[***] Summary: [***]

6 new OPEN, 8 new PRO (6 + 2)

Thanks @suyog41

Note: There will be no release on 12/26 due to observance of holidays.
For normalization purposes, we have changed the metadata tag
affected_product for Exchange from "MS_Exchange" to read
"Microsoft_Exchange".

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2043002 - ET EXPLOIT Microsoft Exchange Remote Code Execution Attempt
- OWASSRF (CVE-2022-41040, CVE-2022-41082) (exploit.rules)
2043003 - ET MALWARE Win32/RecordBreaker - Observed UA M5 (23591)
(malware.rules)
2043004 - ET MALWARE SocGholish Domain in DNS Lookup (perspective
.abcbarbecue .xyz) (malware.rules)
2043005 - ET MALWARE SocGholish Domain in DNS Lookup (exclusive
.milonopensky .store) (malware.rules)
2043006 - ET MALWARE SocGholish Domain in DNS Lookup (extcourse
.zurvio .com) (malware.rules)
2043007 - ET MALWARE SocGholish Domain in DNS Lookup (internship
.ojul .com) (malware.rules)

Pro:

2852980 - ETPRO MALWARE Win32/Fabookie.ek CnC Request M1 (GET) (malware.rules)
2852981 - ETPRO MALWARE Win32/Fabookie.ek CnC Request M3 (GET) (malware.rules)

[///] Modified active rules: [///]

2032897 - ET EXPLOIT Microsoft Exchange RCE Setup Inbound
(CVE-2021-28482) (exploit.rules)
2033681 - ET EXPLOIT Microsoft Exchange Pre-Auth Path Confusion M1
(CVE-2021-31207) (exploit.rules)
2033682 - ET EXPLOIT Microsoft Exchange Pre-Auth Path Confusion M2
(CVE-2021-31207) (exploit.rules)
2033683 - ET EXPLOIT Vulnerable Microsoft Exchange Server Response
(CVE-2021-31207) (exploit.rules)
2033684 - ET EXPLOIT Possible Microsoft Exchange RCE Inbound M1
(CVE-2021-34473) (exploit.rules)
2033701 - ET EXPLOIT Microsoft Exchange SUID Disclosure via SSRF
Inbound M1 (CVE-2021-31207) (exploit.rules)
2033711 - ET EXPLOIT Possible Microsoft Exchange RCE Inbound M2
(CVE-2021-34473) (exploit.rules)
2033712 - ET EXPLOIT Possible Microsoft Exchange RCE with Python PSRP
Client UA Inbound (CVE-2021-34473) (exploit.rules)
2035648 - ET EXPLOIT Microsoft Exchange SUID Disclosure via SSRF
Inbound M2 (CVE-2021-31207) (exploit.rules)
2035649 - ET EXPLOIT Possible Microsoft Exchange RCE Inbound M3
(CVE-2021-34473) (exploit.rules)
2035650 - ET EXPLOIT Possible Microsoft Exchange Mailbox Enumeration
Inbound (CVE-2021-34473) (exploit.rules)
2039065 - ET EXPLOIT Microsoft Exchange Remote Code Execution Attempt
(CVE-2022-41040, CVE-2022-41082) (exploit.rules)

[---] Disabled and modified rules: [---]

2038949 - ET MALWARE SocGholish Domain in DNS Lookup (predator
.foxscalesjewelry .com) (malware.rules)
2039139 - ET MALWARE SocGholish Domain in DNS Lookup (ecar
.allsunstates .com) (malware.rules)
2039838 - ET MALWARE SocGholish Domain in DNS Lookup (hook .adieh
.com) (malware.rules)

---------------------------------------------------------