Ruleset Update Summary - 2023/01/10 - v10216

Ruleset Updates
1

Summary:

20 new OPEN, 23 new PRO (20 + 3)

Thanks @CPResearch, @360netlab

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2043252 - ET INFO Delivr .to Phishing/Security Simulation Service Domain in DNS Lookup (delivrto .me) (info.rules)
  • 2043253 - ET INFO Observed Delivr .to Phishing/Security Simulation Service Domain (delivrto .me in TLS SNI) (info.rules)
  • 2043254 - ET POLICY Http Client Body contains upin= in cleartext (policy.rules)
  • 2043255 - ET PHISHING Observed Phishing Domain in DNS Lookup (circle-ci .com) (phishing.rules)
  • 2043256 - ET PHISHING Observed Phishing Domain in DNS Lookup (infollnes-r-us .co .uk) (phishing.rules)
  • 2043257 - ET PHISHING Observed Phishing Domain in DNS Lookup (mcrsfts-passwdupdate .com) (phishing.rules)
  • 2043258 - ET PHISHING Observed Phishing Domain in DNS Lookup (microsoftonlinesupport .cf) (phishing.rules)
  • 2043259 - ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup (hunting.rules)
  • 2043260 - ET MALWARE BLINDEAGLE CnC Domain (laminascol .linkpc .net) in DNS Lookup (malware.rules)
  • 2043261 - ET MALWARE BLINDEAGLE CnC Domain (upxsystems .com) in DNS Lookup (malware.rules)
  • 2043262 - ET MALWARE BLINDEAGLE CnC Domain (systemwin .linkpc .net) in DNS Lookup (malware.rules)
  • 2043263 - ET MALWARE XDR33 CnC Server SSL Certificate Observed (malware.rules)
  • 2043264 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2043265 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2043266 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2043267 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2043268 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2043269 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2043270 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2043271 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)

Pro:

  • 2853025 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-10 1) (coinminer.rules)
  • 2853026 - ETPRO HUNTING Suspicious POST to Microsoft Domain (hunting.rules)
  • 2853028 - ETPRO PHISHING Twitter Phish Landing Page 2022-01-10 (phishing.rules)

Disabled and modified rules:

  • 2809176 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
  • 2809177 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)