Ruleset Update Summary - 2023/02/07 - v10238

Summary:

5 new OPEN, 20 new PRO (5 + 15)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2044142 - ET PHISHING Possible Phishing Domain in DNS Lookup (c1 .biz) (phishing.rules)
  • 2044143 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1 (exploit.rules)
  • 2044144 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2 (exploit.rules)
  • 2044145 - ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M3 (exploit.rules)
  • 2044146 - ET MALWARE Win32/Disabler.NPR Checkin (malware.rules)

Pro:

  • 2853334 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.i CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853335 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Aples.b CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853336 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Svpeng.ab Checkin (mobile_malware.rules)
  • 2853337 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aujb CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853338 - ETPRO MOBILE_MALWARE Observed Trojan.AndroidOS.Piom.aujb Domain in TLS SNI (mobile_malware.rules)
  • 2853339 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Gigabud.a / Android/Spy.Agent.CNE Checkin via Websocket (mobile_malware.rules)
  • 2853340 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Gigabud.a / Android/Spy.Agent.CNE Checkin via Websocket 2 (mobile_malware.rules)
  • 2853341 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CKR Checkin (mobile_malware.rules)
  • 2853342 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot Checkin (mobile_malware.rules)
  • 2853343 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot Checkin 2 (mobile_malware.rules)
  • 2853344 - ETPRO MOBILE_MALWARE Android.BankBot.14071 / Hookbot Checkin 3 (mobile_malware.rules)
  • 2853345 - ETPRO MOBILE_MALWARE Android/Agent.EHA CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853346 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CLW CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853347 - ETPRO PHISHING Successful TA407 Credential Phish 2023-02-07 (phishing.rules)
  • 2853348 - ETPRO MALWARE SocGholish CnC Initial Request M2 (malware.rules)

Disabled and modified rules:

  • 2852921 - ETPRO MALWARE WasabiSeed Downloader Activity (GET) (malware.rules)