Ruleset Update Summary - 2023/02/17 - v10246

Ruleset Updates
1

Summary:

10 new OPEN, 21 new PRO (10 + 11)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

  • 2044233 - ET INFO DYNAMIC_DNS Query to a *.sytes.net Domain (info.rules)
  • 2044234 - ET PHISHING Sidewinder Credential Phish Landing Page M2 2023-02-16 (phishing.rules)
  • 2044235 - ET PHISHING Sidewinder Credential Phish Landing Page M2 2023-02-16 (phishing.rules)
  • 2044236 - ET MALWARE APT37 M2RAT CnC Server Command - OKR (malware.rules)
  • 2044237 - ET MALWARE APT37 M2RAT CnC Server Command - URL (malware.rules)
  • 2044238 - ET MALWARE APT37 M2RAT CnC Server Command - UPD (malware.rules)
  • 2044239 - ET MALWARE APT37 M2RAT CnC Server Command - RES (malware.rules)
  • 2044240 - ET MALWARE APT37 M2RAT CnC Server Command - UNI (malware.rules)
  • 2044241 - ET MALWARE APT37 M2RAT CnC Server Command - CMD (malware.rules)
  • 2044242 - ET MALWARE SocGholish Domain in DNS Lookup (blockchain .shannongougenheim .com) (malware.rules)

Pro:

  • 2853507 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.PhantomLance.a CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853508 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.PhantomLance.a CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853509 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.PhantomLance.a CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853510 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.aulb CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853511 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CME CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853512 - ETPRO MOBILE_MALWARE Android/Spy.Krysanec.C CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853513 - ETPRO MOBILE_MALWARE Android.Spy.1030 CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853514 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.AEV CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853515 - ETPRO EXPLOIT Possible Microsoft Exchange RCE - Abusable Constructor (CVE-2023-21529) (exploit.rules)
  • 2853516 - ETPRO EXPLOIT Possible Microsoft Exchange RCE - Abusable Object (CVE-2023-21529) (exploit.rules)
  • 2853517 - ETPRO MALWARE XWorm CnC Domain in DNS Lookup (malware.rules)

Removed rules:

  • 2042805 - ET INFO DYNAMIC_DNS HTTP Request to a *.myftp .biz Domain (info.rules)
  • 2804633 - ETPRO INFO DYNAMIC_DNS Query to a *.sytes.net Domain (info.rules)