Ruleset Update Summary - 2022/12/16 - v10198

Summary:

3 new OPEN, 4 new PRO (3 + 1)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2042956 - ET EXPLOIT Observed Mirai/Gafgyt Post Brute Force Activity (GET) (exploit.rules)
  • 2042957 - ET MALWARE Observed Malicious Mustang Panda APT Related SSL Cert (File Transfer Service) (malware.rules)
  • 2042958 - ET MALWARE Win32/PSW.LdPinch CnC Checkin (malware.rules)

Pro:

  • 2852956 - ETPRO PHISHING Successful Wells Fargo Credential Phish 2022-12-16 (phishing.rules)

Modified active rules:

  • 2036603 - ET MALWARE Restylink Domain in DNS Lookup (differentfor .com) (malware.rules)
  • 2036604 - ET MALWARE Restylink Domain in DNS Lookup (mbusabc .com) (malware.rules)
  • 2036605 - ET MALWARE Restylink Domain in DNS Lookup (disknxt .com) (malware.rules)
  • 2036606 - ET MALWARE Restylink Domain in DNS Lookup (officehoster .com) (malware.rules)
  • 2036607 - ET MALWARE Restylink Domain in DNS Lookup (spffusa .org) (malware.rules)
  • 2036608 - ET MALWARE Restylink Domain in DNS Lookup (sseekk .xyz) (malware.rules)
  • 2036609 - ET MALWARE Restylink Domain in DNS Lookup (youmiuri .com) (malware.rules)
  • 2852953 - ETPRO MALWARE Qbot Style Payload Request (malware.rules)