Summary:
11 new OPEN, 14 new PRO (11 + 3)
Thanks @MalGamy12, @Unit42_Intel, @360Netlab
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2039782 - ET INFO Trend Micro Phishing Simulation Service (info.rules)
- 2039783 - ET MALWARE Fodcha Botnet Style DNS Server Lookup (malware.rules)
- 2039784 - ET INFO ZeroTier Related Activity (udp) (info.rules)
- 2039785 - ET MALWARE Win32/TyphonReborn Telegram CnC Checkin (malware.rules)
- 2039786 - ET MOBILE_MALWARE Android/RatMilad CnC Checkin (mobile_malware.rules)
- 2039787 - ET MOBILE_MALWARE Android/RatMilad CnC Domain (api .numrent .shop) in DNS Lookup (mobile_malware.rules)
- 2039788 - ET MALWARE SocGholish Domain in DNS Lookup (casting .austinonline .shop) (malware.rules)
- 2039789 - ET MALWARE SocGholish Domain in DNS Lookup (collapse .tradingiswar .com) (malware.rules)
- 2039790 - ET MALWARE SocGholish Domain in DNS Lookup (founder .carflower .pics) (malware.rules)
- 2039791 - ET MALWARE SocGholish Domain in DNS Lookup (travel .dianatokaji .com) (malware.rules)
- 2039792 - ET MALWARE SocGholish CnC Domain in DNS Lookup (diary .lojjh .com) (malware.rules)
Pro:
- 2852819 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-11-12 1) (coinminer.rules)
- 2852820 - ETPRO PHISHING Fake Find My iPhone Landing Page 2022-11-15 (phishing.rules)
- 2852821 - ETPRO PHISHING Successful Apple ID Credential Phish 2022-11-15 (phishing.rules)
Disabled and modified rules:
- 2018313 - ET WEB_CLIENT Possible Word RTF Memory Corruption Payload Inbound (CVE-2014-1761) (web_client.rules)
- 2807803 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0302) (web_client.rules)
- 2807933 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1751) (web_client.rules)