Ruleset Update Summary - 2023/02/10 - v10241

Summary:

10 new OPEN, 14 new PRO (10 + 4)

Thanks @StopMalvertisin

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2044166 - ET MALWARE Suspected Gamaredon Related Activity (GET) (malware.rules)
  • 2044167 - ET MALWARE DonotGroup Related Domain in DNS Lookup (records .libutires .info) (malware.rules)
  • 2044168 - ET USER_AGENTS Observed DonotGroup Related UA (Chrome Edge) (user_agents.rules)
  • 2044169 - ET MALWARE NewsPenguin Domain in DNS Lookup (updates .win32 .live) (malware.rules)
  • 2044170 - ET MALWARE NewsPenguin Domain in DNS Lookup (windowsupdates .shop) (malware.rules)
  • 2044171 - ET MALWARE NewsPenguin CnC Checkin (malware.rules)
  • 2044172 - ET MALWARE NewsPenguin Domain in DNS Lookup (sailorjobs .world) (malware.rules)
  • 2044173 - ET MALWARE Cobalt Strike CnC Domain (cdcgov .us) in DNS Lookup (malware.rules)
  • 2044174 - ET MALWARE Malicious Node.js Module aabquerys payload delivery domain (github .elemecdn .com) in DNS Lookup (malware.rules)
  • 2044175 - ET MALWARE Havoc RAT CnC Domain (zh .googlecdnb .tk) in DNS Lookup (malware.rules)

Pro:

  • 2853357 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-02-09 1) (coinminer.rules)
  • 2853358 - ETPRO USER_AGENTS Observed Suspicious UA (NewsPenguin Related UA) (user_agents.rules)
  • 2853359 - ETPRO PHISHING Successful Twitter Credential Phish 2023-02-10 (phishing.rules)
  • 2853360 - ETPRO PHISHING Twitter Credential Phish Landing Page 2023-02-10 (phishing.rules)

Disabled and modified rules:

  • 2844189 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844190 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844191 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844192 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844193 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844194 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844195 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844196 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844197 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
  • 2844198 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)

Removed rules:

  • 2016104 - ET MALWARE DNS Reply for unallocated address space - Potentially Malicious 1.1.1.0/24 (malware.rules)