Daily Ruleset Update Summary 2023/03/29

Daily Ruleset Update Summary

[***] Summary: [***]

31 new OPEN, 225 new PRO (31 + 194) 3CX Supply Chain Attack Domains,
Xworm, Gamaredon

Thanks @Mandiant, @Cyber0verload, @travisbgreen

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

[+++] Added rules: [+++]

Open:

2044802 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (azuredeploystore .com) (malware.rules)
2044803 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (qwepoi123098 .com) (malware.rules)
2044804 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (msedgepackageinfo .com) (malware.rules)
2044805 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (journalide .org) (malware.rules)
2044806 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (azureonlinestorage .com) (malware.rules)
2044807 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (pbxcloudeservices .com) (malware.rules)
2044808 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (pbxphonenetwork .com) (malware.rules)
2044809 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (pbxsources .com) (malware.rules)
2044810 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (akamaicontainer .com) (malware.rules)
2044811 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (sourceslabs .com) (malware.rules)
2044812 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (glcloudservice .com) (malware.rules)
2044813 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (zacharryblogs .com) (malware.rules)
2044814 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (azureonlinecloud .com) (malware.rules)
2044815 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (dunamistrd .com) (malware.rules)
2044816 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (officestoragebox .com) (malware.rules)
2044817 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (akamaitechcloudservices .com) (malware.rules)
2044818 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (msstorageazure .com) (malware.rules)
2044819 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (visualstudiofactory .com) (malware.rules)
2044820 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (msstorageboxes .com) (malware.rules)
2044821 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (sbmsa .wiki) (malware.rules)
2044822 - ET MALWARE Possible 3CX Supply Chain Attack (2023-03-29) Domain
Indiciator in DNS Lookup (officeaddons .com) (malware.rules)
2044823 - ET MALWARE Suspected APT43 BITTERSWEET Related Activity (POST)
(malware.rules)
2044824 - ET MALWARE Suspected APT43 BRAVEPRINCE Related Activity (GET)
(malware.rules)
2044825 - ET WEB_SPECIFIC_APPS Altenergy Power Control Software Command
Injection Attempt (CVE-2022-25237) (web_specific_apps.rules)
2044826 - ET MALWARE Observed DNS Query to Gamaredon Domain (same
.gleaming8 .battleras .ru) (malware.rules)
2044827 - ET MALWARE MalDoc/Gamaredon CnC Activity M1 (malware.rules)
2044828 - ET MALWARE MalDoc/Gamaredon CnC Activity M2 (malware.rules)
2044829 - ET MALWARE MalDoc/Gamaredon CnC Activity M3 (malware.rules)
2044830 - ET INFO Observed URL Shortener Service Domain in DNS Lookup
(goo .su) (info.rules)
2044831 - ET INFO Observed URL Shortener Service Domain (goo .su in TLS
SNI) (info.rules)
2044832 - ET ADWARE_PUP Win32/VrBrothers Checkin (adware_pup.rules)

Pro:

2853862 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853863 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853864 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853865 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853866 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853867 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2853868 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853869 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853870 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound
(malware.rules)
2853871 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853872 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2853873 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2853874 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2853875 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2853876 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853877 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853878 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853879 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853880 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853881 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853882 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853883 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853884 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853885 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2853886 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853887 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853888 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound
(malware.rules)
2853889 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853890 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2853891 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2853892 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2853893 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2853894 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853895 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853896 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853897 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853898 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853899 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853900 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853901 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853902 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853903 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2853904 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853905 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853906 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound
(malware.rules)
2853907 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853908 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2853909 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2853910 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2853911 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2853912 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853913 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853914 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853915 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853916 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853917 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853918 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853919 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853920 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853921 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853922 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853923 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853924 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853925 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2853926 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2853927 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2853928 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853929 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853930 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853931 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853932 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2853933 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853934 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853935 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound
(malware.rules)
2853936 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853937 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2853938 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2853939 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2853940 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2853941 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853942 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853943 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853944 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853945 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853946 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853947 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853948 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853949 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853950 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853951 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853952 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853953 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853954 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853955 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2853956 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853957 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853958 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound
(malware.rules)
2853959 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853960 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2853961 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2853962 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2853963 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2853964 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853965 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853966 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853967 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853968 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2853969 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853970 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853971 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound
(malware.rules)
2853972 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853973 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2853974 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2853975 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2853976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2853977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853978 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853979 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853980 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853981 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2853982 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853983 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853984 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound
(malware.rules)
2853985 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853986 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2853987 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2853988 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2853989 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2853990 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2853991 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2853992 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2853993 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2853994 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2853995 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853996 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2853997 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound
(malware.rules)
2853998 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2853999 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2854000 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound
(malware.rules)
2854001 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound
(malware.rules)
2854002 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound
(malware.rules)
2854003 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2854004 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2854005 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2854006 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2854007 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2854008 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2854009 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2854010 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2854011 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2854012 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2854013 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2854014 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2854015 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2854016 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound
(malware.rules)
2854017 - ETPRO HUNTING Common Java RCE Gadgets Observed M119
(hunting.rules)
2854018 - ETPRO HUNTING Common Java RCE Gadgets Observed M121
(hunting.rules)
2854019 - ETPRO HUNTING Common Java RCE Gadgets Observed M122
(hunting.rules)
2854020 - ETPRO HUNTING Common Java RCE Gadgets Observed M123
(hunting.rules)
2854021 - ETPRO HUNTING Common Java RCE Gadgets Observed M120
(hunting.rules)
2854022 - ETPRO HUNTING Common Java RCE Gadgets Observed M124
(hunting.rules)
2854023 - ETPRO HUNTING Common Java RCE Gadgets Observed M125
(hunting.rules)
2854024 - ETPRO HUNTING Common Java RCE Gadgets Observed M126
(hunting.rules)
2854025 - ETPRO HUNTING Common Java RCE Gadgets Observed M127
(hunting.rules)
2854026 - ETPRO HUNTING Common Java RCE Gadgets Observed M128
(hunting.rules)
2854027 - ETPRO HUNTING Common Java RCE Gadgets Observed M129
(hunting.rules)
2854028 - ETPRO HUNTING Common Java RCE Gadgets Observed M130
(hunting.rules)
2854029 - ETPRO HUNTING Common Java RCE Gadgets Observed M131
(hunting.rules)
2854030 - ETPRO HUNTING Common Java RCE Gadgets Observed M132
(hunting.rules)
2854031 - ETPRO HUNTING Common Java RCE Gadgets Observed M133
(hunting.rules)
2854032 - ETPRO HUNTING Common Java RCE Gadgets Observed M134
(hunting.rules)
2854033 - ETPRO HUNTING Common Java RCE Gadgets Observed M135
(hunting.rules)
2854034 - ETPRO HUNTING Common Java RCE Gadgets Observed M136
(hunting.rules)
2854035 - ETPRO HUNTING Common Java RCE Gadgets Observed M138
(hunting.rules)
2854036 - ETPRO HUNTING Common Java RCE Gadgets Observed M139
(hunting.rules)
2854037 - ETPRO HUNTING Common Java RCE Gadgets Observed M140
(hunting.rules)
2854038 - ETPRO HUNTING Common Java RCE Gadgets Observed M141
(hunting.rules)
2854039 - ETPRO HUNTING Common Java RCE Gadgets Observed M142
(hunting.rules)
2854040 - ETPRO HUNTING Common Java RCE Gadgets Observed M143
(hunting.rules)
2854041 - ETPRO HUNTING Common Java RCE Gadgets Observed M144
(hunting.rules)
2854042 - ETPRO HUNTING Common Java RCE Gadgets Observed M145
(hunting.rules)
2854043 - ETPRO HUNTING Common Java RCE Gadgets Observed M146
(hunting.rules)
2854044 - ETPRO HUNTING Common Java RCE Gadgets Observed M147
(hunting.rules)
2854045 - ETPRO HUNTING Common Java RCE Gadgets Observed M148
(hunting.rules)
2854046 - ETPRO HUNTING Common Java RCE Gadgets Observed M149
(hunting.rules)
2854047 - ETPRO HUNTING Common Java RCE Gadgets Observed M150
(hunting.rules)
2854048 - ETPRO HUNTING Common Java RCE Gadgets Observed M151
(hunting.rules)
2854049 - ETPRO HUNTING Common Java RCE Gadgets Observed M152
(hunting.rules)
2854050 - ETPRO HUNTING Common Java RCE Gadgets Observed M153
(hunting.rules)
2854051 - ETPRO HUNTING Common Java RCE Gadgets Observed M154
(hunting.rules)
2854052 - ETPRO HUNTING Common Java RCE Gadgets Observed M155
(hunting.rules)
2854053 - ETPRO HUNTING Common Java RCE Gadgets Observed M156
(hunting.rules)
2854054 - ETPRO HUNTING Common Java RCE Gadgets Observed M137
(hunting.rules)
2854055 - ETPRO MALWARE Win32/Nemesis Stealer Host Exfil (POST)
(malware.rules)

[---] Disabled and modified rules: [---]

2031193 - ET MALWARE Suspected Snugy DNS Backdoor Initial Beacon
(malware.rules)
2039773 - ET MALWARE CloudAtlas Related Domain in DNS Lookup
(protocol-list .com) (malware.rules)
2039805 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
2039806 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
2041119 - ET MALWARE DonotGroup Related Domain in DNS Lookup (grapehister
.buzz) (malware.rules)
2041121 - ET MALWARE DonotGroup Related Domain in DNS Lookup
(orangeholister .buzz) (malware.rules)
2041122 - ET MALWARE Observed DonotGroup Related Domain (orangeholister
.buzz in TLS SNI) (malware.rules)
2041652 - ET MALWARE Confucious APT Related Domain in DNS Lookup
(info-updates .ddns .net) (malware.rules)
2042160 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-offices
.com) (malware.rules)
2042161 - ET MALWARE Maldoc Related Domain in DNS Lookup (ms-office
.services) (malware.rules)
2042162 - ET MALWARE Maldoc Related Domain in DNS Lookup
(template-openxml .com) (malware.rules)
2042643 - ET MALWARE Observed TA444/Lazarus Domain (one .microshare
.cloud) in TLS SNI (malware.rules)
2042644 - ET MALWARE TA444/Lazarus Related Domain in DNS Lookup
(microshare .cloud) (malware.rules)
2042645 - ET MALWARE TA444 Related Domain in DNS Lookup (docs-view
.cloud) (malware.rules)
2042646 - ET MALWARE TA444 Related Domain in DNS Lookup (microshare
.cloud) (malware.rules)
2042647 - ET MALWARE TA444 Related Domain in DNS Lookup (mufg .college)
(malware.rules)
2042648 - ET MALWARE TA444 Related Domain in DNS Lookup (auto-protection
.cloud) (malware.rules)
2042649 - ET MALWARE TA444 Related Domain in DNS Lookup (prosec .ink)
(malware.rules)
2042650 - ET MALWARE TA444 Related Domain in DNS Lookup (smbc-vc .com)
(malware.rules)
2042651 - ET MALWARE TA444 Related Domain in DNS Lookup (angelbridge
.capital) (malware.rules)
2042652 - ET MALWARE TA444 Related Domain in DNS Lookup (meeting .work
.gd) (malware.rules)
2042653 - ET MALWARE DangerousPassword APT Related Domain in DNS Lookup
(thecloudnet .org) (malware.rules)
2042656 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup
(malware.rules)
2042960 - ET MALWARE TA444 Related Domain in DNS Lookup (cloudprotect .us
.org) (malware.rules)
2042961 - ET MALWARE TA444 Related Domain in DNS Lookup (cloud .prosec
.ink) (malware.rules)
2042979 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (vasimgo
.shop) (malware.rules)
2042980 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup
(admin-dpsu .org) (malware.rules)
2042981 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup
(files-dwn .shop) (malware.rules)
2043015 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup
(malware.rules)
2043016 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup
(malware.rules)
2043049 - ET MALWARE Lazarus APT Related Domain in DNS Lookup
(professiondesc .com) (malware.rules)
2044152 - ET MALWARE TA444 Related Domain in DNS Lookup (safe .doc-share
.cloud) (malware.rules)
2044153 - ET MALWARE TA444 Related Domain in DNS Lookup (autoprotect .com
.se) (malware.rules)
2044167 - ET MALWARE DonotGroup Related Domain in DNS Lookup (records
.libutires .info) (malware.rules)

Date:

Wednesday, March 29, 2023

Summary title:

31 new OPEN, 225 new PRO (31 + 194) 3CX Supply Chain Attack Domains, Xworm, Gamaredon