[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Daily Ruleset Update Summary 2023/03/31
From: Dusty Miller <dumiller () emergingthreats ! net>
Date: 2023-03-31 20:57:26
Message-ID: CAFj9uotkP=P17vZWqbcxOntoy4RFT6-_5N8oA0Wpt_iz+VFu3g () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[***] Summary: [***]
10 new OPEN, 12 new PRO (10 + 2) 3CX Supply Chain Attack, Crashedtech
Loader, Various Phish
Thanks @patrickwardle, @Volexity, @objective_see, @petrovic082
The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net/
The mailing list is being retired on April 3, 2023.
[+++] Added rules: [+++]
Open:
2044848 - ET MALWARE Observed 3CX Supply Chain Attack Cookie
(malware.rules)
2044849 - ET MALWARE Observed 3CX Supply Chain Attack Cookie M2
(malware.rules)
2044850 - ET HUNTING Terse DoH Style Query (GET) (hunting.rules)
2044851 - ET MALWARE APT43 GOLDDRAGON Related Activity (GET)
(malware.rules)
2044852 - ET MALWARE Crashedtech Loader Domain (crashedff .xyz) in DNS
Lookup (malware.rules)
2044853 - ET MALWARE Crashedtech Loader CnC Checkin (malware.rules)
2044854 - ET PHISHING Successful Office365 Credential Phish 2023-03-31
(phishing.rules)
2044855 - ET MALWARE DorkBot.Downloader CnC Beacon M2 (malware.rules)
2044856 - ET MALWARE SocGholish Domain in DNS Lookup (agreement
.panworldtradersllc .com) (malware.rules)
2044857 - ET MALWARE Observed 3CX Supply Chain Attack User-Agent
(malware.rules)
Pro:
2854068 - ETPRO MALWARE LNK/TrojanDownloader.Agent.GOZ Payload Request
(GET) (malware.rules)
2854069 - ETPRO PHISHING Successful Generic Credential Phish 2023-03-30
(phishing.rules)
[Attachment #5 (text/html)]
<div dir="ltr">[***] Summary: [***]<br><br> 10 \
new OPEN, 12 new PRO (10 + 2) 3CX Supply Chain Attack, Crashedtech Loader, Various \
Phish<br><br> Thanks @patrickwardle, @Volexity, @objective_see, \
@petrovic082<br><br> The Emerging Threats mailing list is migrating to Discourse. \
Please visit us at <a \
href="https://community.emergingthreats.net/">https://community.emergingthreats.net/</a><br><br> \
The mailing list is being retired on April 3, 2023.<br><br>[+++] Added \
rules: [+++]<br><br>Open:<br><br> 2044848 - ET MALWARE Observed 3CX \
Supply Chain Attack Cookie (malware.rules)<br> 2044849 - ET MALWARE Observed 3CX \
Supply Chain Attack Cookie M2 (malware.rules)<br> 2044850 - ET HUNTING Terse DoH \
Style Query (GET) (hunting.rules)<br> 2044851 - ET MALWARE APT43 GOLDDRAGON Related \
Activity (GET) (malware.rules)<br> 2044852 - ET MALWARE Crashedtech Loader Domain \
(crashedff .xyz) in DNS Lookup (malware.rules)<br> 2044853 - ET MALWARE Crashedtech \
Loader CnC Checkin (malware.rules)<br> 2044854 - ET PHISHING Successful Office365 \
Credential Phish 2023-03-31 (phishing.rules)<br> 2044855 - ET MALWARE \
DorkBot.Downloader CnC Beacon M2 (malware.rules)<br> 2044856 - ET MALWARE \
SocGholish Domain in DNS Lookup (agreement .panworldtradersllc .com) \
(malware.rules)<br> 2044857 - ET MALWARE Observed 3CX Supply Chain Attack \
User-Agent (malware.rules)<br><br>Pro:<br><br> 2854068 - ETPRO MALWARE \
LNK/TrojanDownloader.Agent.GOZ Payload Request (GET) (malware.rules)<br> 2854069 - \
ETPRO PHISHING Successful Generic Credential Phish 2023-03-30 (phishing.rules)</div>
[Attachment #6 (text/plain)]
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic