Ruleset Update Summary - 2023/03/23 - v10276

rulesbot · March 23, 2023, 8:54pm

Summary:

9 new OPEN, 40 new PRO (9 + 31)

Thanks Kevin, Ross, @Mandiant, @pentestmonkey, @suyog41

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Added rules:

Open:

2044749 - ET INFO Commonly Abused Content Delivery Network Domain in DNS Lookup (btloader .com) (info.rules)
2044750 - ET INFO Observed Abused Content Delivery Network Domain (btloader .com in TLS SNI) (info.rules)
2044751 - ET ATTACK_RESPONSE Interactive Reverse Shell Without TTY (Outbound) (attack_response.rules)
2044752 - ET MALWARE Win32/MuggleStealer CnC ChromePwd Exfil (POST) (malware.rules)
2044753 - ET MALWARE Win32/MuggleStealer CnC Desktop Exfil (POST) (malware.rules)
2044754 - ET MALWARE Win32/MuggleStealer CnC DiskInfo Exfil (POST) (malware.rules)
2044755 - ET MALWARE Win32/MuggleStealer CnC Wincreds Exfil (POST) (malware.rules)
2044756 - ET ADWARE_PUP Win32/Packed.FlyStudio.AA Checkin (adware_pup.rules)
2044757 - ET MALWARE TrojanDownloader:Win32/Sinresby.B Checkin (malware.rules)

Pro:

2853771 - ETPRO MALWARE JS/Unknown Downloader Payload Request (GET) (malware.rules)
2853772 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853773 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853774 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853775 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853776 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853777 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853778 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853779 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853780 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853781 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853782 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853783 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853784 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853785 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853786 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853787 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853788 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853789 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853790 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853791 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853792 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853793 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853794 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853795 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853796 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853797 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853798 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853799 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853800 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2853801 - ETPRO PHISHING Twitter Credential Phish Landing Page 2023-03-23 (phishing.rules)

Disabled and modified rules:

2036982 - ET MALWARE Loxes/Mongall Related CnC Beacon M3 (GET) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/01/13 - v10220 Ruleset Updates	230	January 13, 2023
Ruleset Update Summary - 2023/01/12 - v10219 Ruleset Updates	160	January 12, 2023
Ruleset Update Summary - 2023/01/04 - v10211 Ruleset Updates	225	January 4, 2023
Ruleset Update Summary - 2022/11/16 - v10174 Ruleset Updates	273	November 16, 2022
Ruleset Update Summary - 2023/03/24 - v10277 Ruleset Updates	262	March 24, 2023