Daily Ruleset Update Summary 2023/01/17

Daily Ruleset Update Summary

[***] Summary: [***]

6 new OPEN, 14 new PRO (6 + 8) Magecart, Emotet, Ursnif, Mirai,
Various Coinminers, and more.

Thanks @Malwarebytes, and @malwrhunterteam

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2043307 - ET MALWARE Magecart Skimmer Domain in DNS Lookup
(magento-cdn .net) (malware.rules)
2043308 - ET MALWARE Win32/Emotet CnC Activity M9 (POST) (malware.rules)
2043309 - ET MALWARE Observed DNS Query to Mirai Domain
(miraistealer .xyz) (malware.rules)
2043310 - ET HUNTING DDoS-Guard Hosted Content (hunting.rules)
2043311 - ET MALWARE Magecart Loader Javascript (malware.rules)
2043312 - ET MALWARE Magecart Skimmer CSS (malware.rules)

Pro:

2853046 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-01-17 1) (coinminer.rules)
2853047 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-01-17 2) (coinminer.rules)
2853048 - ETPRO MALWARE Win32/Remcos RAT Checkin 858 (malware.rules)
2853049 - ETPRO INFO Powershell in DNS TXT Record Response (info.rules)
2853050 - ETPRO INFO MSP360 Backup Service Domain in DNS Lookup (info.rules)
2853051 - ETPRO INFO Observed MSP360 Backup Service Domain
(mspbackups .com in TLS SNI) (info.rules)
2853052 - ETPRO MALWARE DarkCloudBot Stealer Exfil via Telegram M2
(malware.rules)
2853053 - ETPRO MALWARE Ursnif TDS URI pattern observed (malware.rules)

[///] Modified active rules: [///]

2849591 - ETPRO MALWARE DarkCloudBot Stealer Exfil via Telegram M1
(malware.rules)

Date:

Tuesday, January 17, 2023

Summary title:

6 new OPEN, 14 new PRO (6 + 8) Magecart, Emotet, Ursnif, Mirai, Various Coinminers, and more.