Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/02/17

[***] Summary: [***]

10 new OPEN, 21 new PRO (10 + 11). Various APT, Phishing, XWorm and Android.

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2044233 - ET INFO DYNAMIC_DNS Query to a *.sytes.net Domain (info.rules)
2044234 - ET PHISHING Sidewinder Credential Phish Landing Page M2
2023-02-16 (phishing.rules)
2044235 - ET PHISHING Sidewinder Credential Phish Landing Page M2
2023-02-16 (phishing.rules)
2044236 - ET MALWARE APT37 M2RAT CnC Server Command - OKR (malware.rules)
2044237 - ET MALWARE APT37 M2RAT CnC Server Command - URL (malware.rules)
2044238 - ET MALWARE APT37 M2RAT CnC Server Command - UPD (malware.rules)
2044239 - ET MALWARE APT37 M2RAT CnC Server Command - RES (malware.rules)
2044240 - ET MALWARE APT37 M2RAT CnC Server Command - UNI (malware.rules)
2044241 - ET MALWARE APT37 M2RAT CnC Server Command - CMD (malware.rules)
2044242 - ET MALWARE SocGholish Domain in DNS Lookup (blockchain
.shannongougenheim .com) (malware.rules)

Pro:

2853507 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.PhantomLance.a CnC
Domain in DNS Lookup (mobile_malware.rules)
2853508 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.PhantomLance.a CnC
Domain in DNS Lookup (mobile_malware.rules)
2853509 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.PhantomLance.a CnC
Domain in DNS Lookup (mobile_malware.rules)
2853510 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aulb CnC Domain
in DNS Lookup (mobile_malware.rules)
2853511 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CME CnC Domain in
DNS Lookup (mobile_malware.rules)
2853512 - ETPRO MOBILE_MALWARE Android/Spy.Krysanec.C CnC Domain in
DNS Lookup (mobile_malware.rules)
2853513 - ETPRO MOBILE_MALWARE Android.Spy.1030 CnC Domain in DNS
Lookup (mobile_malware.rules)
2853514 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.AEV CnC
Domain in DNS Lookup (mobile_malware.rules)
2853515 - ETPRO EXPLOIT Possible Microsoft Exchange RCE - Abusable
Constructor (CVE-2023-21529) (exploit.rules)
2853516 - ETPRO EXPLOIT Possible Microsoft Exchange RCE - Abusable
Object (CVE-2023-21529) (exploit.rules)
2853517 - ETPRO MALWARE XWorm CnC Domain in DNS Lookup (malware.rules)

[---] Removed rules: [---]

2042805 - ET INFO DYNAMIC_DNS HTTP Request to a *.myftp .biz Domain
(info.rules)
2804633 - ETPRO INFO DYNAMIC_DNS Query to a *.sytes.net Domain (info.rules)

Date:
Summary title:
10 new OPEN, 21 new PRO (10 + 11). Various APT, Phishing, XWorm and Android.