[***] Summary: [***]
14 new OPEN, 14 new PRO (14 + 0) Gamaredon, WinterVivern, Bad Magic APT,
Snapchat Credential Phish, Avalanche / Lavina Pulse Domain
Thanks @malPileDiver, @felixaime, @doc_guard, @tenacioustek
The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net
The mailing list is being retired on April 3, 2023.
[+++] Added rules: [+++]
Open:
2044709 - ET MALWARE Observed DNS Query To Gamaredon Domain (raminla .ru)
(malware.rules)
2044710 - ET MALWARE Observed DNS Query To Gamaredon Domain (daglarho
.ru) (malware.rules)
2044711 - ET MALWARE Observed DNS Query to WinterVivern Domain
(ocsp-report .com) (malware.rules)
2044712 - ET MALWARE Observed DNS Query to WinterVivern Domain
(ocsp-reloads .com) (malware.rules)
2044713 - ET PHISHING Generic Credential Phish Landing Page 2023-03-21
(phishing.rules)
2044714 - ET INFO Avalanche / Lavina Pulse Domain in DNS Lookup (avl
.team) (info.rules)
2044715 - ET INFO Observed Avalanche / Lavina Pulse Domain (avl .team in
TLS SNI) (info.rules)
2044716 - ET INFO URL Shortener Service Domain in DNS Lookup (u5p .cn)
(info.rules)
2044717 - ET INFO Observed URL Shortener Service Domain Domain (u5p .cn
in TLS SNI) (info.rules)
2044718 - ET MALWARE Observed DNS Query to Bad Magic APT Domain
(webservice-srv .online) (malware.rules)
2044719 - ET MALWARE Observed DNS Query to Bad Magic APT Domain
(webservice-srv1 .online) (malware.rules)
2044720 - ET INFO Free File Hosting Domain (sendbig .com) in DNS Lookup
(info.rules)
2044721 - ET INFO Free File Hosting Domain (sendbig .com) in TLS SNI
(info.rules)
2044722 - ET PHISHING Snapchat Credential Phish Landing Page 2023-03-21
(phishing.rules)
[---] Disabled and modified rules: [---]
2042948 - ET MALWARE Observed DNS Query to Goofy Guineapig Domain (static
.tcplog .com) (malware.rules)
2043018 - ET MALWARE Observed DNS Query to Alibaba2044 Domain
(service-fatturecloud .de) (malware.rules)
2043019 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (utente
.service-fatturecloud .de) (malware.rules)
2043020 - ET MALWARE Observed DNS Query to Alibaba2044 Domain
(downloadpdf-fattura .de) (malware.rules)
2044369 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stuff
.libertydentalcourse .ca) (malware.rules)
2853034 - ETPRO MALWARE Observed DNS Query to AsyncRAT Domain
(malware.rules)
2853035 - ETPRO MALWARE Observed DNS Query to AsyncRAT Domain
(malware.rules)
2853361 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-02-10 1) (coinminer.rules)
2853364 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-02-13 1) (coinminer.rules)
2853505 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-02-15 1) (coinminer.rules)
[---] Removed rules: [---]
2807427 - ETPRO MALWARE Cryp_Banker14 Checkin (malware.rules)