Ruleset Update Summary - 2023/01/30 - v10232

Summary:

17 new OPEN, 32 new PRO (17 + 15)

Thanks @h2jazi, @k3yp0d

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2044014 - ET INFO DYNAMIC_DNS Query to a *.dickeyfam .com domain (info.rules)
  • 2044015 - ET INFO DYNAMIC_DNS HTTP Request to a *.dickeyfam .com domain (info.rules)
  • 2044016 - ET INFO DYNAMIC_DNS Query to a *.trudireaume .com domain (info.rules)
  • 2044017 - ET INFO DYNAMIC_DNS HTTP Request to a *.trudireaume .com domain (info.rules)
  • 2044018 - ET INFO DYNAMIC_DNS Query to a *.tribeoftwo .com domain (info.rules)
  • 2044019 - ET INFO DYNAMIC_DNS HTTP Request to a *.tribeoftwo .com domain (info.rules)
  • 2044020 - ET INFO DYNAMIC_DNS Query to a *.gun .vn domain (info.rules)
  • 2044021 - ET INFO DYNAMIC_DNS HTTP Request to a *.gun .vn domain (info.rules)
  • 2044022 - ET MALWARE Observed APT Actor Payload Domain (archive-downloader .com in TLS SNI) (malware.rules)
  • 2044023 - ET MALWARE Observed APT Actor Payload Domain (e-aks .uz in TLS SNI) (malware.rules)
  • 2044024 - ET INFO Request for PDF via PowerShell (info.rules)
  • 2044025 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win02 .xyz) in DNS Lookup (malware.rules)
  • 2044026 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win03 .xyz) in DNS Lookup (malware.rules)
  • 2044027 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win04 .xyz) in DNS Lookup (malware.rules)
  • 2044028 - ET MALWARE ConnectWise ScreenConnect Payload Delivery Domain (win01 .xyz) in DNS Lookup (malware.rules)
  • 2044029 - ET PHISHING Successful AU myGov Credential Phish 2023-01-30 (phishing.rules)
  • 2044030 - ET MALWARE SocGholish Domain in DNS Lookup (smiles .cahl4u .org) (malware.rules)

Pro:

  • 2853251 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Small.ce CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853252 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CMX CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853253 - ETPRO MOBILE_MALWARE Android/Spy.Banker.BSH CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853254 - ETPRO MOBILE_MALWARE Android.Joker.929 CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853255 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Boogr.gsh CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853256 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Agent.DWK CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853257 - ETPRO MOBILE_MALWARE Android.Joker.780 CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853258 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.atin CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853259 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lc CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853260 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.YF CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853261 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.h CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853262 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.ew CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853263 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Soobek.a CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853264 - ETPRO HUNTING Logo Request via Iconfinder from HTA (hunting.rules)
  • 2853265 - ETPRO MALWARE APT Actor HTA Payload (malware.rules)