Ruleset Update Summary - 2023/03/21 - v10274

Ruleset Updates
1

Summary:

14 new OPEN, 14 new PRO (14 + 0)

Thanks @malPileDiver, @felixaime, @doc_guard, @tenacioustek

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Added rules:

Open:

  • 2044709 - ET MALWARE Observed DNS Query To Gamaredon Domain (raminla .ru) (malware.rules)
  • 2044710 - ET MALWARE Observed DNS Query To Gamaredon Domain (daglarho .ru) (malware.rules)
  • 2044711 - ET MALWARE Observed DNS Query to WinterVivern Domain (ocsp-report .com) (malware.rules)
  • 2044712 - ET MALWARE Observed DNS Query to WinterVivern Domain (ocsp-reloads .com) (malware.rules)
  • 2044713 - ET PHISHING Generic Credential Phish Landing Page 2023-03-21 (phishing.rules)
  • 2044714 - ET INFO Avalanche / Lavina Pulse Domain in DNS Lookup (avl .team) (info.rules)
  • 2044715 - ET INFO Observed Avalanche / Lavina Pulse Domain (avl .team in TLS SNI) (info.rules)
  • 2044716 - ET INFO URL Shortener Service Domain in DNS Lookup (u5p .cn) (info.rules)
  • 2044717 - ET INFO Observed URL Shortener Service Domain Domain (u5p .cn in TLS SNI) (info.rules)
  • 2044718 - ET MALWARE Observed DNS Query to Bad Magic APT Domain (webservice-srv .online) (malware.rules)
  • 2044719 - ET MALWARE Observed DNS Query to Bad Magic APT Domain (webservice-srv1 .online) (malware.rules)
  • 2044720 - ET INFO Free File Hosting Domain (sendbig .com) in DNS Lookup (info.rules)
  • 2044721 - ET INFO Free File Hosting Domain (sendbig .com) in TLS SNI (info.rules)
  • 2044722 - ET PHISHING Snapchat Credential Phish Landing Page 2023-03-21 (phishing.rules)

Disabled and modified rules:

  • 2042948 - ET MALWARE Observed DNS Query to Goofy Guineapig Domain (static .tcplog .com) (malware.rules)
  • 2043018 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (service-fatturecloud .de) (malware.rules)
  • 2043019 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (utente .service-fatturecloud .de) (malware.rules)
  • 2043020 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (downloadpdf-fattura .de) (malware.rules)
  • 2044369 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stuff .libertydentalcourse .ca) (malware.rules)
  • 2853034 - ETPRO MALWARE Observed DNS Query to AsyncRAT Domain (malware.rules)
  • 2853035 - ETPRO MALWARE Observed DNS Query to AsyncRAT Domain (malware.rules)
  • 2853361 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-02-10 1) (coinminer.rules)
  • 2853364 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-02-13 1) (coinminer.rules)
  • 2853505 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2023-02-15 1) (coinminer.rules)

Removed rules:

  • 2807427 - ETPRO MALWARE Cryp_Banker14 Checkin (malware.rules)