Summary:
6 new OPEN, 14 new PRO (6 + 8)
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2043307 - ET MALWARE Magecart Skimmer Domain in DNS Lookup (magento-cdn .net) (malware.rules)
- 2043308 - ET MALWARE Win32/Emotet CnC Activity M9 (POST) (malware.rules)
- 2043309 - ET MALWARE Observed DNS Query to Mirai Domain (miraistealer .xyz) (malware.rules)
- 2043310 - ET HUNTING DDoS-Guard Hosted Content (hunting.rules)
- 2043311 - ET MALWARE Magecart Loader Javascript (malware.rules)
- 2043312 - ET MALWARE Magecart Skimmer CSS (malware.rules)
Pro:
- 2853046 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-17 1) (coinminer.rules)
- 2853047 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-17 2) (coinminer.rules)
- 2853048 - ETPRO MALWARE Win32/Remcos RAT Checkin 858 (malware.rules)
- 2853049 - ETPRO INFO Powershell in DNS TXT Record Response (info.rules)
- 2853050 - ETPRO INFO MSP360 Backup Service Domain in DNS Lookup (info.rules)
- 2853051 - ETPRO INFO Observed MSP360 Backup Service Domain (mspbackups .com in TLS SNI) (info.rules)
- 2853052 - ETPRO MALWARE DarkCloudBot Stealer Exfil via Telegram M2 (malware.rules)
- 2853053 - ETPRO MALWARE Ursnif TDS URI pattern observed (malware.rules)
Modified active rules:
- 2849591 - ETPRO MALWARE DarkCloudBot Stealer Exfil via Telegram M1 (malware.rules)