Summary:
20 new OPEN, 23 new PRO (20 + 3)
Thanks @CPResearch, @360netlab
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2043252 - ET INFO Delivr .to Phishing/Security Simulation Service Domain in DNS Lookup (delivrto .me) (info.rules)
- 2043253 - ET INFO Observed Delivr .to Phishing/Security Simulation Service Domain (delivrto .me in TLS SNI) (info.rules)
- 2043254 - ET POLICY Http Client Body contains upin= in cleartext (policy.rules)
- 2043255 - ET PHISHING Observed Phishing Domain in DNS Lookup (circle-ci .com) (phishing.rules)
- 2043256 - ET PHISHING Observed Phishing Domain in DNS Lookup (infollnes-r-us .co .uk) (phishing.rules)
- 2043257 - ET PHISHING Observed Phishing Domain in DNS Lookup (mcrsfts-passwdupdate .com) (phishing.rules)
- 2043258 - ET PHISHING Observed Phishing Domain in DNS Lookup (microsoftonlinesupport .cf) (phishing.rules)
- 2043259 - ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup (hunting.rules)
- 2043260 - ET MALWARE BLINDEAGLE CnC Domain (laminascol .linkpc .net) in DNS Lookup (malware.rules)
- 2043261 - ET MALWARE BLINDEAGLE CnC Domain (upxsystems .com) in DNS Lookup (malware.rules)
- 2043262 - ET MALWARE BLINDEAGLE CnC Domain (systemwin .linkpc .net) in DNS Lookup (malware.rules)
- 2043263 - ET MALWARE XDR33 CnC Server SSL Certificate Observed (malware.rules)
- 2043264 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2043265 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2043266 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2043267 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2043268 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2043269 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2043270 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2043271 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
Pro:
- 2853025 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-10 1) (coinminer.rules)
- 2853026 - ETPRO HUNTING Suspicious POST to Microsoft Domain (hunting.rules)
- 2853028 - ETPRO PHISHING Twitter Phish Landing Page 2022-01-10 (phishing.rules)
Disabled and modified rules:
- 2809176 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
- 2809177 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)