Ruleset Update Summary - 2022/11/15 - v10173

Summary:

11 new OPEN, 14 new PRO (11 + 3)

Thanks @MalGamy12, @Unit42_Intel, @360Netlab

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2039782 - ET INFO Trend Micro Phishing Simulation Service (info.rules)
  • 2039783 - ET MALWARE Fodcha Botnet Style DNS Server Lookup (malware.rules)
  • 2039784 - ET INFO ZeroTier Related Activity (udp) (info.rules)
  • 2039785 - ET MALWARE Win32/TyphonReborn Telegram CnC Checkin (malware.rules)
  • 2039786 - ET MOBILE_MALWARE Android/RatMilad CnC Checkin (mobile_malware.rules)
  • 2039787 - ET MOBILE_MALWARE Android/RatMilad CnC Domain (api .numrent .shop) in DNS Lookup (mobile_malware.rules)
  • 2039788 - ET MALWARE SocGholish Domain in DNS Lookup (casting .austinonline .shop) (malware.rules)
  • 2039789 - ET MALWARE SocGholish Domain in DNS Lookup (collapse .tradingiswar .com) (malware.rules)
  • 2039790 - ET MALWARE SocGholish Domain in DNS Lookup (founder .carflower .pics) (malware.rules)
  • 2039791 - ET MALWARE SocGholish Domain in DNS Lookup (travel .dianatokaji .com) (malware.rules)
  • 2039792 - ET MALWARE SocGholish CnC Domain in DNS Lookup (diary .lojjh .com) (malware.rules)

Pro:

  • 2852819 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-11-12 1) (coinminer.rules)
  • 2852820 - ETPRO PHISHING Fake Find My iPhone Landing Page 2022-11-15 (phishing.rules)
  • 2852821 - ETPRO PHISHING Successful Apple ID Credential Phish 2022-11-15 (phishing.rules)

Disabled and modified rules:

  • 2018313 - ET WEB_CLIENT Possible Word RTF Memory Corruption Payload Inbound (CVE-2014-1761) (web_client.rules)
  • 2807803 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0302) (web_client.rules)
  • 2807933 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1751) (web_client.rules)