[***] Summary: [***]

10 new OPEN, 12 new PRO (10 + 2) 3CX Supply Chain Attack, Crashedtech
Loader, Various Phish

Thanks @patrickwardle, @Volexity, @objective_see, @petrovic082

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net/

The mailing list is being retired on April 3, 2023.

[+++] Added rules: [+++]

Open:

2044848 - ET MALWARE Observed 3CX Supply Chain Attack Cookie
(malware.rules)
2044849 - ET MALWARE Observed 3CX Supply Chain Attack Cookie M2
(malware.rules)
2044850 - ET HUNTING Terse DoH Style Query (GET) (hunting.rules)
2044851 - ET MALWARE APT43 GOLDDRAGON Related Activity (GET)
(malware.rules)
2044852 - ET MALWARE Crashedtech Loader Domain (crashedff .xyz) in DNS
Lookup (malware.rules)
2044853 - ET MALWARE Crashedtech Loader CnC Checkin (malware.rules)
2044854 - ET PHISHING Successful Office365 Credential Phish 2023-03-31
(phishing.rules)
2044855 - ET MALWARE DorkBot.Downloader CnC Beacon M2 (malware.rules)
2044856 - ET MALWARE SocGholish Domain in DNS Lookup (agreement
.panworldtradersllc .com) (malware.rules)
2044857 - ET MALWARE Observed 3CX Supply Chain Attack User-Agent
(malware.rules)

Pro:

2854068 - ETPRO MALWARE LNK/TrojanDownloader.Agent.GOZ Payload Request
(GET) (malware.rules)
2854069 - ETPRO PHISHING Successful Generic Credential Phish 2023-03-30
(phishing.rules)

Date:
Summary title:
10 new OPEN, 12 new PRO (10 + 2) 3CX Supply Chain Attack, Crashedtech Loader, Various Phish