Ruleset Update Summary - 2023/04/03 - v10283

Ruleset Updates
1

Summary:

9 new OPEN, 61 new PRO (9 + 52)

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Today is the final day for the mailing list, thank you for being a part of it! You can keep in touch with us at our Discourse https://community.emergingthreats.net and support@emergingthreats.net.

Added rules:

Open:

  • 2044858 - ET INFO DYNAMIC_DNS Query to a *.poo .li Domain (info.rules)
  • 2044859 - ET INFO DYNAMIC_DNS HTTP Request to a *.poo .li Domain (info.rules)
  • 2044860 - ET INFO DYNAMIC_DNS Query to a *.baez .cl Domain (info.rules)
  • 2044861 - ET INFO DYNAMIC_DNS HTTP Request to a *.baez .cl Domain (info.rules)
  • 2044862 - ET INFO DYNAMIC_DNS Query to a *.bqc .co .za Domain (info.rules)
  • 2044863 - ET INFO DYNAMIC_DNS HTTP Request to a *.bqc .co .za Domain (info.rules)
  • 2044864 - ET INFO Pastebin Service Domain in DNS Lookup (rentry .co) (info.rules)
  • 2044865 - ET INFO Observed Pastebin Service Domain (rentry .co in TLS SNI) (info.rules)
  • 2044866 - ET PHISHING Generic Credential Phish Landing Page 2023-04-03 (phishing.rules)

Pro:

  • 2854070 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2854071 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2854072 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.ZT CnC Beacon (mobile_malware.rules)
  • 2854073 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CNM Checkin (mobile_malware.rules)
  • 2854074 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.td CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2854075 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CNO Checkin (mobile_malware.rules)
  • 2854076 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2854077 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854078 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854079 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2854080 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2854081 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2854082 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2854083 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2854084 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2854085 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854086 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854087 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854088 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854089 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2854090 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854091 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854092 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2854093 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2854094 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2854095 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2854096 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2854097 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2854098 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854099 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854100 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854101 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854102 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2854103 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854104 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854105 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2854106 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2854107 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2854108 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2854109 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2854110 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2854111 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854112 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854113 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854114 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854115 - ETPRO ATTACK_RESPONSE CrDatLoader CnC Response Inbound M1 (attack_response.rules)
  • 2854116 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M2 (malware.rules)
  • 2854117 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M3 (malware.rules)
  • 2854118 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M1 (malware.rules)
  • 2854119 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain (malware.rules)
  • 2854120 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain (malware.rules)
  • 2854121 - ETPRO MALWARE Observed DNS Query to CrDatLoader Domain (malware.rules)

Disabled and modified rules:

  • 2044705 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .language .sebtomato .com) (malware.rules)