Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/02/10

[***] Summary: [***]

10 new OPEN, 14 new PRO (10 + 4) CoinMiner, Twitter Phish, NewsPenguin,
DonotGroup, Cobalt Strike, Havoc RAT, Gamaredon

Thanks @StopMalvertisin

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2044166 - ET MALWARE Suspected Gamaredon Related Activity (GET)
(malware.rules)
2044167 - ET MALWARE DonotGroup Related Domain in DNS Lookup (records
.libutires .info) (malware.rules)
2044168 - ET USER_AGENTS Observed DonotGroup Related UA (Chrome Edge)
(user_agents.rules)
2044169 - ET MALWARE NewsPenguin Domain in DNS Lookup (updates .win32
.live) (malware.rules)
2044170 - ET MALWARE NewsPenguin Domain in DNS Lookup (windowsupdates
.shop) (malware.rules)
2044171 - ET MALWARE NewsPenguin CnC Checkin (malware.rules)
2044172 - ET MALWARE NewsPenguin Domain in DNS Lookup (sailorjobs .world)
(malware.rules)
2044173 - ET MALWARE Cobalt Strike CnC Domain (cdcgov .us) in DNS Lookup
(malware.rules)
2044174 - ET MALWARE Malicious Node.js Module aabquerys payload delivery
domain (github .elemecdn .com) in DNS Lookup (malware.rules)
2044175 - ET MALWARE Havoc RAT CnC Domain (zh .googlecdnb .tk) in DNS
Lookup (malware.rules)

Pro:

2853357 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-02-09 1) (coinminer.rules)
2853358 - ETPRO USER_AGENTS Observed Suspicious UA (NewsPenguin Related
UA) (user_agents.rules)
2853359 - ETPRO PHISHING Successful Twitter Credential Phish 2023-02-10
(phishing.rules)
2853360 - ETPRO PHISHING Twitter Credential Phish Landing Page 2023-02-10
(phishing.rules)

[---] Disabled and modified rules: [---]

2844189 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844190 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844191 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844192 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844193 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844194 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844195 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844196 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844197 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
2844198 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)

[---] Removed rules: [---]

2016104 - ET MALWARE DNS Reply for unallocated address space -
Potentially Malicious 1.1.1.0/24 (malware.rules)

Date:
Summary title:
10 new OPEN, 14 new PRO (10 + 4) CoinMiner, Twitter Phish, NewsPenguin, DonotGroup, Cobalt Strike, Havoc RAT, Gamaredon