Ruleset Update Summary - 2023/02/21 - v10248

rulesbot · February 21, 2023, 10:02pm

Summary:

12 new OPEN, 12 new PRO (12 + 0)

Thanks @cpresearch

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

2044258 - ET MALWARE Win32/Snojan Variant Sending System Information (GET) (malware.rules)
2044259 - ET MALWARE Win32/Snojan Variant Sending System Information (POST) (malware.rules)
2044260 - ET MALWARE Villain C2 Framework CnC Exfil (POST) (malware.rules)
2044261 - ET MALWARE Win32/0xtaRAT CnC Activity (GET) (malware.rules)
2044262 - ET MALWARE Observed Operation Silent Watch Domain in DNS Lookup (edupoliceam .info) (malware.rules)
2044263 - ET MALWARE Observed Operation Silent Watch Domain in DNS Lookup (filecloudservices .xyz) (malware.rules)
2044264 - ET MALWARE Observed Operation Silent Watch Domain in DNS Lookup (filesindrive .info) (malware.rules)
2044265 - ET MALWARE Observed Operation Silent Watch Domain in DNS Lookup (avvpassport .info) (malware.rules)
2044266 - ET MALWARE Observed Operation Silent Watch Domain in DNS Lookup (mediacloud .space) (malware.rules)
2044267 - ET PHISHING Generic Credential Phish Landing Page 2023-02-21 (phishing.rules)
2044268 - ET MALWARE Gamaredon C2 Domain (a0728173 .xsph .ru) in DNS Lookup (malware.rules)
2044269 - ET MALWARE Gamaredon C2 Domain (f0559838 .xsph .ru) in DNS Lookup (malware.rules)

2034474 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
2034752 - ET MALWARE Win32/BazarLoader Activity (GET) (malware.rules)
2039839 - ET MALWARE SocGholish Domain in DNS Lookup (subscribe .3gbling .com) (malware.rules)
2043264 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043265 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043266 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043267 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043270 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043271 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043422 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .betting .cockroachracing .site) (malware.rules)
2043456 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .market .dentureforfree .online) (malware.rules)
2043457 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rendezvous .tophandsome .gay) (malware.rules)
2043458 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .signing .unitynotarypublic .com) (malware.rules)
2043993 - ET MALWARE Observed DNS Query to IcedID Domain (nomaeradiur .com) (malware.rules)
2043995 - ET MALWARE Observed DNS Query to IcedID Domain (tibloautonef .com) (malware.rules)
2044140 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .samples .muzikcitysound .com) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/01/09 - v10215 Ruleset Updates	320	January 9, 2023
Ruleset Update Summary - 2023/01/05 - v10212 Ruleset Updates	320	January 5, 2023
Ruleset Update Summary - 2023/01/04 - v10211 Ruleset Updates	258	January 4, 2023
Ruleset Update Summary - 2023/01/13 - v10220 Ruleset Updates	255	January 13, 2023
Ruleset Update Summary - 2023/01/19 - v10224 Ruleset Updates	372	January 19, 2023