Ruleset Update Summary - 2023/03/24 - v10277

Ruleset Updates
1

Summary:

8 new OPEN, 11 new PRO (8 + 3)

Thanks @Cyber0verload

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Added rules:

Open:

  • 2044758 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2044759 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2044760 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2044761 - ET MALWARE Win32/Gamaredon Payload Request (GET) (malware.rules)
  • 2044762 - ET MALWARE Observed DNS Query to Gamaredon Domain (sabitpo .ru) (malware.rules)
  • 2044763 - ET MALWARE LogStih Stealer CnC Checkin (malware.rules)
  • 2044764 - ET MALWARE LogStih Stealer Data Exfiltration Attempt (malware.rules)
  • 2044765 - ET ADWARE_PUP Win32/DealPly.EJ Checkin (adware_pup.rules)

Pro:

  • 2853802 - ETPRO MALWARE TA444 Related Activity (GET) (malware.rules)
  • 2853803 - ETPRO HUNTING Observed TA444 Related User-Agent (hunting.rules)
  • 2853804 - ETPRO MALWARE JS/Unknown Downloader Payload Request (GET) (malware.rules)

Modified inactive rules:

  • 2017250 - ET EXPLOIT_KIT %Hex Encoded jnlp_embedded (Observed in Sakura) (exploit_kit.rules)
  • 2023873 - ET POLICY DNS Query to Hamas Terrorist Propaganda TV Channel (aqsatv .ps) (policy.rules)
  • 2822331 - ETPRO MALWARE Malicious SSL certificate detected (Odinaff CnC) (malware.rules)

Disabled and modified rules:

  • 2025541 - ET MALWARE MSIL/GX Stealer/GravityRAT Uploading File (malware.rules)
  • 2025631 - ET MALWARE [PTsecurity] Paradise Ransomware Check-in (malware.rules)
  • 2027810 - ET MALWARE Win32/Onliner Mailer Module Communicating with CnC (malware.rules)
  • 2033987 - ET MALWARE APT/Bitter Maldoc Activity (malware.rules)
  • 2036309 - ET MALWARE BlackTech FlagPro Dropper Activity (GET) (malware.rules)
  • 2044555 - ET MALWARE SocGholish NetSupport Dropper Domain in DNS Lookup (gybvhxu .top) (malware.rules)
  • 2830492 - ETPRO MALWARE Win32/Agent.ZKU CnC Checkin (malware.rules)
  • 2830495 - ETPRO MALWARE BlackCarat Sending System Information to CnC (malware.rules)
  • 2833565 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M7 (Bruteforce) (exploit.rules)
  • 2833566 - ETPRO EXPLOIT Possible Novidade EK Attempting Intranet Router Compromise M8 (Bruteforce) (exploit.rules)