Ruleset Update Summary - 2023/01/17 - v10222

Summary:

6 new OPEN, 14 new PRO (6 + 8)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2043307 - ET MALWARE Magecart Skimmer Domain in DNS Lookup (magento-cdn .net) (malware.rules)
  • 2043308 - ET MALWARE Win32/Emotet CnC Activity M9 (POST) (malware.rules)
  • 2043309 - ET MALWARE Observed DNS Query to Mirai Domain (miraistealer .xyz) (malware.rules)
  • 2043310 - ET HUNTING DDoS-Guard Hosted Content (hunting.rules)
  • 2043311 - ET MALWARE Magecart Loader Javascript (malware.rules)
  • 2043312 - ET MALWARE Magecart Skimmer CSS (malware.rules)

Pro:

  • 2853046 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-17 1) (coinminer.rules)
  • 2853047 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-17 2) (coinminer.rules)
  • 2853048 - ETPRO MALWARE Win32/Remcos RAT Checkin 858 (malware.rules)
  • 2853049 - ETPRO INFO Powershell in DNS TXT Record Response (info.rules)
  • 2853050 - ETPRO INFO MSP360 Backup Service Domain in DNS Lookup (info.rules)
  • 2853051 - ETPRO INFO Observed MSP360 Backup Service Domain (mspbackups .com in TLS SNI) (info.rules)
  • 2853052 - ETPRO MALWARE DarkCloudBot Stealer Exfil via Telegram M2 (malware.rules)
  • 2853053 - ETPRO MALWARE Ursnif TDS URI pattern observed (malware.rules)

Modified active rules:

  • 2849591 - ETPRO MALWARE DarkCloudBot Stealer Exfil via Telegram M1 (malware.rules)