[***] Summary: [***]

14 new OPEN, 15 new PRO (14 + 1). SocGholish, Xpopup and various Phishing.

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

[+++] Added rules: [+++]

Open:

2044176 - ET MALWARE SocGholish CnC Domain in DNS Lookup (*
.distributor .techsavvyauto .com) (malware.rules)
2044177 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .picture
.mercedesbestphoto .store) (malware.rules)
2044178 - ET HUNTING Observed Query to .fyi TLD (hunting.rules)
2044179 - ET HUNTING Observed Query to .beauty TLD (hunting.rules)
2044180 - ET INFO Iperius Remote Related Domain in DNS Lookup (info.rules)
2044181 - ET INFO Observed Iperius Remote Domain in TLS SNI (info.rules)
2044182 - ET INFO ProvideSupport.com Related Domain in DNS Lookup
(papepritz .com) (info.rules)
2044183 - ET MALWARE Backdoored Xpopup Domain (xpopup .pe .kr) in
DNS Lookup (malware.rules)
2044184 - ET MALWARE Backdoored Xpopup Domain (xpopup .com) in DNS
Lookup (malware.rules)
2044185 - ET PHISHING AWS Phishing Domain (aws1-console-login .us)
in DNS Lookup (phishing.rules)
2044186 - ET PHISHING AWS Phishing Domain (us2-eat-a-w-s .blogspot
.com) in DNS Lookup (phishing.rules)
2044187 - ET PHISHING AWS Phishing Domain (aws1-us-west .info) in
DNS Lookup (phishing.rules)
2044188 - ET PHISHING AWS Phishing Domain (aws1-ec2-console .com) in
DNS Lookup (phishing.rules)
2044189 - ET PHISHING AWS Phishing Domain (aws2-console-login .xyz)
in DNS Lookup (phishing.rules)

Pro:

2853361 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline
(2023-02-10 1) (coinminer.rules)

[---] Disabled and modified rules: [---]

2027865 - ET INFO Observed DNS Query to .cloud TLD (info.rules)
2027874 - ET INFO HTTP Request to Suspicious *.cloud Domain (info.rules)