[***] Summary: [***]
17 new OPEN, 17 new PRO (17 + 0)
Thanks @James_inthe_box, @FlashpointIntel
The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net
We will announce the mailing list retirement date in the near future.
Note: There will be no release on 2022/12/26 due to the Holidays
[+++] Added rules: [+++]
Open:
2042977 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET)
(malware.rules)
2042978 - ET INFO Commonly Abused Domain Service Domain in DNS
Lookup (temp .swtest .ru) (info.rules)
2042979 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup
(vasimgo .shop) (malware.rules)
2042980 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup
(admin-dpsu .org) (malware.rules)
2042981 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup
(files-dwn .shop) (malware.rules)
2042982 - ET MALWARE Win32/RisePro CnC Command Outbound (set_file)
(malware.rules)
2042983 - ET MALWARE Win32/RisePro CnC Command Outbound
(get_loaders) (malware.rules)
2042984 - ET MALWARE Win32/RisePro CnC Command Outbound (get_marks)
(malware.rules)
2042985 - ET MALWARE Win32/RisePro CnC Command Outbound
(freezeStats) (malware.rules)
2042986 - ET MALWARE Win32/RisePro CnC Command Outbound
(get_grabbers) (malware.rules)
2042987 - ET MALWARE Win32/RisePro CnC Command Outbound (pingmap)
(malware.rules)
2042988 - ET MALWARE Win32/RisePro CnC Activity (GET) (malware.rules)
2042989 - ET MALWARE Win32/RisePro CnC Server Response M1 (malware.rules)
2042990 - ET MALWARE Win32/RisePro CnC Server Response M2 (malware.rules)
2042991 - ET MALWARE Win32/RisePro CnC Server Response M3 (malware.rules)
2042992 - ET MALWARE Win32/Generik.BUTNSNA Checkin (malware.rules)
2042993 - ET MALWARE SocGholish Domain in DNS Lookup (governing
.beautynic .com) (malware.rules)
[///] Modified active rules: [///]
2852922 - ETPRO MALWARE Win32/Screenshotter Backdoor Sending
Screenshot (POST) (malware.rules)
[---] Disabled and modified rules: [---]
2039817 - ET MALWARE SocGholish Domain in DNS Lookup (mini
.ptipexcel .com) (malware.rules)
---------------------------------------------------------