Summary:
6 new OPEN, 10 new PRO (6 + 4)
Thanks @malware_traffic
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2039793 - ET MALWARE Observed Malicious SSL/TLS Certificate (CobaltStrike C2) (malware.rules)
- 2039794 - ET EXPLOIT GL iNet MTN300n Command Injection Attempt Inbound (CVE-2022-31898) (exploit.rules)
- 2039795 - ET INFO GameHouse License Check (info.rules)
- 2039796 - ET INFO External File Sharing Service in DNS Lookup (sharefile .com) (info.rules)
- 2039797 - ET MALWARE Win32/VB.PNU CnC Checkin (malware.rules)
- 2039798 - ET MALWARE SocGholish Domain in DNS Lookup (factors .djbel .com) (malware.rules)
Pro:
- 2852822 - ETPRO MALWARE Win32/Remcos RAT Checkin 848 (malware.rules)
- 2852823 - ETPRO MALWARE Win32/Remcos RAT Checkin 849 (malware.rules)
- 2852824 - ETPRO MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
- 2852825 - ETPRO MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
Modified active rules:
- 2827990 - ETPRO MALWARE Malicious Miner Downloading CoinMiner Configuration M2 (malware.rules)
- 2843641 - ETPRO MALWARE Win32/Alyak.G Variant CnC Activity (malware.rules)
Disabled and modified rules:
- 2807998 - ETPRO EXPLOIT Possible CVE-2014-0515 Flash Buffer Overflow (exploit.rules)
- 2808038 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0310) (web_client.rules)
- 2808144 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1766) (web_client.rules)
- 2808145 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free 1 (CVE-2014-1785) (web_client.rules)
- 2808146 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free 2 (CVE-2014-1785) (web_client.rules)
- 2808148 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1791) (web_client.rules)
- 2808231 - ETPRO WEB_CLIENT Possible Acrobat Reader Privilaged API Acess CVE-2014-0521 (web_client.rules)