Ruleset Update Summary - 2023/02/13 - v10242

Summary:

14 new OPEN, 15 new PRO (14 + 1)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.


Added rules:

Open:

  • 2044176 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .distributor .techsavvyauto .com) (malware.rules)
  • 2044177 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .picture .mercedesbestphoto .store) (malware.rules)
  • 2044178 - ET HUNTING Observed Query to .fyi TLD (hunting.rules)
  • 2044179 - ET HUNTING Observed Query to .beauty TLD (hunting.rules)
  • 2044180 - ET INFO Iperius Remote Related Domain in DNS Lookup (info.rules)
  • 2044181 - ET INFO Observed Iperius Remote Domain in TLS SNI (info.rules)
  • 2044182 - ET INFO ProvideSupport.com Related Domain in DNS Lookup (papepritz .com) (info.rules)
  • 2044183 - ET MALWARE Backdoored Xpopup Domain (xpopup .pe .kr) in DNS Lookup (malware.rules)
  • 2044184 - ET MALWARE Backdoored Xpopup Domain (xpopup .com) in DNS Lookup (malware.rules)
  • 2044185 - ET PHISHING AWS Phishing Domain (aws1-console-login .us) in DNS Lookup (phishing.rules)
  • 2044186 - ET PHISHING AWS Phishing Domain (us2-eat-a-w-s .blogspot .com) in DNS Lookup (phishing.rules)
  • 2044187 - ET PHISHING AWS Phishing Domain (aws1-us-west .info) in DNS Lookup (phishing.rules)
  • 2044188 - ET PHISHING AWS Phishing Domain (aws1-ec2-console .com) in DNS Lookup (phishing.rules)
  • 2044189 - ET PHISHING AWS Phishing Domain (aws2-console-login .xyz) in DNS Lookup (phishing.rules)

Pro:

  • 2853361 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-02-10 1) (coinminer.rules)

Disabled and modified rules:

  • 2027865 - ET INFO Observed DNS Query to .cloud TLD (info.rules)
  • 2027874 - ET INFO HTTP Request to Suspicious *.cloud Domain (info.rules)