Ruleset Update Summary - 2023/01/30 - v10232

rulesbot · January 30, 2023, 10:34pm

Summary:

17 new OPEN, 32 new PRO (17 + 15)

Thanks @h2jazi, @k3yp0d

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

2044014 - ET INFO DYNAMIC_DNS Query to a *.dickeyfam .com domain (info.rules)
2044015 - ET INFO DYNAMIC_DNS HTTP Request to a *.dickeyfam .com domain (info.rules)
2044016 - ET INFO DYNAMIC_DNS Query to a *.trudireaume .com domain (info.rules)
2044017 - ET INFO DYNAMIC_DNS HTTP Request to a *.trudireaume .com domain (info.rules)
2044018 - ET INFO DYNAMIC_DNS Query to a *.tribeoftwo .com domain (info.rules)
2044019 - ET INFO DYNAMIC_DNS HTTP Request to a *.tribeoftwo .com domain (info.rules)
2044020 - ET INFO DYNAMIC_DNS Query to a *.gun .vn domain (info.rules)
2044021 - ET INFO DYNAMIC_DNS HTTP Request to a *.gun .vn domain (info.rules)
2044022 - ET MALWARE Observed APT Actor Payload Domain (archive-downloader .com in TLS SNI) (malware.rules)
2044023 - ET MALWARE Observed APT Actor Payload Domain (e-aks .uz in TLS SNI) (malware.rules)
2044024 - ET INFO Request for PDF via PowerShell (info.rules)
2044025 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win02 .xyz) in DNS Lookup (malware.rules)
2044026 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win03 .xyz) in DNS Lookup (malware.rules)
2044027 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win04 .xyz) in DNS Lookup (malware.rules)
2044028 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win01 .xyz) in DNS Lookup (malware.rules)
2044029 - ET PHISHING Successful AU myGov Credential Phish 2023-01-30 (phishing.rules)
2044030 - ET MALWARE SocGholish Domain in DNS Lookup (smiles .cahl4u .org) (malware.rules)

Pro:

2853251 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Small.ce CnC Domain in DNS Lookup (mobile_malware.rules)
2853252 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CMX CnC Domain in DNS Lookup (mobile_malware.rules)
2853253 - ETPRO MOBILE_MALWARE Android/Spy.Banker.BSH CnC Domain in DNS Lookup (mobile_malware.rules)
2853254 - ETPRO MOBILE_MALWARE Android.Joker.929 CnC Domain in DNS Lookup (mobile_malware.rules)
2853255 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Domain in DNS Lookup (mobile_malware.rules)
2853256 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.DWK CnC Domain in DNS Lookup (mobile_malware.rules)
2853257 - ETPRO MOBILE_MALWARE Android.Joker.780 CnC Domain in DNS Lookup (mobile_malware.rules)
2853258 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.atin CnC Domain in DNS Lookup (mobile_malware.rules)
2853259 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lc CnC Domain in DNS Lookup (mobile_malware.rules)
2853260 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.YF CnC Domain in DNS Lookup (mobile_malware.rules)
2853261 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.h CnC Domain in DNS Lookup (mobile_malware.rules)
2853262 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.ew CnC Domain in DNS Lookup (mobile_malware.rules)
2853263 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Soobek.a CnC Domain in DNS Lookup (mobile_malware.rules)
2853264 - ETPRO HUNTING Logo Request via Iconfinder from HTA (hunting.rules)
2853265 - ETPRO MALWARE APT Actor HTA Payload (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2022/12/14 - v10196 Ruleset Updates	315	December 14, 2022
Ruleset Update Summary - 2022/12/15 - v10197 Ruleset Updates	211	December 15, 2022
Ruleset Update Summary - 2023/02/22 - v10250 Ruleset Updates	303	February 22, 2023
Ruleset Update Summary - 2023/02/03 - v10236 Ruleset Updates	273	February 3, 2023
Ruleset Update Summary - 2022/11/30 - v10185 Ruleset Updates	290	November 30, 2022

Ruleset Update Summary - 2023/01/30 - v10232

Summary:

Added rules:

Open:

Pro:

Related Topics