Ruleset Update Summary - 2023/03/10 - v10265


9 new OPEN, 10 new PRO (9 + 1)

Thanks @TalosSecurity, @_CPResearch, @500mk500, @suyog41

The Emerging Threats mailing list is migrating to Discourse. Please visit us at

The mailing list is being retired on April 3, 2023.

Added rules:


  • 2044556 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
  • 2044557 - ET MALWARE WorldWind Stealer Sending System information via Telegram (POST) (malware.rules)
  • 2044558 - ET PHISHING Possible Credential Phish Landing Page 2023-03-10 (phishing.rules)
  • 2044559 - ET PHISHING United Parcel Service Landing Page 2023-03-10 (phishing.rules)
  • 2044560 - ET MALWARE Prometei Botnet CnC DGA - xinchao Pattern (malware.rules)
  • 2044561 - ET MALWARE Prometei Botnet CnC Domain (feefreepool .net) in DNS Lookup (malware.rules)
  • 2044562 - ET MALWARE Prometei Botnet CnC Checkin (malware.rules)
  • 2044563 - ET MALWARE Prometei Botnet CnC Checkin - Payload Retrieval (malware.rules)
  • 2044564 - ET MALWARE Sharp Panda Soul Framework CnC Checkin (malware.rules)


  • 2853643 - ETPRO ADWARE_PUP Win32/StartPage Activity (GET) (adware_pup.rules)

Hey folks,

a small mistake on my part meant that our rule update messaging got sent out twice - once for our modified rules, and again for the newly added rules (this post). Aside from the today’s rule updates being split across two updates back to back (not even an hour apart), there should be no major issues or concerns for consumers of ETOPEN and/or ETPRO rulesets other than some slight embarassment on my part.

Have a great weekend!