Summary:
8 new OPEN, 12 new PRO (8 + 4)
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2042994 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
- 2042995 - ET MALWARE Gamaredon APT Related Activity (POST) (malware.rules)
- 2042996 - ET PHISHING Socios Credential Phish Landing Page 2022-12-22 (phishing.rules)
- 2042997 - ET INFO Cloud IPFS Service Domain in DNS Lookup (fleek .co) (info.rules)
- 2042998 - ET MALWARE SocGholish Domain in DNS Lookup (office .cdsigner .com) (malware.rules)
- 2042999 - ET MALWARE SocGholish Domain in DNS Lookup (group5 .corralphacap .com) (malware.rules)
- 2043000 - ET MALWARE SocGholish Domain in DNS Lookup (navyseal .digijump .online) (malware.rules)
- 2043001 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .shrubs .emptyisland .pics) (malware.rules)
Pro:
- 2852976 - ETPRO MALWARE Win32/BeamWinHTTP CnC Activity M1 (POST) (malware.rules)
- 2852977 - ETPRO MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) (malware.rules)
- 2852978 - ETPRO MALWARE Win32/BeamWinHTTP CnC Activity M3 (POST) (malware.rules)
- 2852979 - ETPRO MALWARE Win32/Fabookie.ek CnC Response (malware.rules)
Modified active rules:
- 2835370 - ETPRO PHISHING Successful Smartsheet Phish 2019-03-14 (phishing.rules)
- 2844875 - ETPRO PHISHING Successful Sharepoint Phish 2020-10-09 (phishing.rules)
Disabled and modified rules:
- 2039830 - ET MALWARE SocGholish Domain in DNS Lookup (dashboard .skybacherslocker .com) (malware.rules)