Summary:
4 new OPEN, 5 new PRO (4 + 1)
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2043296 - ET INFO OneNote Notebook Downloaded via Powershell (info.rules)
- 2043304 - ET INFO Suspicious Large HTTP Header Key Observed - Possible Exploit Activity (info.rules)
- 2043305 - ET MALWARE Observed DNS Query to CnC Domain (StrongPity) (malware.rules)
- 2043306 - ET MALWARE Observed DNS Query to CnC Domain (StrongPity) (malware.rules)
Pro:
- 2853045 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-12 1) (coinminer.rules)
Modified active rules:
- 2029062 - ET MALWARE Legion Loader Activity Observed (YourUserAgent) (malware.rules)
- 2034200 - ET EXPLOIT TerraMaster TOS RCE via OS Command Injection Inbound (CVE-2020-28188) (exploit.rules)
Removed rules:
- 2043296 - ET MALWARE OneNote Notebook Downloaded via Powershell (malware.rules)