC_DNS Query to a *.tribeoftwo .com domain
(info.rules)
2044019 - ET INFO DYNAMIC_DNS HTTP Request to a *.tribeoftwo .com domain
(info.rules)
2044020 - ET INFO DYNAMIC_DNS Query to a *.gun .vn domain (info.rules)
2044021 - ET INFO DYNAMIC_DNS HTTP Request to a *.gun .vn domain
(info.rules)
2044022 - ET MALWARE Observed APT Actor Payload Domain
(archive-downloader .com in TLS SNI) (malware.rules)
2044023 - ET MALWARE Observed APT Actor Payload Domain (e-aks .uz in TLS
SNI) (malware.rules)
2044024 - ET INFO Request for PDF via PowerShell (info.rules)
2044025 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain
(win02 .xyz) in DNS Lookup (malware.rules)
2044026 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain
(win03 .xyz) in DNS Lookup (malware.rules)
2044027 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain
(win04 .xyz) in DNS Lookup (malware.rules)
2044028 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain
(win01 .xyz) in DNS Lookup (malware.rules)
2044029 - ET PHISHING Successful AU myGov Credential Phish 2023-01-30
(phishing.rules)
2044030 - ET MALWARE SocGholish Domain in DNS Lookup (smiles .cahl4u
.org) (malware.rules)

Pro:

2853251 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Small.ce CnC
Domain in DNS Lookup (mobile_malware.rules)
2853252 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CMX CnC Domain in DNS
Lookup (mobile_malware.rules)
2853253 - ETPRO MOBILE_MALWARE Android/Spy.Banker.BSH CnC Domain in DNS
Lookup (mobile_malware.rules)
2853254 - ETPRO MOBILE_MALWARE Android.Joker.929 CnC Domain in DNS Lookup
(mobile_malware.rules)
2853255 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Domain in
DNS Lookup (mobile_malware.rules)
2853256 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.DWK CnC Domain in
DNS Lookup (mobile_malware.rules)
2853257 - ETPRO MOBILE_MALWARE Android.Joker.780 CnC Domain in DNS Lookup
(mobile_malware.rules)
2853258 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.atin CnC Domain in
DNS Lookup (mobile_malware.rules)
2853259 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lc CnC
Domain in DNS Lookup (mobile_malware.rules)
2853260 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.YF CnC Domain in DNS
Lookup (mobile_malware.rules)
2853261 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.h CnC
Domain in DNS Lookup (mobile_malware.rules)
2853262 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.ew CnC
Domain in DNS Lookup (mobile_malware.rules)
2853263 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Soobek.a CnC
Domain in DNS Lookup (mobile_malware.rules)
2853264 - ETPRO HUNTING Logo Request via Iconfinder from HTA
(hunting.rules)
2853265 - ETPRO MALWARE APT Actor HTA Payload (malware.rules)

Date:
Summary title:
17 new OPEN, 32 new PRO (17 + 15) SocGholish, ConnectWise Control Abuse, Mobile Malware, AU myGov Phish