Ruleset Update Summary - 2023/03/17 - v10272

Ruleset Updates
1

Summary:

13 new OPEN, 15 new PRO (13 + 2)

Thanks @suyog41, @500mk500, @Cyber0verload

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Added rules:

Open:

  • 2044667 - ET MALWARE Golang/Linux Kaiji Variant Activity (malware.rules)
  • 2044668 - ET MALWARE Observed DNS Query To Gamaredon Domain (balatu .ru) (malware.rules)
  • 2044669 - ET MALWARE Observed DNS Query To Gamaredon Domain (paratai .ru) (malware.rules)
  • 2044670 - ET MALWARE Observed DNS Query To Gamaredon Domain (gokols .ru) (malware.rules)
  • 2044671 - ET MALWARE Observed DNSQuery to Gamaredon Domain (omranpo .ru) (malware.rules)
  • 2044672 - ET MALWARE Observed DNSQuery to Gamaredon Domain (orduhanpo .ru) (malware.rules)
  • 2044673 - ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so) (info.rules)
  • 2044674 - ET PHISHING Silicon Valley Bank Credential Phish Landing Page M1 (phishing.rules)
  • 2044675 - ET PHISHING Silicon Valley Bank Credential Phish Landing Page M2 (phishing.rules)
  • 2044676 - ET PHISHING Silicon Valley Bank Phish Domain in DNS Lookup (cash4svb .com) (phishing.rules)
  • 2044677 - ET MALWARE Fortigate TABLEFLIP Backdoor Trigger - Magic Number Sequence (malware.rules)
  • 2044678 - ET MALWARE Fortigate THINCRUST Backdoor Activity M1 (malware.rules)
  • 2044679 - ET MALWARE Fortigate THINCRUST Backdoor Activity M2 (malware.rules)

Pro:

  • 2853734 - ETPRO EXPLOIT Possible CVE-2023-23415 Xbit Threshold Set (noalert) (exploit.rules)
  • 2853735 - ETPRO EXPLOIT Inbound Fragmented ICMP Flood - Possible Exploit Activity (CVE-2023-23415) (exploit.rules)

Modified inactive rules:

  • 2020470 - ET MALWARE Dridex POST Retrieving Second Stage (malware.rules)