Ruleset Update Summary - 2023/01/05 - v10212

rulesbot · January 5, 2023, 10:08pm

Summary:

24 new OPEN, 30 new PRO (24 + 6)

Thanks @James_inthe_box, @ViriBack

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

2043207 - ET MALWARE Donot APT Related Domain in DNS Lookup (soundvista .club) (malware.rules)
2043208 - ET MALWARE Donot APT Related Domain in DNS Lookup (resolverequest .live) (malware.rules)
2043209 - ET MALWARE Donot APT Related Domain in DNS Lookup (biteupdates .live) (malware.rules)
2043210 - ET MALWARE Donot APT Related Domain in DNS Lookup (biteupdates .site) (malware.rules)
2043211 - ET MALWARE Donot APT Related Domain in DNS Lookup (printerupdates .online) (malware.rules)
2043212 - ET MALWARE Donot APT Related Domain in DNS Lookup (printersolutions .live) (malware.rules)
2043213 - ET MALWARE Donot APT Related Domain in DNS Lookup (tplinkupdates .space) (malware.rules)
2043214 - ET MALWARE Donot APT Related Domain in DNS Lookup (packetbite .live) (malware.rules)
2043215 - ET MALWARE Donot APT Related Domain in DNS Lookup (lovingallupdates .life) (malware.rules)
2043216 - ET MALWARE AHK Bot Domain Profiler CnC Activity (malware.rules)
2043217 - ET MALWARE Golang/Sandcat Plugin Activity (POST) (malware.rules)
2043218 - ET MALWARE Win32/DarkCloud Exfil Over SMTP (Subject) (malware.rules)
2043219 - ET MALWARE Win32/DarkCloud Exfil Over SMTP (Body) (malware.rules)
2043220 - ET INFO Free File Hosting Domain in DNS Lookup (fileditch .com) (info.rules)
2043221 - ET MALWARE MintStealer Discord Activity (GET) (malware.rules)
2043222 - ET MALWARE MintStealer Discord Activity (GET) (malware.rules)
2043223 - ET MALWARE MintStealer CnC Activity (GET) (malware.rules)
2043224 - ET MALWARE MintStealer CnC Activity (GET) (malware.rules)
2043225 - ET MALWARE MintStealer CnC Activity (POST) (malware.rules)
2043226 - ET MALWARE Downloader/Linux.Agent CnC Domain (wget .hostname .help) in DNS Lookup (malware.rules)
2043227 - ET MALWARE Downloader/Linux.Agent CnC Domain (pateu .freevar .com) in DNS Lookup (malware.rules)
2043228 - ET EXPLOIT TIBCO JasperReports Directory Traversal Attempt (CVE-2018-18809) (exploit.rules)
2043229 - ET EXPLOIT TIBCO JasperReports Authenticated Arbitrary File Read Attempt (CVE-2018-5430) (exploit.rules)
2043230 - ET MALWARE Win32/Youtube Bot - CnC Checkin (malware.rules)

Pro:

2853007 - ETPRO MALWARE DonotGroup Backdoor Activity (POST) (malware.rules)
2853008 - ETPRO MALWARE AHK Bot Looper - Payload Request (malware.rules)
2853009 - ETPRO MALWARE AHK Bot Looper - Payload Request (malware.rules)
2853010 - ETPRO MALWARE AHK Bot Looper - Payload Request (malware.rules)
2853011 - ETPRO MALWARE AHK Bot Looper - Payload Request (malware.rules)
2853014 - ETPRO MALWARE MSIL/Kryptik.AHPT CnC Activity (GET) (malware.rules)

Modified active rules:

2034878 - ET MALWARE APT/Donot Group CnC Domain in DNS Lookup (request .soundedge .live) (malware.rules)

Modified inactive rules:

2034286 - ET MALWARE DonotGroup Maldoc Related Domain in DNS Lookup (digitalresolve .live) (malware.rules)

Disabled and modified rules:

2041783 - ET MALWARE TA569 Domain in DNS Lookup (ergpractice .com) (malware.rules)
2042993 - ET MALWARE SocGholish Domain in DNS Lookup (governing .beautynic .com) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/02/14 - v10243 Ruleset Updates	216	February 14, 2023
Ruleset Update Summary - 2023/01/09 - v10215 Ruleset Updates	312	January 9, 2023
Ruleset Update Summary - 2023/01/11 - v10217 Ruleset Updates	282	January 11, 2023
Ruleset Update Summary - 2023/02/22 - v10250 Ruleset Updates	359	February 22, 2023
Ruleset Update Summary - 2022/12/27 - v10205 Ruleset Updates	605	December 27, 2022