Ruleset Update Summary - 2023/01/23 - v10226

Summary:

36 new OPEN, 40 new PRO (36 + 4)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2043423 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (tuic .salome .my .id) (info.rules)
  • 2043424 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (doh .ubd .ac .id) (info.rules)
  • 2043425 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns-family .esegece .com) (info.rules)
  • 2043426 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (safe .kswro .web .id) (info.rules)
  • 2043427 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .5ososea .com) (info.rules)
  • 2043428 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (anggityuls .my .id) (info.rules)
  • 2043429 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (soay38us0r7goa7 .cmsdp .my .id) (info.rules)
  • 2043430 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .esegece .com) (info.rules)
  • 2043431 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (rdns .faelix .net) (info.rules)
  • 2043432 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (opennic .i2pd .xyz) (info.rules)
  • 2043433 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (doh .dns .sb, doh .sb) (info.rules)
  • 2043434 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .gnb09 .id) (info.rules)
  • 2043435 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (kswro .web .id) (info.rules)
  • 2043436 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .spil .co .id) (info.rules)
  • 2043437 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (dns .vmath .my .id) (info.rules)
  • 2043438 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (d .apemlegit .my .id) (info.rules)
  • 2043439 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (lionaiothai .com) in DNS Lookup (mobile_malware.rules)
  • 2043440 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (cmnb9 .cc) in DNS Lookup (mobile_malware.rules)
  • 2043441 - ET MOBILE_MALWARE Android/Gigabud CnC Domain (bweri6 .cc) in DNS Lookup (mobile_malware.rules)
  • 2043442 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M1 (mobile_malware.rules)
  • 2043443 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M2 (mobile_malware.rules)
  • 2043444 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M3 (mobile_malware.rules)
  • 2043445 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M4 (mobile_malware.rules)
  • 2043446 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M5 (mobile_malware.rules)
  • 2043447 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M6 (mobile_malware.rules)
  • 2043448 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M7 (mobile_malware.rules)
  • 2043449 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M8 (mobile_malware.rules)
  • 2043450 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M9 (mobile_malware.rules)
  • 2043451 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M10 (mobile_malware.rules)
  • 2043452 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M11 (mobile_malware.rules)
  • 2043453 - ET MOBILE_MALWARE Android/Gigabud CnC Check-in M12 (mobile_malware.rules)
  • 2043454 - ET PHISHING Successful Banco Galacia Credential Phish 2023-01-23 (phishing.rules)
  • 2043455 - ET MALWARE Win32/Sventore.B CnC Checkin (malware.rules)
  • 2043456 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .market .dentureforfree .online) (malware.rules)
  • 2043457 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rendezvous .tophandsome .gay) (malware.rules)
  • 2043458 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .signing .unitynotarypublic .com) (malware.rules)

Pro:

  • 2853073 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-20 1) (coinminer.rules)
  • 2853076 - ETPRO PHISHING Amazon Phish Landing Page 2023-01-23 (phishing.rules)