Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/02/02

[***] Summary: [***]

17 new OPEN, 25 new PRO (17 + 8) UAC-0114/Wintern, XWorm Domains, IcedID
Domains, Kakfum/COLDSTEEL, Win32/Kumquat, RustDesk Activity, Win32/Phorpiex

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2044061 - ET MALWARE UAC-0114/Winter Vivern Screenshot Upload M1
(malware.rules)
2044062 - ET MALWARE UAC-0114/Winter Vivern Screenshot Upload M2
(malware.rules)
2044063 - ET MALWARE UAC-0114/Winter Vivern File Exfilration
(malware.rules)
2044064 - ET MALWARE UAC-0114/Winter Vivern CnC Activity (malware.rules)
2044065 - ET MALWARE Kakfum/COLDSTEEL CnC Beacon M3 (malware.rules)
2044066 - ET MALWARE Win32/Kumquat Loader Activity (Connect)
(malware.rules)
2044067 - ET MALWARE Win32/Kumquat Loader Activity (Subscribe)
(malware.rules)
2044068 - ET MALWARE Win32/Kumquat Loader Activity (Publish)
(malware.rules)
2044069 - ET INFO RustDesk Check NAT Type (info.rules)
2044070 - ET INFO RustDesk Register Peer where serial=1 (info.rules)
2044071 - ET INFO RustDesk Register Peer where serial=0 (info.rules)
2044072 - ET INFO RustDesk Get Software Update URL (info.rules)
2044073 - ET INFO RustDesk Register Public Key (info.rules)
2044074 - ET INFO RustDesk Peer Discovery (pong) (info.rules)
2044075 - ET INFO RustDesk Peer Discovery (ping) (info.rules)
2044076 - ET INFO RustDesk Relay Domain in DNS Lookup (info.rules)
2044077 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC (malware.rules)

Pro:

2853293 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2853294 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2853295 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2853296 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2853297 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2853298 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2853299 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2853300 - ETPRO MALWARE XWorm CnC Domain in DNS Lookup (malware.rules)

Date:
Summary title:
17 new OPEN, 25 new PRO (17 + 8) UAC-0114/Wintern, XWorm Domains, IcedID Domains, Kakfum/COLDSTEEL, Win32/Kumquat, RustDesk Activity, Win32/Phorpiex