Ruleset Update Summary - 2023/04/04 - v10284

rulesbot · April 4, 2023, 9:05pm

Summary:

20 new OPEN, 28 new PRO (20 + 8)

Thanks @malPileDiver

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

Added rules:

Open:

2044867 - ET MALWARE Gamaredon Domain in DNS Lookup (earsplitting .ru) (malware.rules)
2044868 - ET MALWARE Gamaredon Domain in DNS Lookup (aydynpo .ru) (malware.rules)
2044869 - ET MALWARE Gamaredon Domain in DNS Lookup (disagreeable .ru) (malware.rules)
2044870 - ET MALWARE Gamaredon Domain in DNS Lookup (undesirable .ru) (malware.rules)
2044871 - ET MALWARE Gamaredon Domain in DNS Lookup (dzhafarho .ru) (malware.rules)
2044872 - ET MALWARE Gamaredon Domain in DNS Lookup (glistening .ru) (malware.rules)
2044873 - ET MALWARE Gamaredon Domain in DNS Lookup (krtkrt .ru) (malware.rules)
2044874 - ET MALWARE Gamaredon Domain in DNS Lookup (materialistic .ru) (malware.rules)
2044875 - ET MALWARE Gamaredon Domain in DNS Lookup (agonizing .ru) (malware.rules)
2044876 - ET MALWARE Gamaredon Domain in DNS Lookup (statuesque .ru) (malware.rules)
2044877 - ET MALWARE Gamaredon Domain in DNS Lookup (haramq .ru) (malware.rules)
2044878 - ET MALWARE Gamaredon Domain in DNS Lookup (jafata .ru) (malware.rules)
2044879 - ET MALWARE Gamaredon Domain in DNS Lookup (stereotyped .ru) (malware.rules)
2044880 - ET MALWARE Gamaredon Domain in DNS Lookup (overjoyed .ru) (malware.rules)
2044881 - ET MALWARE Gamaredon Domain in DNS Lookup (varials .ru) (malware.rules)
2044882 - ET MALWARE Gamaredon Domain in DNS Lookup (capricious .ru) (malware.rules)
2044883 - ET MALWARE Fake Browser Update via Error Page Loader (malware.rules)
2044884 - ET MALWARE Fake Browser Update via Error Page Web Inject (malware.rules)
2044885 - ET MALWARE Fake Browser Update via Error Page Payload (malware.rules)
2044886 - ET MALWARE Fake Browser Update Loader Domain in DNS Lookup (infoamanewonliag .online) (malware.rules)

Pro:

2852939 - ETPRO MALWARE Filez Downloader Checkin M2 (malware.rules)
2854122 - ETPRO MALWARE AsyncRat Domain in DNS Lookup (malware.rules)
2854123 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M4 (malware.rules)
2854124 - ETPRO ATTACK_RESPONSE CrDatLoader CnC Activity Inbound M2 (attack_response.rules)
2854125 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M5 (malware.rules)
2854126 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M6 (malware.rules)
2854127 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M7 (malware.rules)
2854128 - ETPRO MALWARE CrDatLoader CnC Activity Outbound M8 (malware.rules)

Removed rules:

2852939 - ETPRO ACTIVEX Filez Downloader Checkin M2 (activex.rules)

Topic		Replies	Views
Ruleset Update Summary - 2023/03/06 - v10259 Ruleset Updates	1	246	March 6, 2023
Ruleset Update Summary - 2023/03/30 - v10281 Ruleset Updates	0	416	March 30, 2023
Ruleset Update Summary - 2023/03/27 - v10278 Ruleset Updates	0	461	March 27, 2023
Ruleset Update Summary - 2022/12/21 - v10201 Ruleset Updates	0	211	December 21, 2022
Ruleset Update Summary - 2023/03/21 - v10274 Ruleset Updates	0	265	March 21, 2023