Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/03/23

[***] Summary: [***]

9 new OPEN, 40 new PRO (9 + 31) TA444, MuggleStealer,
Packed.FlyStudio.AA, Sinresby.B, Twitter CredPhish

Thanks Kevin Ross, @Mandiant, @pentestmonkey, @suyog41

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at
https://urldefense.com/v3/__https://community.emergingthreats.net__;!!O…$

The mailing list is being retired on April 3, 2023.

[+++] Added rules: [+++]

Open:

2044749 - ET INFO Commonly Abused Content Delivery Network Domain in DNS
Lookup (btloader .com) (info.rules)
2044750 - ET INFO Observed Abused Content Delivery Network Domain
(btloader .com in TLS SNI) (info.rules)
2044751 - ET ATTACK_RESPONSE Interactive Reverse Shell Without TTY
(Outbound) (attack_response.rules)
2044752 - ET MALWARE Win32/MuggleStealer CnC ChromePwd Exfil (POST)
(malware.rules)
2044753 - ET MALWARE Win32/MuggleStealer CnC Desktop Exfil (POST)
(malware.rules)
2044754 - ET MALWARE Win32/MuggleStealer CnC DiskInfo Exfil (POST)
(malware.rules)
2044755 - ET MALWARE Win32/MuggleStealer CnC Wincreds Exfil (POST)
(malware.rules)
2044756 - ET ADWARE_PUP Win32/Packed.FlyStudio.AA Checkin
(adware_pup.rules)
2044757 - ET MALWARE TrojanDownloader:Win32/Sinresby.B Checkin
(malware.rules)

Pro:

2853771 - ETPRO MALWARE JS/Unknown Downloader Payload Request (GET)
(malware.rules)
2853772 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853773 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853774 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853775 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853776 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853777 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853778 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853779 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853780 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853781 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853782 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853783 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853784 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853785 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853786 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853787 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853788 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853789 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853790 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853791 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853792 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853793 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853794 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853795 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853796 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853797 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853798 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853799 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853800 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853801 - ETPRO PHISHING Twitter Credential Phish Landing Page 2023-03-23
(phishing.rules)

[---] Disabled and modified rules: [---]

2036982 - ET MALWARE Loxes/Mongall Related CnC Beacon M3 (GET)
(malware.rules)

Date:
Summary title:
9 new OPEN, 40 new PRO (9 + 31) TA444, MuggleStealer, Packed.FlyStudio.AA, Sinresby.B, Twitter CredPhish