Ruleset Update Summary - 2023/04/04 - v10284

Summary:

20 new OPEN, 28 new PRO (20 + 8)

Thanks @malPileDiver

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.


Added rules:

Open:

  • 2044867 - ET MALWARE Gamaredon Domain in DNS Lookup (earsplitting .ru) (malware.rules)
  • 2044868 - ET MALWARE Gamaredon Domain in DNS Lookup (aydynpo .ru) (malware.rules)
  • 2044869 - ET MALWARE Gamaredon Domain in DNS Lookup (disagreeable .ru) (malware.rules)
  • 2044870 - ET MALWARE Gamaredon Domain in DNS Lookup (undesirable .ru) (malware.rules)
  • 2044871 - ET MALWARE Gamaredon Domain in DNS Lookup (dzhafarho .ru) (malware.rules)
  • 2044872 - ET MALWARE Gamaredon Domain in DNS Lookup (glistening .ru) (malware.rules)
  • 2044873 - ET MALWARE Gamaredon Domain in DNS Lookup (krtkrt .ru) (malware.rules)
  • 2044874 - ET MALWARE Gamaredon Domain in DNS Lookup (materialistic .ru) (malware.rules)
  • 2044875 - ET MALWARE Gamaredon Domain in DNS Lookup (agonizing .ru) (malware.rules)
  • 2044876 - ET MALWARE Gamaredon Domain in DNS Lookup (statuesque .ru) (malware.rules)
  • 2044877 - ET MALWARE Gamaredon Domain in DNS Lookup (haramq .ru) (malware.rules)
  • 2044878 - ET MALWARE Gamaredon Domain in DNS Lookup (jafata .ru) (malware.rules)
  • 2044879 - ET MALWARE Gamaredon Domain in DNS Lookup (stereotyped .ru) (malware.rules)
  • 2044880 - ET MALWARE Gamaredon Domain in DNS Lookup (overjoyed .ru) (malware.rules)
  • 2044881 - ET MALWARE Gamaredon Domain in DNS Lookup (varials .ru) (malware.rules)
  • 2044882 - ET MALWARE Gamaredon Domain in DNS Lookup (capricious .ru) (malware.rules)
  • 2044883 - ET MALWARE Fake Browser Update via Error Page Loader (malware.rules)
  • 2044884 - ET MALWARE Fake Browser Update via Error Page Web Inject (malware.rules)
  • 2044885 - ET MALWARE Fake Browser Update via Error Page Payload (malware.rules)
  • 2044886 - ET MALWARE Fake Browser Update Loader Domain in DNS Lookup (infoamanewonliag .online) (malware.rules)

Pro:

  • 2852939 - ETPRO MALWARE Filez Downloader Checkin M2 (malware.rules)
  • 2854122 - ETPRO MALWARE AsyncRat Domain in DNS Lookup (malware.rules)
  • 2854123 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M4 (malware.rules)
  • 2854124 - ETPRO ATTACK_RESPONSE CrDatLoader CnC Activity Inbound M2 (attack_response.rules)
  • 2854125 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M5 (malware.rules)
  • 2854126 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M6 (malware.rules)
  • 2854127 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M7 (malware.rules)
  • 2854128 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M8 (malware.rules)

Removed rules:

  • 2852939 - ETPRO ACTIVEX Filez Downloader Checkin M2 (activex.rules)