Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/03/30

[***] Summary: [***]

15 new OPEN, 25 new PRO (15 + 10) Gamaredon, SocGholish, Various Android
Malware, Silivon Valley Bank Credential Phishin

Thanks @suyog41, @StopMalvertisin, @Gi7w0rm, @malPileDiver

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net/

The mailing list is being retired on April 3, 2023.

[+++] Added rules: [+++]

Open:

2044833 - ET MALWARE Bitter Elephant APT Related Activity (GET)
(malware.rules)
2044834 - ET MALWARE Suspected APT37 Related Activity (GET)
(malware.rules)
2044835 - ET HUNTING Possible Racoon Stealer Retrieving Google Account
Details (GET) (hunting.rules)
2044836 - ET MALWARE Observed DNS Query to Gamaredon Domain (saadipo .ru)
(malware.rules)
2044837 - ET MALWARE Observed DNS Query to Gamaredon Domain (sabirpo .ru)
(malware.rules)
2044838 - ET MALWARE Observed DNS Query to Gamaredon Domain (rufatpo .ru)
(malware.rules)
2044839 - ET MALWARE Observed DNS Query to Gamaredon Domain (raidla .ru)
(malware.rules)
2044840 - ET PHISHING Silicon Valley Bank Credential Phish Landing Page
(2023-03-30) (phishing.rules)
2044841 - ET WEB_CLIENT ALFA TEaM Shell Landing Page (web_client.rules)
2044842 - ET MALWARE DBatLoader CnC Domain (silverline .com .sg) in DNS
Lookup (malware.rules)
2044843 - ET MALWARE OpcJacker HVNC Variant Magic Packet (malware.rules)
2044844 - ET MALWARE SocGholish Domain in DNS Lookup (unit4 .majesticpg
.com) (malware.rules)
2044845 - ET MALWARE SocGholish Domain in DNS Lookup (examples
.propertytax4less .com) (malware.rules)
2044846 - ET MALWARE SocGholish Domain in DNS Lookup (life .judyfay .com)
(malware.rules)
2044847 - ET MALWARE TA569 TDS Domain in DNS Lookup (xjquery .com)
(malware.rules)

Pro:

2854056 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.fa CnC Domain in
DNS Lookup (mobile_malware.rules)
2854057 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.tm CnC
Domain in DNS Lookup (mobile_malware.rules)
2854058 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lc CnC
Domain in DNS Lookup (mobile_malware.rules)
2854059 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.n CnC
Domain in DNS Lookup (mobile_malware.rules)
2854060 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.fa CnC Domain in
DNS Lookup (mobile_malware.rules)
2854061 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CNA CnC Domain in DNS
Lookup (mobile_malware.rules)
2854062 - ETPRO MOBILE_MALWARE Android/Spy.AhRat.A CnC Domain in DNS
Lookup (mobile_malware.rules)
2854063 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.k CnC Domain
in DNS Lookup (mobile_malware.rules)
2854064 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.QZ Checkin
(mobile_malware.rules)
2854065 - ETPRO MOBILE_MALWARE Android/Spy.SideWinder.E CnC Domain in DNS
Lookup (mobile_malware.rules)

[---] Disabled and modified rules: [---]

2044382 - ET MALWARE Donot Group APT Related Domain in DNS Lookup
(briefdeal .buzz) (malware.rules)
2044383 - ET MALWARE Observed Donot Group APT Domain (briefdeal .buzz in
TLS SNI) (malware.rules)
2044384 - ET MALWARE Observed Donot Group APT Domain (winterhero .buzz in
TLS SNI) (malware.rules)
2044385 - ET MALWARE Donot Group APT Related Domain in DNS Lookup
(winterhero .buzz) (malware.rules)

Date:
Summary title:
15 new OPEN, 25 new PRO (15 + 10) Gamaredon, SocGholish, Various Android Malware, Silivon Valley Bank Credential Phishin