Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/03/10

Daily Ruleset Update Summary 2023/03/10

[***] Summary: [***]

9 new OPEN, 10 new PRO (9 + 1)

Thanks @TalosSecurity, @_CPResearch, @500mk500, @suyog41 Gamaredon,
WorldWind Stealer, Phishing, Prometei, APT Sharp Panda Soul Framework,
and much more.

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

[+++] Added rules: [+++]

Open:

2044556 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2044557 - ET MALWARE WorldWind Stealer Sending System information
via Telegram (POST) (malware.rules)
2044558 - ET PHISHING Possible Credential Phish Landing Page
2023-03-10 (phishing.rules)
2044559 - ET PHISHING United Parcel Service Landing Page 2023-03-10
(phishing.rules)
2044560 - ET MALWARE Prometei Botnet CnC DGA - xinchao Pattern (malware.rules)
2044561 - ET MALWARE Prometei Botnet CnC Domain (feefreepool .net)
in DNS Lookup (malware.rules)
2044562 - ET MALWARE Prometei Botnet CnC Checkin (malware.rules)
2044563 - ET MALWARE Prometei Botnet CnC Checkin - Payload Retrieval
(malware.rules)
2044564 - ET MALWARE Sharp Panda Soul Framework CnC Checkin (malware.rules)

Pro:

2853643 - ETPRO ADWARE_PUP Win32/StartPage Activity (GET) (adware_pup.rules)

[///] Modified inactive rules: [///]

2013076 - ET MALWARE Zeus Bot GET to Google checking Internet
connectivity (malware.rules)
2014302 - ET HUNTING Suspicious HTTP Referer C Drive Path (hunting.rules)
2018254 - ET MALWARE Possible Graftor EXE Download Common Header
Order (malware.rules)
2020966 - ET MALWARE CozyDuke APT Possible SSL Cert 1 (malware.rules)
2022492 - ET MALWARE Win32/Fluxer CnC Checkin (malware.rules)
2023146 - ET EXPLOIT CVE-2014-6332 Sep 01 2016 (HFS Actor) M2 (exploit.rules)
2023672 - ET MALWARE JS/WSF Downloader Dec 08 2016 M4 (malware.rules)
2025020 - ET MALWARE Win32/Nivdort Checkin (malware.rules)
2025232 - ET PHISHING Email Server Mobile Security Settings Phishing
Landing 2018-01-22 (phishing.rules)
2030625 - ET MALWARE Win32/PurpleWave Stealer Requesting Config
(malware.rules)
2032937 - ET MALWARE Unk.CoinMiner Loader Checkin (malware.rules)
2033033 - ET MALWARE BazaLoader CnC Activity (malware.rules)
2033203 - ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
(malware.rules)
2033249 - ET MALWARE Kaseya VSA Exploit Activity M2 (SET) (malware.rules)
2033250 - ET MALWARE Possible Kaseya VSA Exploit Activity Inbound M1
(malware.rules)
2033251 - ET MALWARE Possible Kaseya VSA Exploit Activity Inbound M2
(malware.rules)
2033252 - ET MALWARE Possible Kaseya VSA Exploit URI Structure
Inbound (malware.rules)
2033833 - ET MALWARE Win32/44Caliber Stealer Variant Activity (POST)
(malware.rules)
2034510 - ET EXPLOIT .NET Framework Remote Code Execution Injection
(CVE-2020-1147) (exploit.rules)
2035952 - ET EXPLOIT SEOWON INTECH SLC-130 RCE Inbound (No CVE)
(exploit.rules)
2035957 - ET MALWARE Lyceum Golang HTTP Backdoor Connectivity Check
(malware.rules)
2036681 - ET MALWARE Downloader/Win.MalXll.R466354 Payload Request
(malware.rules)
2036818 - ET EXPLOIT Bonitasoft Authorization Bypass M1
(CVE-2022-25237) (exploit.rules)
2036821 - ET EXPLOIT Bonitasoft Authorization Bypass and RCE Upload
M1 (CVE-2022-25237) (exploit.rules)
2038674 - ET MALWARE VBS/Kimsuky.O Host Fingerprint Exfil (malware.rules)
2039135 - ET PHISHING Generic Credential Phish Landing Page
2022-10-10 (phishing.rules)
2042663 - ET MALWARE Villain C2 Framework HTTP Command Response
(malware.rules)
2042971 - ET PHISHING Lucy Security Phishing Awareness Landing Page
(phishing.rules)
2803267 - ETPRO MALWARE Win32.Pasta.IK Checkin (malware.rules)
2804408 - ETPRO MALWARE Mal/Simda-C Install (malware.rules)
2806235 - ETPRO MALWARE Trojan-Ransom.Win32.Blocker.av
sx Checkin (malware.rules)
2809926 - ETPRO MALWARE Win32/TrojanProxy.Agent.AU Checkin (malware.rules)
2810236 - ETPRO MALWARE Win32.SysUpdater Scanning External Sites
(malware.rules)
2810735 - ETPRO MALWARE Banker.Win32.Banbra Checkin (malware.rules)
2810847 - ETPRO MALWARE AutoIt variant CnC Beacon (malware.rules)
2814622 - ETPRO MALWARE Win32/Skeeyah.A Variant Conn Check (malware.rules)
2814633 - ETPRO MALWARE Win32/TrojanDownloader.Banload.UKZ Receiving
Payload (malware.rules)
2816116 - ETPRO MALWARE SteamStealer Item Value Check (malware.rules)
2822394 - ETPRO MALWARE MSIL/UBN CP Downloader Requesting Payload
(malware.rules)
2824766 - ETPRO EXPLOIT_KIT EK Silverlight Exploit (exploit_kit.rules)
2826096 - ETPRO PHISHING Successful Paypal Phish M2 Apr 24 2017
(phishing.rules)
2828253 - ETPRO PHISHING Successful Postmaster Phish M2 Oct 12 2017
(phishing.rules)
2828711 - ETPRO MALWARE Win32/DarkNeuron POST Request to CnC (malware.rules)
2834791 - ETPRO MALWARE Astaroth Requesting Additional Payloads
(malware.rules)
2836766 - ETPRO MALWARE Possible Java/Unk.Backdoor Style IP Address
Check (malware.rules)
2839018 - ETPRO MALWARE Win32/WinLoader Requesting Payload (malware.rules)
2839019 - ETPRO HUNTING Generic POST with Commonly Stolen Services
in Body (hunting.rules)
2841440 - ETPRO MALWARE Win32/DiamondFox Variant CnC Checkin (malware.rules)
2841774 - ETPRO MALWARE W32/Injector.jwcqy CnC Activity M1 (malware.rules)
2841775 - ETPRO MALWARE W32/Injector.jwcqy CnC Activity M2 (malware.rules)
2842035 - ETPRO MALWARE Win32/Agent.ABLU Connectivity Check (malware.rules)
2843378 - ETPRO MALWARE Win32/Presenoker CnC Checkin (malware.rules)
2844308 - ETPRO MALWARE Win32/Stealer.tnf CnC Exfil (malware.rules)
2846163 - ETPRO HUNTING Long Strings of Asterisk - Possible Exfil in
POST Body (hunting.rules)
2846661 - ETPRO POLICY External IP Address Lookup (eryaz .net) (policy.rules)
2846941 - ETPRO PHISHING Successful Generic Secure Message Center
Phish 2021-02-05 (phishing.rules)
2847038 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.xi Checkin
(mobile_malware.rules)
2847257 - ETPRO MALWARE Malicious Second Stage Payload Request
2021-02-23 (malware.rules)
2848145 - ETPRO PHISHING Successful Orange FR Phish 2021-04-12
(phishing.rules)
2848373 - ETPRO MALWARE MSIL/HELLRAZOR Stealer CnC Exfil (malware.rules)
2848416 - ETPRO MALWARE Avalon Stealer Variant CnC Exfil (malware.rules)
2851548 - ETPRO MALWARE Win32/AveMaria CnC Exfil M1 (malware.rules)
2851549 - ETPRO MALWARE Win32/AveMaria CnC Exfil M2 (malware.rules)
2852652 - ETPRO MALWARE Sliver HTTP SessionInit Request (malware.rules)
2852653 - ETPRO MALWARE Sliver HTTP SessionInit Request (malware.rules)
2852654 - ETPRO MALWARE Sliver HTTP SessionInit Request (malware.rules)
2852655 - ETPRO MALWARE Sliver HTTP SessionInit Request (malware.rules)
2852656 - ETPRO MALWARE Sliver HTTP SessionInit Request (malware.rules)
2852657 - ETPRO MALWARE Sliver HTTP SessionInit Request (malware.rules)
2852658 - ETPRO MALWARE Sliver HTTP SessionInit Request (malware.rules)

Date:
Summary title:
9 new OPEN, 10 new PRO (9 + 1)