Ruleset Update Summary - 2022/12/30 - v10208

rulesbot · December 30, 2022, 10:20pm

Summary:

59 new OPEN, 63 new PRO (59 + 4)

Thanks @birchb0y, @Securelist, tweedge

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

There will be no signature release on Monday, January 2, 2023 due to New Year holiday observance.

Added rules:

Open:

2043102 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-schnellvpn .com) (malware.rules)
2043103 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-schnellvpn .com) (malware.rules)
2043104 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-service .com) (malware.rules)
2043105 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-blog .xyz) (malware.rules)
2043106 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-blog .com) (malware.rules)
2043107 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-chat .xyz) (malware.rules)
2043108 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-blog .com) (malware.rules)
2043109 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-blog .com) (malware.rules)
2043110 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-chat .com) (malware.rules)
2043111 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-schnellvpn .xyz) (malware.rules)
2043112 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-schnellvpn .com) (malware.rules)
2043113 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-endpoint .xyz) (malware.rules)
2043114 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-cdn .xyz) (malware.rules)
2043115 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-blog .xyz) (malware.rules)
2043116 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-endpoint .com) (malware.rules)
2043117 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-cdn .xyz) (malware.rules)
2043118 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-cdn .xyz) (malware.rules)
2043119 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-endpoint .com) (malware.rules)
2043120 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-schnellvpn .xyz) (malware.rules)
2043121 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-schnellvpn .xyz) (malware.rules)
2043122 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-chat .xyz) (malware.rules)
2043123 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-cdn .com) (malware.rules)
2043124 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-blog .xyz) (malware.rules)
2043125 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-schnellvpn .com) (malware.rules)
2043126 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-blog .com) (malware.rules)
2043127 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-endpoint .com) (malware.rules)
2043128 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-endpoint .xyz) (malware.rules)
2043129 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-endpoint .xyz) (malware.rules)
2043130 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-cdn .com) (malware.rules)
2043131 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-cdn .xyz) (malware.rules)
2043132 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-endpoint .com) (malware.rules)
2043133 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-chat .com) (malware.rules)
2043134 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-blog .xyz) (malware.rules)
2043135 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-endpoint .com) (malware.rules)
2043136 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-blog .com) (malware.rules)
2043137 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-cdn .com) (malware.rules)
2043138 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-endpoint .xyz) (malware.rules)
2043139 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-cdn .com) (malware.rules)
2043140 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-schnellvpn .xyz) (malware.rules)
2043141 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-chat .xyz) (malware.rules)
2043142 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-chat .com) (malware.rules)
2043143 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-blog .xyz) (malware.rules)
2043144 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (fairu-chat .xyz) (malware.rules)
2043145 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-endpoint .xyz) (malware.rules)
2043146 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-cdn .com) (malware.rules)
2043147 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-schnellvpn .com) (malware.rules)
2043148 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (bideo-chat .com) (malware.rules)
2043149 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (privatproxy-cdn .xyz) (malware.rules)
2043150 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-chat .com) (malware.rules)
2043151 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (wmail-schnellvpn .xyz) (malware.rules)
2043152 - ET MALWARE ViperSoftX CnC Domain in DNS Lookup (ahoravideo-chat .xyz) (malware.rules)
2043153 - ET MALWARE ViperSoftX HTTP CnC Activity (malware.rules)
2043154 - ET MALWARE TA444 Domain in DNS Lookup (hoststudio .org) (malware.rules)
2043155 - ET MALWARE TA444 Domain in DNS Lookup (updatezone .org) (malware.rules)
2043156 - ET MALWARE TA444 Related Activity (POST) (malware.rules)
2043157 - ET MALWARE TA444 Related CnC Payload Request (malware.rules)
2043158 - ET MALWARE SocGholish Domain in DNS Lookup (canonical .fmunews .com) (malware.rules)
2043159 - ET MALWARE SocGholish Domain in DNS Lookup (kinematics .starmidwest .com) (malware.rules)
2043160 - ET MALWARE SocGholish Domain in DNS Lookup (passphrase .singinganewsong .com) (malware.rules)

Pro:

2852989 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-12-29 1) (coinminer.rules)
2852990 - ETPRO ATTACK_RESPONSE PowerShell Decoder Leading to .NET Reflection Inbound M1 (attack_response.rules)
2852991 - ETPRO MALWARE PurpleFox Backdoor/Rootkit Checkin M4 (malware.rules)
2852992 - ETPRO MALWARE Win32/Remcos RAT Checkin 856 (malware.rules)

Disabled and modified rules:

2809168 - ETPRO WEB_CLIENT Malformed MP4 Possible Adobe FlashPlayer CVE-2014-0553 (web_client.rules)
2820586 - ETPRO MALWARE Win32/TrojanDownloader.IndigoRose.R Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/01/05 - v10212 Ruleset Updates	260	January 5, 2023
Ruleset Update Summary - 2023/02/22 - v10250 Ruleset Updates	305	February 22, 2023
Ruleset Update Summary - 2023/02/14 - v10243 Ruleset Updates	198	February 14, 2023
Ruleset Update Summary - 2023/01/18 - v10223 Ruleset Updates	387	January 18, 2023
Ruleset Update Summary - 2023/03/08 - v10261 Ruleset Updates	300	March 8, 2023