Ruleset Update Summary - 2023/01/18 - v10223

rulesbot · January 18, 2023, 10:07pm

Summary:

22 new OPEN, 27 new PRO (22 + 5)

Thanks @boredhackerblog, @EclecticIQ, @1ZRR4H

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

2043313 - ET MALWARE IcedID CnC Domain in DNS Lookup (pkusamain .cloud) (malware.rules)
2043314 - ET MALWARE IcedID CnC Domain in DNS Lookup (brakudafear .pics) (malware.rules)
2043315 - ET MALWARE IcedID CnC Domain in DNS Lookup (pahtafinlund .com) (malware.rules)
2043316 - ET MALWARE IcedID CnC Domain in DNS Lookup (owisportlittle .com) (malware.rules)
2043317 - ET MALWARE IcedID CnC Domain in DNS Lookup (nigaragusoups .com) (malware.rules)
2043318 - ET MALWARE IcedID CnC Domain in DNS Lookup (tonikantos .one) (malware.rules)
2043319 - ET MALWARE IcedID CnC Domain in DNS Lookup (needzolapa .com) (malware.rules)
2043320 - ET MALWARE IcedID CnC Domain in DNS Lookup (wendypior .ink) (malware.rules)
2043321 - ET MALWARE IcedID CnC Domain in DNS Lookup (avoymratax .com) (malware.rules)
2043322 - ET MALWARE IcedID CnC Domain in DNS Lookup (stillprunnert .com) (malware.rules)
2043323 - ET MALWARE IcedID CnC Domain in DNS Lookup (marmelokpa .com) (malware.rules)
2043324 - ET MALWARE IcedID CnC Domain in DNS Lookup (likasertik .shop) (malware.rules)
2043325 - ET MALWARE IcedID CnC Domain in DNS Lookup (trinazhkoma .club) (malware.rules)
2043326 - ET MALWARE IcedID CnC Domain in DNS Lookup (skafiparod .com) (malware.rules)
2043327 - ET MALWARE IcedID CnC Domain in DNS Lookup (apretakert .com) (malware.rules)
2043328 - ET MALWARE IcedID CnC Domain in DNS Lookup (wcollopracket .com) (malware.rules)
2043329 - ET INFO MSP360 Backup Service Domain in DNS Lookup (mspbackups .com) (info.rules)
2043330 - ET INFO Observed MSP360 Backup Service Domain (mspbackups .com in TLS SNI) (info.rules)
2043331 - ET HUNTING Observed Nighthawk 404 Server Response (hunting.rules)
2043332 - ET PHISHING EvilProxy AiTM Cookie Value M2 (phishing.rules)
2043333 - ET MALWARE Win32/Qakbot CnC Activity (POST) (malware.rules)
2043334 - ET MALWARE Possible Vidar Stealer C2 Config In Steam Profile (malware.rules)

Pro:

2853055 - ETPRO MALWARE Win32/MetaStealer Related Activity (GET) M2 (malware.rules)
2853056 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M2 (malware.rules)
2853057 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M3 (malware.rules)
2853058 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M4 (malware.rules)
2853059 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M5 (malware.rules)

Modified active rules:

2036592 - ET MALWARE Malicious ELF Activity (malware.rules)
2037850 - ET PHISHING [TW] EvilProxy AiTM Cookie Value M1 (phishing.rules)
2043308 - ET MALWARE Win32/Emotet CnC Activity M9 (POST) (malware.rules)
2043312 - ET MALWARE Magecart Skimmer CSS (malware.rules)
2851362 - ETPRO MALWARE Win32/MetaStealer Related Activity (GET) M1 (malware.rules)
2851363 - ETPRO MALWARE Win32/MetaStealer Related Activity (POST) M1 (malware.rules)
2851550 - ETPRO MALWARE Win32/MetaStealer Fake Avast AV Update (GET) (malware.rules)

Removed rules:

2853050 - ETPRO INFO MSP360 Backup Service Domain in DNS Lookup (info.rules)
2853051 - ETPRO INFO Observed MSP360 Backup Service Domain (mspbackups .com in TLS SNI) (info.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/02/14 - v10243 Ruleset Updates	198	February 14, 2023
Ruleset Update Summary - 2023/03/24 - v10277 Ruleset Updates	262	March 24, 2023
Ruleset Update Summary - 2023/01/09 - v10215 Ruleset Updates	251	January 9, 2023
Ruleset Update Summary - 2023/02/22 - v10250 Ruleset Updates	303	February 22, 2023
Ruleset Update Summary - 2023/02/01 - v10234 Ruleset Updates	197	February 1, 2023