Summary:
7 new OPEN, 8 new PRO (7 + 1)
Thanks @eSentire, @DidierStevens, @malware_traffic
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2042536 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (aloyadakmashin .com) (malware.rules)
- 2042537 - ET MALWARE Cobalt Strike Related Domain in DNS Lookup (pejapezey .com) (malware.rules)
- 2042538 - ET MALWARE Cobalt Strike Related Activity (GET) (malware.rules)
- 2042539 - ET INFO Suspected Phishing Simulation Related Request (GET) (info.rules)
- 2042540 - ET MALWARE Win32/DolphinCape Activity (POST) (malware.rules)
- 2042541 - ET MALWARE JS/GootLoader CnC Exfil (malware.rules)
- 2042542 - ET MALWARE Observed Pirate Stealer Domain in DNS Lookup (socket .bby .gg) (malware.rules)
Pro:
- 2852934 - ETPRO MALWARE Win32/Pirate Stealer CnC Exfil (POST) (malware.rules)
Modified active rules:
- 2008987 - ET POLICY IP Check Domain (showip in HTTP Host) (policy.rules)
- 2848391 - ETPRO HUNTING Suspicious HTTP Header (URL) (hunting.rules)
Disabled and modified rules:
- 2038972 - ET MALWARE SocGholish Domain in DNS Lookup (tutorials .girandolashutkindconstruction .com) (malware.rules)
- 2039002 - ET MALWARE SocGholish Domain in DNS Lookup (logistics .socialtrendsmanagement .com) (malware.rules)
- 2039003 - ET MALWARE SocGholish Domain in DNS Lookup (football .4tosocial .com) (malware.rules)
- 2039004 - ET MALWARE SocGholish Domain in DNS Lookup (memorial .4tosocialprofessional .com) (malware.rules)
- 2039757 - ET MALWARE SocGholish Domain in DNS Lookup (automatic .tworiversboats .com) (malware.rules)