Ruleset Update Summary - 2023/02/07 - v10238

rulesbot · February 7, 2023, 9:43pm

Summary:

5 new OPEN, 20 new PRO (5 + 15)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

2044142 - ET PHISHING Possible Phishing Domain in DNS Lookup (c1 .biz) (phishing.rules)
2044143 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1 (exploit.rules)
2044144 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2 (exploit.rules)
2044145 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M3 (exploit.rules)
2044146 - ET MALWARE Win32/Disabler.NPR Checkin (malware.rules)

Pro:

2853334 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.i CnC Domain in DNS Lookup (mobile_malware.rules)
2853335 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Aples.b CnC Domain in DNS Lookup (mobile_malware.rules)
2853336 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Svpeng.ab Checkin (mobile_malware.rules)
2853337 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aujb CnC Domain in DNS Lookup (mobile_malware.rules)
2853338 - ETPRO MOBILE_MALWARE Observed Trojan.AndroidOS.Piom.aujb Domain in TLS SNI (mobile_malware.rules)
2853339 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Gigabud.a / Android/Spy.Agent.CNE Checkin via Websocket (mobile_malware.rules)
2853340 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Gigabud.a / Android/Spy.Agent.CNE Checkin via Websocket 2 (mobile_malware.rules)
2853341 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CKR Checkin (mobile_malware.rules)
2853342 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot Checkin (mobile_malware.rules)
2853343 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot Checkin 2 (mobile_malware.rules)
2853344 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot Checkin 3 (mobile_malware.rules)
2853345 - ETPRO MOBILE_MALWARE Android/Agent.EHA CnC Domain in DNS Lookup (mobile_malware.rules)
2853346 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CLW CnC Domain in DNS Lookup (mobile_malware.rules)
2853347 - ETPRO PHISHING Successful TA407 Credential Phish 2023-02-07 (phishing.rules)
2853348 - ETPRO MALWARE SocGholish CnC Initial Request M2 (malware.rules)

Disabled and modified rules:

2852921 - ETPRO MALWARE WasabiSeed Downloader Activity (GET) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/01/26 - v10230 Ruleset Updates	579	January 26, 2023
Ruleset Update Summary - 2022/11/24 - v10181 Ruleset Updates	215	November 24, 2022
Ruleset Update Summary - 2023/04/03 - v10283 Ruleset Updates	214	April 3, 2023
Ruleset Update Summary - 2023/03/01 - v10256 Ruleset Updates	159	March 1, 2023
Ruleset Update Summary - 2022/11/25 - v10182 Ruleset Updates	203	November 25, 2022