Ruleset Update Summary - 2023/01/06 - v10214

Ruleset Updates
1

Summary:

7 new OPEN, 14 new PRO (7 + 7)

Thanks @1ZRR4H, @Mandiant

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2043231 - ET MALWARE Redline Stealer TCP CnC Activity (malware.rules)
  • 2043232 - ET MALWARE Turla JS/Kopiluwak Sending Information (POST) (malware.rules)
  • 2043233 - ET MALWARE RedLine Stealer TCP CnC net.tcp Init (malware.rules)
  • 2043234 - ET MALWARE Redline Stealer TCP CnC - Id1Response (malware.rules)
  • 2043235 - ET MALWARE Win32/Generik.NWVMNHQ Variant Exfil (POST) (malware.rules)
  • 2043236 - ET MALWARE O97M/Sadoca.C!ml Checkin (malware.rules)
  • 2043237 - ET MALWARE Remote Utility Access Tool Key SMTP Exfil (malware.rules)

Pro:

  • 2853015 - ETPRO MALWARE AHK Bot - Logger Sending Data (malware.rules)
  • 2853016 - ETPRO MALWARE AHK Bot - Stealer Loader Payload Request (malware.rules)
  • 2853017 - ETPRO MALWARE AHK Bot - Logger Sending Data (malware.rules)
  • 2853018 - ETPRO MALWARE Win32/Remcos RAT Checkin 857 (malware.rules)
  • 2853019 - ETPRO PHISHING Observed DNS Query to DomBox Phishing Domain (2023-01-06) (phishing.rules)
  • 2853020 - ETPRO PHISHING Successful DomBox Credential Phish (2023-01-06) (phishing.rules)
  • 2853021 - ETPRO PHISHING Generic Phishing Page Inbound (2023-01-06) (phishing.rules)

Modified active rules:

  • 2841160 - ETPRO MALWARE RedLine - CnC Activity (malware.rules)
  • 2841435 - ETPRO MALWARE RedLine - GetSettings Request (malware.rules)
  • 2841436 - ETPRO MALWARE RedLine - GetSettings Response (malware.rules)
  • 2841437 - ETPRO MALWARE RedLine - GetTasks Response (malware.rules)
  • 2850142 - ETPRO MALWARE Redline Stealer TCP CnC - ExtensionDiscord (malware.rules)
  • 2850143 - ETPRO MALWARE Redline Stealer TCP CnC - ExtensionColdWallets (malware.rules)

Removed rules:

  • 2850027 - ETPRO MALWARE RedLine Stealer TCP CnC net.tcp Init (malware.rules)
  • 2850286 - ETPRO MALWARE Redline Stealer TCP CnC Activity (malware.rules)
  • 2850353 - ETPRO MALWARE Redline Stealer TCP CnC - Id1Response (malware.rules)