Ruleset Update Summary - 2022/11/18 - v10176

Ruleset Updates
1

Summary:

8 new OPEN, 10 new PRO (8 + 2)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2039805 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
  • 2039806 - ET MALWARE Maldoc Related Domain in DNS Lookup (malware.rules)
  • 2039807 - ET MALWARE Maldoc Retrieving Remote Template (GET) (malware.rules)
  • 2039808 - ET MALWARE TA444 Domain in DNS Lookup (gdocshare .one) (malware.rules)
  • 2039809 - ET MALWARE Observed TA444 Domain (gdocshare .one in TLS SNI) (malware.rules)
  • 2039810 - ET PHISHING TA398/Sidewinder Credential Phish Landing Page M1 2022-11-18 (phishing.rules)
  • 2039811 - ET PHISHING TA398/Sidewinder Credential Phish Landing Page M2 2022-11-18 (phishing.rules)
  • 2039812 - ET PHISHING TA398/Sidewinder Credential Phish Landing Page M3 2022-11-18 (phishing.rules)

Pro:

  • 2852833 - ETPRO PHISHING Successful FIFA Related Phish 2022-11-18 (set) (phishing.rules)
  • 2852834 - ETPRO PHISHING Success FIFA Related Phish 2022-11-18 (phishing.rules)

Modified active rules:

  • 2034609 - ET MALWARE NOBELIUM (TA421) Cobalt Strike CnC Domain in DNS Lookup (malware.rules)
  • 2038535 - ET MALWARE Shuckworm/Gamaredon CnC Domain (pasamart .ru) in DNS Lookup (malware.rules)
  • 2852487 - ETPRO MALWARE Win32/XWorm CnC Command (PING?) (malware.rules)
  • 2852488 - ETPRO MALWARE Win32/XWorm CnC Command (PING!) (malware.rules)
  • 2852489 - ETPRO MALWARE Win32/XWorm CnC Command (DDosS) (malware.rules)
  • 2852490 - ETPRO MALWARE Win32/XWorm CnC Command (DDosT) (malware.rules)
  • 2852491 - ETPRO MALWARE Win32/XWorm CnC Command (Cilpper) (malware.rules)
  • 2852492 - ETPRO MALWARE Win32/XWorm CnC Command (hidefolderfile) (malware.rules)
  • 2852493 - ETPRO MALWARE Win32/XWorm CnC Command (showfolderfile) (malware.rules)
  • 2852494 - ETPRO MALWARE Win32/XWorm CnC Command (creatnewfolder) (malware.rules)
  • 2852495 - ETPRO MALWARE Win32/XWorm CnC Command (creatfile) (malware.rules)

Removed rules:

  • 2034622 - ET MALWARE NOBELIUM (TA421) CnC Domain in DNS Lookup (malware.rules)
  • 2038911 - ET MALWARE Gamaredon CnC Domain (pasamart .ru) in DNS Lookup (malware.rules)