Summary:
6 new OPEN, 11 new PRO (6 + 5)
Thanks @DCSO_CyTec, @ahnlab
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2039799 - ET MALWARE Win32/Corrempa/HZRAT CnC Checkin (malware.rules)
- 2039800 - ET MALWARE Suspected Bitter APT Related Activity (malware.rules)
- 2039801 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
- 2039802 - ET MALWARE Kimsuky CnC Domain (jojoa .mypressonline .com) Observed in DNS Query (malware.rules)
- 2039803 - ET MALWARE Kimsuky CnC Domain (okihs .mypressonline .com) Observed in DNS Query (malware.rules)
- 2039804 - ET INFO Observed Free Hosting Domain (mypressonline .com) in DNS Lookup (info.rules)
Pro:
- 2852826 - ETPRO PHISHING Successful Netflix Phish 2022-11-17 (phishing.rules)
- 2852827 - ETPRO PHISHING Successful Generic Phish 2022-11-17 (phishing.rules)
- 2852828 - ETPRO PHISHING Successful Generic Phish 2022-11-17 (phishing.rules)
- 2852829 - ETPRO PHISHING Successful Microsoft Phish 2022-11-17 (phishing.rules)
- 2852832 - ETPRO MALWARE Phishing Domain in DNS Lookup (malware.rules)
Modified active rules:
- 2035803 - ET MALWARE Observed DNS Query to TA455 Domain (careers-finder .com) (malware.rules)
- 2822116 - ETPRO MALWARE Loda Logger CnC Beacon (malware.rules)
Removed rules:
- 2035461 - ET INFO Tor Proxy Domain in DNS Lookup (onion .pet) (info.rules)
- 2035823 - ET MALWARE Observed DNS Query to TA455 Domain (careers-finder .com) (malware.rules)
- 2036909 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
- 2038545 - ET MALWARE Observed DNS Query to TA444 Domain (fclouddown .co) (malware.rules)
- 2843065 - ETPRO MALWARE Win32/Corrempa CnC Checkin (malware.rules)