Fresh off her standing-room-only session at #ProofpointProtect Chicago, Genina Po, @EmergingThreats researcher, joined @selenalarson for a new DISCARDED podcast.
Hear how she tackles emerging threats, breaking down the process of turning data into detection signatures.
Stream the episode now on your favorite podcast-listening platform.
Apple Podcasts: https://ow.ly/ShgK50U8c5J
Spotify: https://ow.ly/Q4Y450U8c5I
Web: https://ow.ly/9itr50U8c5H
Help us help you! We're always working to enhance the rulesets with metadata tags to add further clarity or triaging context. With his post on our
@mitreattack tags, @ozurie asks how you're using our current tagging schema and how we might improve it!
Hey folks, I am in the process of populating our internal tooling with as much relevant MITRE ATT&CK (enterprise-attack for now) metadata as possible so that we can flesh out existing rules as well as our new rules with more accurate tactics & techniques. On Friday there were 63 new metadata additions added to the database fuelling our signature management platform (making them available to rule writers) and I am now retroactively applying this metadata to older rules where I can. Today, I ha...
The ET Team is proud to announce our support for #Suricata 7.0.3 with a newly updated and uplifted ruleset! Learn more here:
https://community.emergingthreats.net/t/announcing-support-for-suricata-7-0-3/1735
Emerging Threats PRO/OPEN Ruleset 7.0.3 Now Available Greetings! The ET team is pleased to announce formal support for Suricata 7.0.3! Starting with last night’s rule push we’ve forked our existing ruleset and are offering those rules for download to our customers (ETPRO) and the Community (ET Open). How to Download the new Ruleset The instructions for acquiring this new ruleset are nearly identical to previous versions of the Suricata ruleset. For those who manually download the ETOPEN ruleset...
Investigation Scenario 🔎
You’ve received a Suricata alert indicating the presence of the Kazuar backdoor. See the image/alt-text for the detection rule.
What do you look for to investigate whether an incident occurred?
27 new OPEN, 27 new PRO (27 + 0)
FakeExt, EvasivePanda, NGC2180/DFKRAT
@krollwire , @ESETresearch , @xforce
https://community.emergingthreats.net/t/ruleset-update-summary-2024-03-07-v10547/1441
Summary: 27 new OPEN, 27 new PRO (27 + 0) Thanks @KrollWire, @ESET, @XForce Added rules: Open: 2051516 - ET MALWARE Splinter Red Team Tool Activity (malware.rules) 2051517 - ET INFO DNS Related Tools Domain in DNS Lookup (viewdns .net) (info.rules) 2051518 - ET INFO Observed DNS Related Tools Domain (viewdns .net in TLS SNI) (info.rules) 2051519 - ET MALWARE EvasivePanda/Daggerfly APT CnC Domain in DNS Lookup (devicebug .com) (malware.rules) 2051520 - ET MALWARE Observed EvasivePanda/Daggerf...
29 new OPEN, 36 new PRO (29 + 7)
Lumma Stealer, PlanetStealer, SocGholish
Thanks
@russianpanda9xx , @jane_0sint
https://community.emergingthreats.net/t/ruleset-update-summary-2024-03-05-v10545/1435
Summary: 29 new OPEN, 36 new PRO (29 + 7) Thanks @RussianPanda9xx, @Jane0sint Added rules: Open: 2051468 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (developmentalveiop .homes) (malware.rules) 2051469 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (unhappytidydryypwto .shop) (malware.rules) 2051470 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lighterepisodeheighte .fun) (malware.rules) 2051471 - ET MALWARE Lumma Stealer Related CnC Domain in DNS L...
New episode of DISCARDED! We're joined by the amazing Isaac Shaugnessy to talk about his research into information stealers and the unique distribution methods and use of various social platforms/forums for C2. There is also much love for @EmergingThreats team and the amazing community of people who help surface threats!
Tune in wherever you get your podcasts.
Apple: https://lnkd.in/ewg_q7mR
Spotify: https://lnkd.in/ejKF5_9G
Spreaker: https://lnkd.in/ei9PGEyW
49 new OPEN, 49 new PRO (49 + 0) Elusive Stealer, ZPHP, TA569, and generic malware
Thanks @withgenians on twitter, @suyog41 !
https://community.emergingthreats.net/t/ruleset-update-summary-2024-02-22-v10538/1399
Summary: 49 new OPEN, 49 new PRO (49 + 0) Thanks @WithGENIANS, @suyog41 Added rules: Open: 2051027 - ET MALWARE DNS Query to Malicious Domain (countrysvc .pe .kr) (malware.rules) 2051028 - ET MALWARE DNS Query to Malicious Domain (kakaoteam .site) (malware.rules) 2051029 - ET MALWARE DNS Query to Malicious Domain (naverscorp .shop) (malware.rules) 2051030 - ET MALWARE DNS Query to Malicious Domain (mofamail .shop) (malware.rules) 2051031 - ET MALWARE DNS Query to Malicious Domain (ned .newno...
Hello, Mastodon community! 👋
Proofpoint's threat research team is officially here—we'll be sure to keep you updated on the threats we're seeing and monitoring across the landscape.
For now, we are thrilled to share the ✨50th✨ episode of DISCARDED, a Proofpoint #podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about threat behaviors and attack patterns.
In this can't-miss installment, Katie Nickels (@likethecoins) of Red Canary tackles CTI's biggest questions.
Tune in now wherever you stream your podcasts.
Website: https://ow.ly/kwFI50QEky1
Spotify: https://ow.ly/rCI050QEky8
Apple: https://ow.ly/Z74m50QEky2
Threat Insight
Selena Larson
Chris Sanders 🔎 🧠