Daily Ruleset Update Summary 2023/02/27

Daily Ruleset Update Summary

[***] Summary: [***]

24 new OPEN, 29 new PRO (24 + 5) NimPlant, S1deload Stealer, Gamaredon,
Android Malware, and QBot sigs.

Thanks @BitDefender, @Cyber0verload, @500mk500

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Due to an internal company holiday there will be no rule release on Friday
March 3rd, 2023.

[+++] Added rules: [+++]

Open:

2044346 - ET MALWARE Win32/Grandoreiro TCP CnC Activity (malware.rules)
2044347 - ET MALWARE NimPlant Register Activity (GET) (malware.rules)
2044348 - ET MALWARE NimPlant Sending Command (Inbound) (malware.rules)
2044349 - ET MALWARE NimPlant Register Activity M2 (POST) (malware.rules)
2044350 - ET MALWARE NimPlant Task Activity (GET) (malware.rules)
2044351 - ET MALWARE NimPlant Sending Task (Inbound) (malware.rules)
2044352 - ET MALWARE NimPlant Result Activity (POST) (malware.rules)
2044353 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2044354 - ET HUNTING User-Agent with Non Standard Characters
(hunting.rules)
2044355 - ET PHISHING Successful Generic Credential Phish 2023-02-27
(phishing.rules)
2044356 - ET PHISHING Generic Credential Phish Landing Page 2023-02-27
(phishing.rules)
2044357 - ET PHISHING Successful Orange.fr Credential Phish 2023-02-27
(phishing.rules)
2044358 - ET MALWARE Win32/S1deload Stealer CnC Domain (neukoo .top) in
DNS Lookup (malware.rules)
2044359 - ET MALWARE Win32/S1deload Stealer CnC Checkin (malware.rules)
2044360 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Get Tasking
(malware.rules)
2044361 - ET MALWARE Win32/S1deload Stealer CnC Domain (ytb .dolala .xyz)
in DNS Lookup (malware.rules)
2044362 - ET MALWARE Win32/S1deload Stealer CnC Domain (shopproxy .live)
in DNS Lookup (malware.rules)
2044363 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer
Payload Retrieval M1 (malware.rules)
2044364 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer
Payload Retrieval M2 (malware.rules)
2044365 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer
Payload Retrieval M3 (malware.rules)
2044366 - ET MALWARE Win32/S1deload Stealer Data Exfiltration Attempt M1
(malware.rules)
2044367 - ET MALWARE Win32/S1deload Stealer Data Exfiltration Attempt M2
(malware.rules)
2044368 - ET MALWARE Win32/VB.AAF Checkin (malware.rules)
2044369 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stuff
.libertydentalcourse .ca) (malware.rules)

Pro:

2853599 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auqt CnC Domain in
DNS Lookup (mobile_malware.rules)
2853600 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.n CnC
Domain in DNS Lookup (mobile_malware.rules)
2853601 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auwp CnC Domain in
DNS Lookup (mobile_malware.rules)
2853602 - ETPRO MALWARE OneNote/Qbot CnC Activity (GET) (malware.rules)
2853603 - ETPRO MALWARE OneNote/Qbot CnC Activity (GET) (malware.rules)

Date:

Monday, February 27, 2023

Summary title:

24 new OPEN, 29 new PRO (24 + 5) NimPlant, S1deload Stealer, Gamaredon, Android Malware, and QBot sigs.