Ruleset Update Summary - 2022/12/09 - v10192

Summary:

7 new OPEN, 8 new PRO (7 + 1)

Thanks @eSentire, @DidierStevens, @malware_traffic

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2042536 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (aloyadakmashin .com) (malware.rules)
  • 2042537 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (pejapezey .com) (malware.rules)
  • 2042538 - ET MALWARE Cobalt Strike Related Activity (GET) (malware.rules)
  • 2042539 - ET INFO Suspected Phishing Simulation Related Request (GET) (info.rules)
  • 2042540 - ET MALWARE Win32/DolphinCape Activity (POST) (malware.rules)
  • 2042541 - ET MALWARE JS/GootLoader CnC Exfil (malware.rules)
  • 2042542 - ET MALWARE Observed Pirate Stealer Domain in DNS Lookup (socket .bby .gg) (malware.rules)

Pro:

  • 2852934 - ETPRO MALWARE Win32/Pirate Stealer CnC Exfil (POST) (malware.rules)

Modified active rules:

  • 2008987 - ET POLICY IP Check Domain (showip in HTTP Host) (policy.rules)
  • 2848391 - ETPRO HUNTING Suspicious HTTP Header (URL) (hunting.rules)

Disabled and modified rules:

  • 2038972 - ET MALWARE SocGholish Domain in DNS Lookup (tutorials .girandolashutkindconstruction .com) (malware.rules)
  • 2039002 - ET MALWARE SocGholish Domain in DNS Lookup (logistics .socialtrendsmanagement .com) (malware.rules)
  • 2039003 - ET MALWARE SocGholish Domain in DNS Lookup (football .4tosocial .com) (malware.rules)
  • 2039004 - ET MALWARE SocGholish Domain in DNS Lookup (memorial .4tosocialprofessional .com) (malware.rules)
  • 2039757 - ET MALWARE SocGholish Domain in DNS Lookup (automatic .tworiversboats .com) (malware.rules)