Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/03/08

Daily Ruleset Update Summary 2023/03/08

[***] Summary: [***]

19 new OPEN, 22 new PRO (19 + 3) Emotet, Gamaredon, Various
Infostealers, and many more.

Thanks @bridewellsec, @suyog41, @ahnlab_secuinfo, @James_inthe_box

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

[+++] Added rules: [+++]

Open:

2044518 - ET MALWARE Observed Emotet Maldoc Retrieving Payload
(2023-03-08) (malware.rules)
2044519 - ET INFO DYNAMIC_DNS Query to a *.sweeny .us Domain (info.rules)
2044520 - ET INFO DYNAMIC_DNS HTTP Request to a *.sweeny .us Domain
(info.rules)
2044521 - ET MALWARE TA444 Related Domain in DNS Lookup (azure
.doc-view .cloud) (malware.rules)
2044522 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2044523 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2044524 - ET MALWARE Win32/Luca Stealer Sending System Information
via Telegram (GET) (malware.rules)
2044525 - ET MALWARE PlugX Related Domain in DNS Lookup (cdn .imango
.ink) (malware.rules)
2044526 - ET MALWARE PlugX Related Domain in DNS Lookup (api .imango
.ink) (malware.rules)
2044527 - ET MALWARE Win32/Vector Stealer Sending System Information
via Telegram (POST) (malware.rules)
2044528 - ET MALWARE Hackt.be Pentesting CnC Activity (malware.rules)
2044529 - ET MALWARE Observed DNS Query to NanoCore Domain
(nanocore2023 .duckdns .org) (malware.rules)
2044530 - ET EXPLOIT Razer Sila Router - Command Injection Attempt
Inbound (wget) (No CVE) (exploit.rules)
2044531 - ET EXPLOIT Razer Sila Router - Command Injection Attempt
Inbound (curl) (No CVE) (exploit.rules)
2044532 - ET EXPLOIT Razer Sila Router - Command Injection Attempt
Inbound (find) (No CVE) (exploit.rules)
2044533 - ET EXPLOIT Razer Sila Router - Command Injection Attempt
Inbound (sh) (No CVE) (exploit.rules)
2044534 - ET EXPLOIT Razer Sila Router - LFI Attempt Inbound
(passwd) (No CVE) (exploit.rules)
2044535 - ET MALWARE Win32/I'm_Better Stealer CnC Command - get_key
(malware.rules)
2044536 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .tool
.pearldentalgroup .ca) (malware.rules)

Pro:

2853639 - ETPRO MALWARE Emotet Payload Inbound - Highly Compressed
ZIP containing a DLL (malware.rules)
2853640 - ETPRO HUNTING Highly Compressed ZIP containing a DLL (hunting.rules)
2853641 - ETPRO HUNTING Highly Compressed ZIP containing a EXE (hunting.rules)

Date:
Summary title:
19 new OPEN, 22 new PRO (19 + 3) Emotet, Gamaredon, Various Infostealers, and many more.