Ruleset Update Summary - 2023/01/10 - v10216

rulesbot · January 10, 2023, 10:07pm

Summary:

20 new OPEN, 23 new PRO (20 + 3)

Thanks @CPResearch, @360netlab

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

2043252 - ET INFO Delivr .to Phishing/Security Simulation Service Domain in DNS Lookup (delivrto .me) (info.rules)
2043253 - ET INFO Observed Delivr .to Phishing/Security Simulation Service Domain (delivrto .me in TLS SNI) (info.rules)
2043254 - ET POLICY Http Client Body contains upin= in cleartext (policy.rules)
2043255 - ET PHISHING Observed Phishing Domain in DNS Lookup (circle-ci .com) (phishing.rules)
2043256 - ET PHISHING Observed Phishing Domain in DNS Lookup (infollnes-r-us .co .uk) (phishing.rules)
2043257 - ET PHISHING Observed Phishing Domain in DNS Lookup (mcrsfts-passwdupdate .com) (phishing.rules)
2043258 - ET PHISHING Observed Phishing Domain in DNS Lookup (microsoftonlinesupport .cf) (phishing.rules)
2043259 - ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup (hunting.rules)
2043260 - ET MALWARE BLINDEAGLE CnC Domain (laminascol .linkpc .net) in DNS Lookup (malware.rules)
2043261 - ET MALWARE BLINDEAGLE CnC Domain (upxsystems .com) in DNS Lookup (malware.rules)
2043262 - ET MALWARE BLINDEAGLE CnC Domain (systemwin .linkpc .net) in DNS Lookup (malware.rules)
2043263 - ET MALWARE XDR33 CnC Server SSL Certificate Observed (malware.rules)
2043264 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043265 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043266 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043267 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043268 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043269 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043270 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043271 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)

Pro:

2853025 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-10 1) (coinminer.rules)
2853026 - ETPRO HUNTING Suspicious POST to Microsoft Domain (hunting.rules)
2853028 - ETPRO PHISHING Twitter Phish Landing Page 2022-01-10 (phishing.rules)

Disabled and modified rules:

2809176 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)
2809177 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest CookieSize Heap Overflow CVE-2014-6321 (exploit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/02/13 - v10242 Ruleset Updates	107	February 13, 2023
Ruleset Update Summary - 2022/12/05 - v10188 Ruleset Updates	331	December 5, 2022
Ruleset Update Summary - 2023/01/09 - v10215 Ruleset Updates	324	January 9, 2023
Ruleset Update Summary - 2022/12/16 - v10198 Ruleset Updates	218	December 16, 2022
Ruleset Update Summary - 2022/12/19 - v10199 Ruleset Updates	363	December 19, 2022