Daily Ruleset Update Summary
Daily Ruleset Update Summary 2023/01/10

[***] Summary: [***]

20 new OPEN, 23 new PRO (20 + 3) Delivr .to Domains, BLINDEAGLE, and IcedID.

Thanks @_CPResearch_, @360netlab

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2043252 - ET INFO Delivr .to Phishing/Security Simulation Service
Domain in DNS Lookup (delivrto .me) (info.rules)
2043253 - ET INFO Observed Delivr .to Phishing/Security Simulation
Service Domain (delivrto .me in TLS SNI) (info.rules)
2043254 - ET POLICY Http Client Body contains upin= in cleartext
(policy.rules)
2043255 - ET PHISHING Observed Phishing Domain in DNS Lookup
(circle-ci .com) (phishing.rules)
2043256 - ET PHISHING Observed Phishing Domain in DNS Lookup
(infollnes-r-us .co .uk) (phishing.rules)
2043257 - ET PHISHING Observed Phishing Domain in DNS Lookup
(mcrsfts-passwdupdate .com) (phishing.rules)
2043258 - ET PHISHING Observed Phishing Domain in DNS Lookup
(microsoftonlinesupport .cf) (phishing.rules)
2043259 - ET HUNTING File Sharing Related Domain (www .mediafire
.com) in DNS Lookup (hunting.rules)
2043260 - ET MALWARE BLINDEAGLE CnC Domain (laminascol .linkpc .net)
in DNS Lookup (malware.rules)
2043261 - ET MALWARE BLINDEAGLE CnC Domain (upxsystems .com) in DNS
Lookup (malware.rules)
2043262 - ET MALWARE BLINDEAGLE CnC Domain (systemwin .linkpc .net)
in DNS Lookup (malware.rules)
2043263 - ET MALWARE XDR33 CnC Server SSL Certificate Observed (malware.rules)
2043264 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043265 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043266 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043267 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043268 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043269 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043270 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2043271 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)

Pro:

2853025 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-01-10 1) (coinminer.rules)
2853026 - ETPRO HUNTING Suspicious POST to Microsoft Domain (hunting.rules)
2853028 - ETPRO PHISHING Twitter Phish Landing Page 2022-01-10
(phishing.rules)

[---] Disabled and modified rules: [---]

2809176 - ETPRO EXPLOIT DTLS Pre 1.0 HelloVerifyRequest CookieSize
Heap Overflow CVE-2014-6321 (exploit.rules)
2809177 - ETPRO EXPLOIT DTLS 1.0 HelloVerifyRequest CookieSize Heap
Overflow CVE-2014-6321 (exploit.rules)

Date:
Summary title:
20 new OPEN, 23 new PRO (20 + 3) Delivr .to Domains, BLINDEAGLE, and IcedID.