Ruleset Update Summary - 2022/11/24 - v10181

rulesbot · November 24, 2022, 8:22pm

Summary:

0 new OPEN, 27 new PRO (0 + 27)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Pro:

2852858 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CKR CnC Domain in DNS Lookup (mobile_malware.rules)
2852859 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.e CnC Domain in DNS Lookup (mobile_malware.rules)
2852860 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.e CnC Domain in DNS Lookup (mobile_malware.rules)
2852861 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.e CnC Domain in DNS Lookup (mobile_malware.rules)
2852862 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.aac Checkin (mobile_malware.rules)
2852863 - ETPRO MOBILE_MALWARE Observed Android/Agent.EAT Domain in TLS SNI (mobile_malware.rules)
2852864 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CKR CnC Domain in DNS Lookup (mobile_malware.rules)
2852865 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.e CnC Domain in DNS Lookup (mobile_malware.rules)
2852866 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BSA Checkin (mobile_malware.rules)
2852867 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Xhunter.a CnC Domain in DNS Lookup (mobile_malware.rules)
2852868 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Realrat.a CnC Domain in DNS Lookup (mobile_malware.rules)
2852869 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CKR CnC Domain in DNS Lookup (mobile_malware.rules)
2852870 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (malware.rules)
2852871 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M1 (malware.rules)
2852872 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M1 (malware.rules)
2852873 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 (malware.rules)
2852874 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 (malware.rules)
2852875 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M3 (malware.rules)
2852876 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M3 (malware.rules)
2852877 - ETPRO MALWARE Observed Malicious SSL/TLS Certificate (LunarReborn C2) (malware.rules)
2852878 - ETPRO MALWARE LunarReborn CnC Checkin (malware.rules)
2852879 - ETPRO EXPLOIT Possible Encoded Stored XSS Delivered via SMTP Filename Observed M1 (exploit.rules)
2852880 - ETPRO EXPLOIT Possible Encoded Stored XSS Delivered via SMTP Filename Observed M2 (exploit.rules)
2852881 - ETPRO EXPLOIT Possible Encoded Stored XSS Delivered via SMTP Filename Observed M3 (exploit.rules)
2852882 - ETPRO EXPLOIT Possible Encoded Stored XSS Delivered via SMTP Filename Observed M4 (exploit.rules)
2852883 - ETPRO EXPLOIT Possible Encoded Stored XSS Delivered via SMTP Filename Observed M5 (exploit.rules)
2852884 - ETPRO EXPLOIT Possible Encoded Stored XSS Delivered via SMTP Filename Observed M6 (exploit.rules)

Modified active rules:

2852710 - ETPRO MOBILE_MALWARE Android/Simplocker.B Checkin 2 (mobile_malware.rules)

Removed rules:

2852487 - ETPRO MALWARE Win32/XWorm CnC Command (PING?) (malware.rules)
2852488 - ETPRO MALWARE Win32/XWorm CnC Command (PING!) (malware.rules)
2852489 - ETPRO MALWARE Win32/XWorm CnC Command (DDosS) (malware.rules)
2852490 - ETPRO MALWARE Win32/XWorm CnC Command (DDosT) (malware.rules)
2852491 - ETPRO MALWARE Win32/XWorm CnC Command (Cilpper) (malware.rules)
2852492 - ETPRO MALWARE Win32/XWorm CnC Command (hidefolderfile) (malware.rules)
2852493 - ETPRO MALWARE Win32/XWorm CnC Command (showfolderfile) (malware.rules)
2852494 - ETPRO MALWARE Win32/XWorm CnC Command (creatnewfolder) (malware.rules)
2852495 - ETPRO MALWARE Win32/XWorm CnC Command (creatfile) (malware.rules)
2852496 - ETPRO MALWARE Win32/XWorm CnC Command (downloadfile) (malware.rules)
2852497 - ETPRO MALWARE Win32/XWorm CnC Command (sendfileto) (malware.rules)
2852498 - ETPRO MALWARE Win32/XWorm CnC Command (DW) (malware.rules)
2852499 - ETPRO MALWARE Win32/XWorm CnC Command (RD-) (malware.rules)
2852500 - ETPRO MALWARE Win32/XWorm CnC Command (RD+) (malware.rules)
2852501 - ETPRO MALWARE Win32/XWorm CnC Command (###) (malware.rules)
2852502 - ETPRO MALWARE Win32/XWorm CnC Command ($$$) (malware.rules)
2852503 - ETPRO MALWARE Win32/XWorm CnC Command (^^^g) (malware.rules)
2852504 - ETPRO MALWARE Win32/XWorm CnC Command (ENC) (malware.rules)
2852505 - ETPRO MALWARE Win32/XWorm CnC Command (HVNC) (malware.rules)
2852847 - ETPRO MALWARE XWorm Short C&C Request (flowbit set) (malware.rules)
2852849 - ETPRO MALWARE Win32/XWorm CnC Command (rec) (malware.rules)
2852850 - ETPRO MALWARE Win32/XWorm CnC Command (CLOSE) (malware.rules)
2852851 - ETPRO MALWARE Win32/XWorm CnC Command (uninstall) (malware.rules)
2852852 - ETPRO MALWARE Win32/XWorm CnC Command (getinfo) M1 (malware.rules)
2852853 - ETPRO MALWARE Win32/XWorm CnC Command (getinfo) M2 (malware.rules)
2852854 - ETPRO MALWARE Win32/XWorm CnC Command (openhide) (malware.rules)
2852855 - ETPRO MALWARE Win32/XWorm CnC Command (shellfuc) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2022/11/25 - v10182 Ruleset Updates	226	November 25, 2022
Ruleset Update Summary - 2023/01/26 - v10230 Ruleset Updates	683	January 26, 2023
Ruleset Update Summary - 2023/01/20 - v10225 Ruleset Updates	416	January 20, 2023
Ruleset Update Summary - 2023/02/07 - v10238 Ruleset Updates	312	February 7, 2023
Ruleset Update Summary - 2023/04/03 - v10283 Ruleset Updates	238	April 3, 2023