Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/03/01

[***] Summary: [***]

9 new OPEN, 18 new PRO (9 + 9) BlackLotus, DynDNS, Various Android
Malware

Thanks @ESETresearch

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Due to an internal company holiday there will be no rule release on Friday
March 3rd, 2023.

[+++] Added rules: [+++]

Open:

2044412 - ET INFO DYNAMIC_DNS Query to a *.neisa .com Domain (info.rules)
2044413 - ET INFO DYNAMIC_DNS HTTP Request to a *.neisa .com Domain
(info.rules)
2044414 - ET INFO DYNAMIC_DNS Query to a *.with .mirkforce .de Domain
(info.rules)
2044415 - ET INFO DYNAMIC_DNS HTTP Request to a *.with .mirkforce .de
Domain (info.rules)
2044416 - ET INFO DYNAMIC_DNS Query to a *.visite .es Domain (info.rules)
2044417 - ET INFO DYNAMIC_DNS HTTP Request to a *.visite .es Domain
(info.rules)
2044418 - ET MALWARE Observed BlackLotus SSL Certificate Observed
(malware.rules)
2044419 - ET MALWARE Win32/BlackLotus CnC Activity (POST) (malware.rules)
2044420 - ET PHISHING Successful CenturyLink Credential Phish 2023-03-01
(phishing.rules)

Pro:

2853607 - ETPRO MOBILE_MALWARE Android.Spy.989 CnC Domain in DNS Lookup
(mobile_malware.rules)
2853608 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auye CnC Domain in
DNS Lookup (mobile_malware.rules)
2853609 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auym CnC Domain in
DNS Lookup (mobile_malware.rules)
2853610 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.n CnC
Domain in DNS Lookup (mobile_malware.rules)
2853611 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bf
<http://trojan-dropper.androidos.hqwar.bf/&gt; CnC Domain in DNS Lookup
(mobile_malware.rules)
2853612 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bf
<http://trojan-dropper.androidos.hqwar.bf/&gt; CnC Domain in DNS Lookup
(mobile_malware.rules)
2853613 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bf
<http://trojan-dropper.androidos.hqwar.bf/&gt; CnC Domain in DNS Lookup
(mobile_malware.rules)
2853614 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bf
<http://trojan-dropper.androidos.hqwar.bf/&gt; CnC Domain in DNS Lookup
(mobile_malware.rules)
2853615 - ETPRO MALWARE Bitter APT CHM CnC Activity (GET) M3
(malware.rules)

Date:
Summary title:
9 new OPEN, 18 new PRO (9 + 9) BlackLotus, DynDNS, Various Android Malware