Daily Ruleset Update Summary 2023/01/16

Daily Ruleset Update Summary

[***] Summary: [***]

4 new OPEN, 5 new PRO (4 + 1)

The Emerging Threats mailing list is migrating to Discourse. Please visit
us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2043296 - ET INFO OneNote Notebook Downloaded via Powershell (info.rules)
2043304 - ET INFO Suspicious Large HTTP Header Key Observed - Possible
Exploit Activity (info.rules)
2043305 - ET MALWARE Observed DNS Query to CnC Domain (StrongPity)
(malware.rules)
2043306 - ET MALWARE Observed DNS Query to CnC Domain (StrongPity)
(malware.rules)

Pro:

2853045 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-01-12 1) (coinminer.rules)

[///] Modified active rules: [///]

2029062 - ET MALWARE Legion Loader Activity Observed (YourUserAgent)
(malware.rules)
2034200 - ET EXPLOIT TerraMaster TOS RCE via OS Command Injection Inbound
(CVE-2020-28188) (exploit.rules)

[---] Removed rules: [---]

2043296 - ET MALWARE OneNote Notebook Downloaded via Powershell
(malware.rules)

---------------------------------------

James Emery-Callcott
Security Researcher | ProofPoint Inc | Emerging Threats Team

Date:

Monday, January 16, 2023

Summary title:

4 new OPEN, 5 new PRO (4 + 1)