Summary:
5 new OPEN, 10 new PRO (5 + 5)
Thanks @jay_townsend1
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2043202 - ET MALWARE Rhadamanthys Stealer - Payload Download Request (malware.rules)
- 2043203 - ET MALWARE Win32/Aurora Stealer Sending System Information (malware.rules)
- 2043204 - ET MALWARE Observed PyPI Malicious Library Payload Delivery Domain (h4ck .cfd) Domain in DNS Lookup (malware.rules)
- 2043205 - ET MALWARE Observed PyPI Malicious Library Payload Delivery Domain (h4ck .cfd in TLS SNI) (malware.rules)
- 2043206 - ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2 (malware.rules)
Pro:
- 2853001 - ETPRO MALWARE Rhadamanthys Stealer - Payload Response (malware.rules)
- 2853002 - ETPRO MALWARE Rhadamanthys Stealer - Data Exfil (malware.rules)
- 2853003 - ETPRO MALWARE DonotGroup Backdoor Activity (POST) (malware.rules)
- 2853004 - ETPRO MALWARE DonotGroup Backdoor Activity (POST) (malware.rules)
- 2853006 - ETPRO MALWARE Snake Keylogger Telegram Exfil (malware.rules)
Modified active rules:
- 2013097 - ET INFO DYNAMIC_DNS HTTP Request to a .dyndns. domain (info.rules)
- 2039423 - ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M1 (malware.rules)
- 2041120 - ET MALWARE DonotGroup Backdoor Activity (POST) (malware.rules)
- 2042688 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain (info.rules)