Summary:
10 new OPEN, 14 new PRO (10 + 4)
Thanks @StopMalvertisin
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Added rules:
Open:
- 2044166 - ET MALWARE Suspected Gamaredon Related Activity (GET) (malware.rules)
- 2044167 - ET MALWARE DonotGroup Related Domain in DNS Lookup (records .libutires .info) (malware.rules)
- 2044168 - ET USER_AGENTS Observed DonotGroup Related UA (Chrome Edge) (user_agents.rules)
- 2044169 - ET MALWARE NewsPenguin Domain in DNS Lookup (updates .win32 .live) (malware.rules)
- 2044170 - ET MALWARE NewsPenguin Domain in DNS Lookup (windowsupdates .shop) (malware.rules)
- 2044171 - ET MALWARE NewsPenguin CnC Checkin (malware.rules)
- 2044172 - ET MALWARE NewsPenguin Domain in DNS Lookup (sailorjobs .world) (malware.rules)
- 2044173 - ET MALWARE Cobalt Strike CnC Domain (cdcgov .us) in DNS Lookup (malware.rules)
- 2044174 - ET MALWARE Malicious Node.js Module aabquerys payload delivery domain (github .elemecdn .com) in DNS Lookup (malware.rules)
- 2044175 - ET MALWARE Havoc RAT CnC Domain (zh .googlecdnb .tk) in DNS Lookup (malware.rules)
Pro:
- 2853357 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-02-09 1) (coinminer.rules)
- 2853358 - ETPRO USER_AGENTS Observed Suspicious UA (NewsPenguin Related UA) (user_agents.rules)
- 2853359 - ETPRO PHISHING Successful Twitter Credential Phish 2023-02-10 (phishing.rules)
- 2853360 - ETPRO PHISHING Twitter Credential Phish Landing Page 2023-02-10 (phishing.rules)
Disabled and modified rules:
- 2844189 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844190 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844191 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844192 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844193 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844194 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844195 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844196 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844197 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
- 2844198 - ETPRO MALWARE CaptainCha CnC in DNS Lookup (malware.rules)
Removed rules:
- 2016104 - ET MALWARE DNS Reply for unallocated address space - Potentially Malicious 1.1.1.0/24 (malware.rules)