Summary:
17 new OPEN, 25 new PRO (17 + 8)
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2044061 - ET MALWARE UAC-0114/Winter Vivern Screenshot Upload M1 (malware.rules)
- 2044062 - ET MALWARE UAC-0114/Winter Vivern Screenshot Upload M2 (malware.rules)
- 2044063 - ET MALWARE UAC-0114/Winter Vivern File Exfilration (malware.rules)
- 2044064 - ET MALWARE UAC-0114/Winter Vivern CnC Activity (malware.rules)
- 2044065 - ET MALWARE Kakfum/COLDSTEEL CnC Beacon M3 (malware.rules)
- 2044066 - ET MALWARE Win32/Kumquat Loader Activity (Connect) (malware.rules)
- 2044067 - ET MALWARE Win32/Kumquat Loader Activity (Subscribe) (malware.rules)
- 2044068 - ET MALWARE Win32/Kumquat Loader Activity (Publish) (malware.rules)
- 2044069 - ET INFO RustDesk Check NAT Type (info.rules)
- 2044070 - ET INFO RustDesk Register Peer where serial=1 (info.rules)
- 2044071 - ET INFO RustDesk Register Peer where serial=0 (info.rules)
- 2044072 - ET INFO RustDesk Get Software Update URL (info.rules)
- 2044073 - ET INFO RustDesk Register Public Key (info.rules)
- 2044074 - ET INFO RustDesk Peer Discovery (pong) (info.rules)
- 2044075 - ET INFO RustDesk Peer Discovery (ping) (info.rules)
- 2044076 - ET INFO RustDesk Relay Domain in DNS Lookup (info.rules)
- 2044077 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC (malware.rules)
Pro:
- 2853293 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2853294 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2853295 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2853296 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2853297 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2853298 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2853299 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
- 2853300 - ETPRO MALWARE XWorm CnC Domain in DNS Lookup (malware.rules)