Ruleset Update Summary - 2023/03/06 - v10259

Ruleset Updates
1

Summary:

19 new OPEN, 20 new PRO (19 + 1)

Thanks @malPileDiver, @Cyber0verload, @uptycs, @Fortinet, @h2jazi

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Added rules:

Open:

  • 2044434 - ET INFO File Sharing Related Domain in DNS Lookup (zippyshare .com) (info.rules)
  • 2044435 - ET INFO File Sharing Related Domain in HTTP Request (zippyshare .com) (info.rules)
  • 2044436 - ET INFO Observed File Sharing Domain (zippyshare .com in TLS SNI) (info.rules)
  • 2044437 - ET MALWARE Maldoc Related Domain in DNS Lookup (nationalweatherserviceapp .com) (malware.rules)
  • 2044438 - ET MALWARE Win32/VBS Backdoor Sending System Information (POST) (malware.rules)
  • 2044439 - ET MALWARE Observed DNS Query to Gamaredon Domain (payampo .ru) (malware.rules)
  • 2044440 - ET MALWARE Observed DNS Query to Gamaredon Domain (osmanpo .ru) (malware.rules)
  • 2044441 - ET MALWARE Observed DNS Query to Gamaredon Domain (muhsingo .ru) (malware.rules)
  • 2044442 - ET MALWARE Observed DNS Query to Gamaredon Domain (myuridgo .ru) (malware.rules)
  • 2044443 - ET MALWARE Observed DNS Query to Gamaredon Domain (ogtaypi .ru) (malware.rules)
  • 2044444 - ET MALWARE Observed DNS Query to Gamaredon Domain (orduhanpi .ru) (malware.rules)
  • 2044445 - ET MALWARE Observed DNS Query to Gamaredon Domain (muhtargo .ru) (malware.rules)
  • 2044446 - ET INFO Wordpress Error, Cannot modify header information - headers already sent by (info.rules)
  • 2044447 - ET PHISHING PUBG Credential Phish 2023-03-06 (phishing.rules)
  • 2044448 - ET PHISHING Roblox Credential Phish 2023-03-06 (phishing.rules)
  • 2044449 - ET MALWARE Parallax CnC Activity M18 (set) (malware.rules)
  • 2044450 - ET MALWARE Parallax CnC Response Activity M18 (malware.rules)
  • 2044451 - ET MALWARE Lockbit Ransomware Related Domain (poliovocalist .com) in DNS Lookup (malware.rules)
  • 2044452 - ET ADWARE_PUP Win32/Pearfoos.B!ml Checkin (adware_pup.rules)

Pro:

  • 2853629 - ETPRO HUNTING Base64 Encoded EXE Content-Type Mismatch (image/jpeg) (hunting.rules)
2

Hey folks, due to a small error on my part, today’s rule modifications got bumped to a separate rule release today. So, in addition to the new rules mentioned above, here are all of the rules we have modified today:

Disabled and modified rules:

2033998 - ET INFO Outdated Browser Landing Page M3 (info.rules)
2035551 - ET MALWARE Suspected Mustang Panda APT Related Activity (GET) (malware.rules)
2035552 - ET MALWARE Mustang Panda APT Related Activity (GET) (malware.rules)
2850089 - ETPRO PHISHING BulletProofLink Form POST M2 (phishing.rules)

Thanks and have a wonderful day.