Ruleset Update Summary - 2022/11/17 - v10175

Summary:

6 new OPEN, 11 new PRO (6 + 5)

Thanks @DCSO_CyTec, @ahnlab

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2039799 - ET MALWARE Win32/Corrempa/HZRAT CnC Checkin (malware.rules)
  • 2039800 - ET MALWARE Suspected Bitter APT Related Activity (malware.rules)
  • 2039801 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2039802 - ET MALWARE Kimsuky CnC Domain (jojoa .mypressonline .com) Observed in DNS Query (malware.rules)
  • 2039803 - ET MALWARE Kimsuky CnC Domain (okihs .mypressonline .com) Observed in DNS Query (malware.rules)
  • 2039804 - ET INFO Observed Free Hosting Domain (mypressonline .com) in DNS Lookup (info.rules)

Pro:

  • 2852826 - ETPRO PHISHING Successful Netflix Phish 2022-11-17 (phishing.rules)
  • 2852827 - ETPRO PHISHING Successful Generic Phish 2022-11-17 (phishing.rules)
  • 2852828 - ETPRO PHISHING Successful Generic Phish 2022-11-17 (phishing.rules)
  • 2852829 - ETPRO PHISHING Successful Microsoft Phish 2022-11-17 (phishing.rules)
  • 2852832 - ETPRO MALWARE Phishing Domain in DNS Lookup (malware.rules)

Modified active rules:

  • 2035803 - ET MALWARE Observed DNS Query to TA455 Domain (careers-finder .com) (malware.rules)
  • 2822116 - ETPRO MALWARE Loda Logger CnC Beacon (malware.rules)

Removed rules:

  • 2035461 - ET INFO Tor Proxy Domain in DNS Lookup (onion .pet) (info.rules)
  • 2035823 - ET MALWARE Observed DNS Query to TA455 Domain (careers-finder .com) (malware.rules)
  • 2036909 - ET MALWARE Observed DNS Query to TA455 Domain (malware.rules)
  • 2038545 - ET MALWARE Observed DNS Query to TA444 Domain (fclouddown .co) (malware.rules)
  • 2843065 - ETPRO MALWARE Win32/Corrempa CnC Checkin (malware.rules)
1 Like