Ruleset Update Summary - 2023/02/02 - v10235

Summary:

17 new OPEN, 25 new PRO (17 + 8)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2044061 - ET MALWARE UAC-0114/Winter Vivern Screenshot Upload M1 (malware.rules)
  • 2044062 - ET MALWARE UAC-0114/Winter Vivern Screenshot Upload M2 (malware.rules)
  • 2044063 - ET MALWARE UAC-0114/Winter Vivern File Exfilration (malware.rules)
  • 2044064 - ET MALWARE UAC-0114/Winter Vivern CnC Activity (malware.rules)
  • 2044065 - ET MALWARE Kakfum/COLDSTEEL CnC Beacon M3 (malware.rules)
  • 2044066 - ET MALWARE Win32/Kumquat Loader Activity (Connect) (malware.rules)
  • 2044067 - ET MALWARE Win32/Kumquat Loader Activity (Subscribe) (malware.rules)
  • 2044068 - ET MALWARE Win32/Kumquat Loader Activity (Publish) (malware.rules)
  • 2044069 - ET INFO RustDesk Check NAT Type (info.rules)
  • 2044070 - ET INFO RustDesk Register Peer where serial=1 (info.rules)
  • 2044071 - ET INFO RustDesk Register Peer where serial=0 (info.rules)
  • 2044072 - ET INFO RustDesk Get Software Update URL (info.rules)
  • 2044073 - ET INFO RustDesk Register Public Key (info.rules)
  • 2044074 - ET INFO RustDesk Peer Discovery (pong) (info.rules)
  • 2044075 - ET INFO RustDesk Peer Discovery (ping) (info.rules)
  • 2044076 - ET INFO RustDesk Relay Domain in DNS Lookup (info.rules)
  • 2044077 - ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC (malware.rules)

Pro:

  • 2853293 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2853294 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2853295 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2853296 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2853297 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2853298 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2853299 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2853300 - ETPRO MALWARE XWorm CnC Domain in DNS Lookup (malware.rules)