Summary:
5 new OPEN, 7 new PRO (5 + 2). Various Adware/PUP and Phishing.
We are beginning to stand up our public discourse here
https://community.emergingthreats.net/! We will be posting signature
guidance, writeups and tutorials here.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
Added rules:
Open:
- 2038826 - ET ADWARE_PUP Observed DNS Query to PUP Domain (superdiag
.xyz) (adware_pup.rules) - 2038827 - ET ADWARE_PUP Win32/SuperDiag PUP CnC Activity (adware_pup.rules)
- 2038828 - ET PHISHING Generic Credential Phish Landing Page
2022-09-14 (phishing.rules) - 2038829 - ET PHISHING Successful Generic Credential Phish 2022-09-14
(phishing.rules) - 2038830 - ET MALWARE Powershell/PowHeartBeat CnC Checkin - HTTPS
(malware.rules)
Pro:
- 2852377 - ETPRO ATTACK_RESPONSE MSIL/TrojanDownloader.Agent.NGX
Payload Inbound (attack_response.rules)
Modified active rules:
- 2023753 - ET SCAN MS Terminal Server Traffic on Non-standard Port (scan.rules)
- 2803333 - ETPRO MALWARE Downloader.Win32.NSIS.hn Checkin (malware.rules)