Summary:
22 new OPEN, 27 new PRO (22 + 5)
Thanks @boredhackerblog, @EclecticIQ, @1ZRR4H
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2043313 - ET MALWARE IcedID CnC Domain in DNS Lookup (pkusamain .cloud) (malware.rules)
- 2043314 - ET MALWARE IcedID CnC Domain in DNS Lookup (brakudafear .pics) (malware.rules)
- 2043315 - ET MALWARE IcedID CnC Domain in DNS Lookup (pahtafinlund .com) (malware.rules)
- 2043316 - ET MALWARE IcedID CnC Domain in DNS Lookup (owisportlittle .com) (malware.rules)
- 2043317 - ET MALWARE IcedID CnC Domain in DNS Lookup (nigaragusoups .com) (malware.rules)
- 2043318 - ET MALWARE IcedID CnC Domain in DNS Lookup (tonikantos .one) (malware.rules)
- 2043319 - ET MALWARE IcedID CnC Domain in DNS Lookup (needzolapa .com) (malware.rules)
- 2043320 - ET MALWARE IcedID CnC Domain in DNS Lookup (wendypior .ink) (malware.rules)
- 2043321 - ET MALWARE IcedID CnC Domain in DNS Lookup (avoymratax .com) (malware.rules)
- 2043322 - ET MALWARE IcedID CnC Domain in DNS Lookup (stillprunnert .com) (malware.rules)
- 2043323 - ET MALWARE IcedID CnC Domain in DNS Lookup (marmelokpa .com) (malware.rules)
- 2043324 - ET MALWARE IcedID CnC Domain in DNS Lookup (likasertik .shop) (malware.rules)
- 2043325 - ET MALWARE IcedID CnC Domain in DNS Lookup (trinazhkoma .club) (malware.rules)
- 2043326 - ET MALWARE IcedID CnC Domain in DNS Lookup (skafiparod .com) (malware.rules)
- 2043327 - ET MALWARE IcedID CnC Domain in DNS Lookup (apretakert .com) (malware.rules)
- 2043328 - ET MALWARE IcedID CnC Domain in DNS Lookup (wcollopracket .com) (malware.rules)
- 2043329 - ET INFO MSP360 Backup Service Domain in DNS Lookup (mspbackups .com) (info.rules)
- 2043330 - ET INFO Observed MSP360 Backup Service Domain (mspbackups .com in TLS SNI) (info.rules)
- 2043331 - ET HUNTING Observed Nighthawk 404 Server Response (hunting.rules)
- 2043332 - ET PHISHING EvilProxy AiTM Cookie Value M2 (phishing.rules)
- 2043333 - ET MALWARE Win32/Qakbot CnC Activity (POST) (malware.rules)
- 2043334 - ET MALWARE Possible Vidar Stealer C2 Config In Steam Profile (malware.rules)
Pro:
- 2853055 - ETPRO MALWARE Win32/MetaStealer Related Activity (GET) M2 (malware.rules)
- 2853056 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M2 (malware.rules)
- 2853057 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M3 (malware.rules)
- 2853058 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M4 (malware.rules)
- 2853059 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M5 (malware.rules)
Modified active rules:
- 2036592 - ET MALWARE Malicious ELF Activity (malware.rules)
- 2037850 - ET PHISHING [TW] EvilProxy AiTM Cookie Value M1 (phishing.rules)
- 2043308 - ET MALWARE Win32/Emotet CnC Activity M9 (POST) (malware.rules)
- 2043312 - ET MALWARE Magecart Skimmer CSS (malware.rules)
- 2851362 - ETPRO MALWARE Win32/MetaStealer Related Activity (GET) M1 (malware.rules)
- 2851363 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M1 (malware.rules)
- 2851550 - ETPRO MALWARE Win32/MetaStealer Fake Avast AV Update (GET) (malware.rules)
Removed rules:
- 2853050 - ETPRO INFO MSP360 Backup Service Domain in DNS Lookup (info.rules)
- 2853051 - ETPRO INFO Observed MSP360 Backup Service Domain (mspbackups .com in TLS SNI) (info.rules)