Ruleset Update Summary - 2023/02/27 - v10254

rulesbot · February 27, 2023, 10:33pm

Summary:

24 new OPEN, 29 new PRO (24 + 5)

Thanks @BitDefender, @Cyber0verload, @500mk500

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Due to an internal company holiday there will be no rule release on Friday March 3rd, 2023.

Added rules:

Open:

2044346 - ET MALWARE Win32/Grandoreiro TCP CnC Activity (malware.rules)
2044347 - ET MALWARE NimPlant Register Activity (GET) (malware.rules)
2044348 - ET MALWARE NimPlant Sending Command (Inbound) (malware.rules)
2044349 - ET MALWARE NimPlant Register Activity M2 (POST) (malware.rules)
2044350 - ET MALWARE NimPlant Task Activity (GET) (malware.rules)
2044351 - ET MALWARE NimPlant Sending Task (Inbound) (malware.rules)
2044352 - ET MALWARE NimPlant Result Activity (POST) (malware.rules)
2044353 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2044354 - ET HUNTING User-Agent with Non Standard Characters (hunting.rules)
2044355 - ET PHISHING Successful Generic Credential Phish 2023-02-27 (phishing.rules)
2044356 - ET PHISHING Generic Credential Phish Landing Page 2023-02-27 (phishing.rules)
2044357 - ET PHISHING Successful Orange.fr Credential Phish 2023-02-27 (phishing.rules)
2044358 - ET MALWARE Win32/S1deload Stealer CnC Domain (neukoo .top) in DNS Lookup (malware.rules)
2044359 - ET MALWARE Win32/S1deload Stealer CnC Checkin (malware.rules)
2044360 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Get Tasking (malware.rules)
2044361 - ET MALWARE Win32/S1deload Stealer CnC Domain (ytb .dolala .xyz) in DNS Lookup (malware.rules)
2044362 - ET MALWARE Win32/S1deload Stealer CnC Domain (shopproxy .live) in DNS Lookup (malware.rules)
2044363 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer Payload Retrieval M1 (malware.rules)
2044364 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer Payload Retrieval M2 (malware.rules)
2044365 - ET MALWARE Win32/S1deload Stealer CnC Checkin - Coinminer Payload Retrieval M3 (malware.rules)
2044366 - ET MALWARE Win32/S1deload Stealer Data Exfiltration Attempt M1 (malware.rules)
2044367 - ET MALWARE Win32/S1deload Stealer Data Exfiltration Attempt M2 (malware.rules)
2044368 - ET MALWARE Win32/VB.AAF Checkin (malware.rules)
2044369 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stuff .libertydentalcourse .ca) (malware.rules)

Pro:

2853599 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auqt CnC Domain in DNS Lookup (mobile_malware.rules)
2853600 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.n CnC Domain in DNS Lookup (mobile_malware.rules)
2853601 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auwp CnC Domain in DNS Lookup (mobile_malware.rules)
2853602 - ETPRO MALWARE OneNote/Qbot CnC Activity (GET) (malware.rules)
2853603 - ETPRO MALWARE OneNote/Qbot CnC Activity (GET) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/03/31 - v10282 Ruleset Updates	212	March 31, 2023
Ruleset Update Summary - 2023/02/23 - v10251 Ruleset Updates	341	February 23, 2023
Ruleset Update Summary - 2022/11/17 - v10175 Ruleset Updates	342	November 17, 2022
Ruleset Update Summary - 2023/01/09 - v10215 Ruleset Updates	251	January 9, 2023
Ruleset Update Summary - 2023/03/28 - v10279 Ruleset Updates	298	March 28, 2023

Ruleset Update Summary - 2023/02/27 - v10254

Summary:

Added rules:

Open:

Pro:

Related Topics