Summary:
14 new OPEN, 18 new PRO (14 + 4)
Thanks @SLASH30Miata, @NoahWolf, @jaydinbas
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2044031 - ET MALWARE GCleaner CnC Checkin M1 (malware.rules)
- 2044032 - ET MALWARE GCleaner Payload Retrieval Attempt (malware.rules)
- 2044033 - ET MALWARE GCleaner CnC Checkin M2 (malware.rules)
- 2044034 - ET MALWARE Potential GCleaner CnC Checkin (malware.rules)
- 2044035 - ET ADWARE_PUP Win32/VoipRaider Data Collection Attempt (adware_pup.rules)
- 2044036 - ET PHISHING Successful VyStar CU Credential Phish 2023-01-31 (phishing.rules)
- 2044037 - ET MALWARE GCleaner Downloader - Payload Response (malware.rules)
- 2044038 - ET ADWARE_PUP BoostBeast Task Request M1 (adware_pup.rules)
- 2044039 - ET ADWARE_PUP BoostBeast Task Request M2 (adware_pup.rules)
- 2044040 - ET ADWARE_PUP BoostBeast Checkin M1 (adware_pup.rules)
- 2044041 - ET ADWARE_PUP BoostBeast Checkin M2 (adware_pup.rules)
- 2044042 - ET ADWARE_PUP BoostBeast Task Response (adware_pup.rules)
- 2044043 - ET INFO Observed Notion Notes Taking App Domain (api .notion .com in TLS SNI) (info.rules)
- 2044044 - ET MALWARE Suspected Lazarus APT Related Activity (GET) (malware.rules)
Pro:
- 2853266 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.td CnC Domain in DNS Lookup (mobile_malware.rules)
- 2853267 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-01-30 1) (coinminer.rules)
- 2853268 - ETPRO MALWARE Suspected VBS/Backdoor Activity (GET) (malware.rules)
- 2853269 - ETPRO MALWARE Suspected VBS/Backdoor Activity (POST) (malware.rules)
Removed rules:
- 2852925 - ETPRO MALWARE GCleaner Downloader - Payload Response (malware.rules)