[***] Summary: [***]

9 new OPEN, 61 new PRO (9 + 52) XWorm, CrDatLoader, Dynamic DNS, and more.

Today is the final day for the mailing list, thank you for being a
part of it! Keep in touch with us at
https://community.emergingthreats.net and support at emergingthreats.net.

[+++] Added rules: [+++]

Open:

2044858 - ET INFO DYNAMIC_DNS Query to a *.poo .li Domain (info.rules)
2044859 - ET INFO DYNAMIC_DNS HTTP Request to a *.poo .li Domain (info.rules)
2044860 - ET INFO DYNAMIC_DNS Query to a *.baez .cl Domain (info.rules)
2044861 - ET INFO DYNAMIC_DNS HTTP Request to a *.baez .cl Domain (info.rules)
2044862 - ET INFO DYNAMIC_DNS Query to a *.bqc .co .za Domain (info.rules)
2044863 - ET INFO DYNAMIC_DNS HTTP Request to a *.bqc .co .za Domain
(info.rules)
2044864 - ET INFO Pastebin Service Domain in DNS Lookup (rentry .co)
(info.rules)
2044865 - ET INFO Observed Pastebin Service Domain (rentry .co in
TLS SNI) (info.rules)
2044866 - ET PHISHING Generic Credential Phish Landing Page
2023-04-03 (phishing.rules)

Pro:

2854070 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at
CnC Domain in DNS Lookup (mobile_malware.rules)
2854071 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at
CnC Domain in DNS Lookup (mobile_malware.rules)
2854072 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.ZT CnC Beacon
(mobile_malware.rules)
2854073 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CNM Checkin
(mobile_malware.rules)
2854074 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.td CnC
Domain in DNS Lookup (mobile_malware.rules)
2854075 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CNO Checkin
(mobile_malware.rules)
2854076 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2854077 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2854078 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2854079 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2854080 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2854081 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2854082 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto
Inbound (malware.rules)
2854083 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin
Outbound (malware.rules)
2854084 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin
Inbound (malware.rules)
2854085 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2854086 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2854087 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2854088 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown
Inbound (malware.rules)
2854089 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2854090 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2854091 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2854092 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2854093 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2854094 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2854095 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto
Inbound (malware.rules)
2854096 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin
Outbound (malware.rules)
2854097 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin
Inbound (malware.rules)
2854098 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2854099 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2854100 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2854101 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown
Inbound (malware.rules)
2854102 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound
(malware.rules)
2854103 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2854104 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound
(malware.rules)
2854105 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2854106 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound
(malware.rules)
2854107 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound
(malware.rules)
2854108 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto
Inbound (malware.rules)
2854109 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin
Outbound (malware.rules)
2854110 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin
Inbound (malware.rules)
2854111 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations
Outbound (malware.rules)
2854112 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Inbound (malware.rules)
2854113 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations
Outbound (malware.rules)
2854114 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown
Inbound (malware.rules)
2854115 - ETPRO ATTACK_RESPONSE CrDatLoader CnC Response Inbound M1
(attack_response.rules)
2854116 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M2 (malware.rules)
2854117 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M3 (malware.rules)
2854118 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M1 (malware.rules)
2854119 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain
(malware.rules)
2854120 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain
(malware.rules)
2854121 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain
(malware.rules)

[---] Disabled and modified rules: [---]

2044705 - ET MALWARE SocGholish CnC Domain in DNS Lookup (*
.language .sebtomato .com) (malware.rules)
---------------------------------------------------------

Date:
Summary title:
9 new OPEN, 61 new PRO (9 + 52) XWorm, CrDatLoader, Dynamic DNS, and more.