Ruleset Update Summary - 2023/03/01 - v10256

Ruleset Updates
1

Summary:

9 new OPEN, 18 new PRO (9 + 9)

Thanks @ESETresearch

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Due to an internal company holiday there will be no rule release on Friday March 3rd, 2023.

Added rules:

Open:

  • 2044412 - ET INFO DYNAMIC_DNS Query to a *.neisa .com Domain (info.rules)
  • 2044413 - ET INFO DYNAMIC_DNS HTTP Request to a *.neisa .com Domain (info.rules)
  • 2044414 - ET INFO DYNAMIC_DNS Query to a *.with .mirkforce .de Domain (info.rules)
  • 2044415 - ET INFO DYNAMIC_DNS HTTP Request to a *.with .mirkforce .de Domain (info.rules)
  • 2044416 - ET INFO DYNAMIC_DNS Query to a *.visite .es Domain (info.rules)
  • 2044417 - ET INFO DYNAMIC_DNS HTTP Request to a *.visite .es Domain (info.rules)
  • 2044418 - ET MALWARE Observed BlackLotus SSL Certificate Observed (malware.rules)
  • 2044419 - ET MALWARE Win32/BlackLotus CnC Activity (POST) (malware.rules)
  • 2044420 - ET PHISHING Successful CenturyLink Credential Phish 2023-03-01 (phishing.rules)

Pro:

  • 2853607 - ETPRO MOBILE_MALWARE Android.Spy.989 CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853608 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auye CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853609 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Piom.auym CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853610 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Rewardsteal.n CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853611 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bf CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853612 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bf CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853613 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bf CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853614 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Hqwar.bf CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2853615 - ETPRO MALWARE Bitter APT CHM CnC Activity (GET) M3 (malware.rules)