Summary:
9 new OPEN, 63 new PRO (9 + 54)
Thanks @malPileDiver
The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net
The mailing list is being retired on April 3, 2023.
Added rules:
Open:
- 2030707 - ET PHISHING Possible Successful Credential Phish - Form submitted to submit-form Form Hosting (phishing.rules)
- 2044794 - ET HUNTING Connectivity Check With Go User-Agent (hunting.rules)
- 2044795 - ET PHISHING Generic Credential Phish Landing Page using submit-form .com (phishing.rules)
- 2044796 - ET MALWARE Win32/PSWStealer Data Exfiltration Attempt (malware.rules)
- 2044797 - ET HUNTING HTTP GET Request for system.data.sqlite.dll - Possible Infostealer Activity (hunting.rules)
- 2044798 - ET HUNTING HTTP GET Request for newtonsoft.json.dll - Possible Infostealer Activity (hunting.rules)
- 2044799 - ET HUNTING HTTP GET Request for bouncycastle.crypto.dll - Possible Infostealer Activity (hunting.rules)
- 2044800 - ET HUNTING HTTP GET Request for sqlite.interop.dll - Possible Infostealer Activity (hunting.rules)
- 2044801 - ET HUNTING HTTP GET Request for dotnetzip.dll - Possible Infostealer Activity (hunting.rules)
Pro:
- 2853808 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2853809 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2853810 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2853811 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2853812 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2853813 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2853814 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2853815 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2853816 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2853817 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2853818 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2853819 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2853820 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2853821 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2853822 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2853823 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2853824 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2853825 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2853826 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2853827 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2853828 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2853829 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2853830 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2853831 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2853832 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2853833 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2853834 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2853835 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2853836 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2853837 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2853838 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2853839 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2853840 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2853841 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2853842 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2853843 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2853844 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2853845 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2853846 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2853847 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2853848 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2853849 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2853850 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2853851 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2853852 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2853853 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2853854 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2853855 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2853856 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2853857 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2853858 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2853859 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2853860 - ETPRO ATTACK_RESPONSE Linux/CoinMiner.WV Variant Inbound (attack_response.rules)
- 2853861 - ETPRO PHISHING Twitter Credential Phish Landing Page 2023-03-28 (phishing.rules)
Disabled and modified rules:
- 2853348 - ETPRO MALWARE SocGholish CnC Initial Request M2 (malware.rules)
Removed rules:
- 2030707 - ET HUNTING Possible Phishing - Form submitted to submit-form Form Hosting (hunting.rules)