Daily Ruleset Update Summary 2023/03/06

[***] Summary: [***]

19 new OPEN, 20 new PRO (19 + 1)

Thanks @malPileDiver, @Cyber0verload, @uptycs, @Fortinet, @h2jazi

The Emerging Threats mailing list is migrating to Discourse. Please
visit us at https://community.emergingthreats.net

The mailing list is being retired on April 3, 2023.

[+++] Added rules: [+++]

Open:

2044434 - ET INFO File Sharing Related Domain in DNS Lookup
(zippyshare .com) (info.rules)
2044435 - ET INFO File Sharing Related Domain in HTTP Request
(zippyshare .com) (info.rules)
2044436 - ET INFO Observed File Sharing Domain (zippyshare .com in
TLS SNI) (info.rules)
2044437 - ET MALWARE Maldoc Related Domain in DNS Lookup
(nationalweatherserviceapp .com) (malware.rules)
2044438 - ET MALWARE Win32/VBS Backdoor Sending System Information
(POST) (malware.rules)
2044439 - ET MALWARE Observed DNS Query to Gamaredon Domain (payampo
.ru) (malware.rules)
2044440 - ET MALWARE Observed DNS Query to Gamaredon Domain (osmanpo
.ru) (malware.rules)
2044441 - ET MALWARE Observed DNS Query to Gamaredon Domain
(muhsingo .ru) (malware.rules)
2044442 - ET MALWARE Observed DNS Query to Gamaredon Domain
(myuridgo .ru) (malware.rules)
2044443 - ET MALWARE Observed DNS Query to Gamaredon Domain (ogtaypi
.ru) (malware.rules)
2044444 - ET MALWARE Observed DNS Query to Gamaredon Domain
(orduhanpi .ru) (malware.rules)
2044445 - ET MALWARE Observed DNS Query to Gamaredon Domain
(muhtargo .ru) (malware.rules)
2044446 - ET INFO Wordpress Error, Cannot modify header information
- headers already sent by (info.rules)
2044447 - ET PHISHING PUBG Credential Phish 2023-03-06 (phishing.rules)
2044448 - ET PHISHING Roblox Credential Phish 2023-03-06 (phishing.rules)
2044449 - ET MALWARE Parallax CnC Activity M18 (set) (malware.rules)
2044450 - ET MALWARE Parallax CnC Response Activity M18 (malware.rules)
2044451 - ET MALWARE Lockbit Ransomware Related Domain
(poliovocalist .com) in DNS Lookup (malware.rules)
2044452 - ET ADWARE_PUP Win32/Pearfoos.B!ml Checkin (adware_pup.rules)

Pro:

2853629 - ETPRO HUNTING Base64 Encoded EXE Content-Type Mismatch
(image/jpeg) (hunting.rules)

[---] Disabled and modified rules: [---]

2033998 - ET INFO Outdated Browser Landing Page M3 (info.rules)
2035551 - ET MALWARE Suspected Mustang Panda APT Related Activity
(GET) (malware.rules)
2035552 - ET MALWARE Mustang Panda APT Related Activity (GET) (malware.rules)
2850089 - ETPRO PHISHING BulletProofLink Form POST M2 (phishing.rules)