Ruleset Update Summary - 2023/02/27 - v10254

Summary:

24 new OPEN, 29 new PRO (24 + 5)

Thanks @BitDefender, @Cyber0verload, @500mk500

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Due to an internal company holiday there will be no rule release on Friday March 3rd, 2023.


Added rules:

Open:

  • 2044346 - ET MALWARE Win32/Grandoreiro TCP CnC Activity (malware.rules)
  • 2044347 - ET MALWARE NimPlant Register Activity (GET) (malware.rules)
  • 2044348 - ET MALWARE NimPlant Sending Command (Inbound) (malware.rules)
  • 2044349 - ET MALWARE NimPlant Register Activity M2 (POST) (malware.rules)
  • 2044350 - ET MALWARE NimPlant Task Activity (GET) (malware.rules)
  • 2044351 - ET MALWARE NimPlant Sending Task (Inbound) (malware.rules)
  • 2044352 - ET MALWARE NimPlant Result Activity (POST) (malware.rules)
  • 2044353 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
  • 2044354 - ET HUNTING User-Agent with Non Standard Characters (hunting.rules)
  • 2044355 - ET PHISHING Successful Generic Credential Phish 2023-02-27 (phishing.rules)
  • 2044356 - ET PHISHING Generic Credential Phish Landing Page 2023-02-27 (phishing.rules)
  • 2044357 - ET PHISHING Successful Orange.fr Credential Phish 2023-02-27 (phishing.rules)
  • 2044358 - ET MALWARE Win32/S1deload Stealer CnC Domain (neukoo .top) in DNS Lookup (malware.rules)
  • 2044359 - ET MALWARE Win32/S1deload Stealer CnC Checkin (malware.rules)
  • 2044360 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Get Tasking (malware.rules)
  • 2044361 - ET MALWARE Win32/S1deload Stealer CnC Domain (ytb .dolala .xyz) in DNS Lookup (malware.rules)
  • 2044362 - ET MALWARE Win32/S1deload Stealer CnC Domain (shopproxy .live) in DNS Lookup (malware.rules)
  • 2044363 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer Payload Retrieval M1 (malware.rules)
  • 2044364 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer Payload Retrieval M2 (malware.rules)
  • 2044365 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer Payload Retrieval M3 (malware.rules)
  • 2044366 - ET MALWARE Win32/S1deload Stealer Data Exfiltration Attempt M1 (malware.rules)
  • 2044367 - ET MALWARE Win32/S1deload Stealer Data Exfiltration Attempt M2 (malware.rules)
  • 2044368 - ET MALWARE Win32/VB.AAF Checkin (malware.rules)
  • 2044369 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stuff .libertydentalcourse .ca) (malware.rules)

Pro:

  • 2853599 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auqt CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853600 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.n CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853601 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auwp CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853602 - ETPRO MALWARE OneNote/Qbot CnC Activity (GET) (malware.rules)
  • 2853603 - ETPRO MALWARE OneNote/Qbot CnC Activity (GET) (malware.rules)