Ruleset Update Summary - 2023/04/14 - v10298

rulesbot · April 14, 2023, 9:59pm

Summary:

20 new OPEN, 21 new PRO (20 + 1)

Thanks @ThreatBookLabs, @500mk500

Added rules:

Open:

2044942 - ET MALWARE IcedID CnC Domain in DNS Lookup (askamoshopsi .com) (malware.rules)
2044943 - ET MALWARE IcedID CnC Domain in DNS Lookup (sithoparka .com) (malware.rules)
2044944 - ET MALWARE IcedID CnC Domain in DNS Lookup (tadernost .com) (malware.rules)
2044945 - ET MALWARE IcedID CnC Domain in DNS Lookup (abigelofraj .com) (malware.rules)
2044946 - ET MALWARE IcedID CnC Domain in DNS Lookup (beepkauftagers .com) (malware.rules)
2044947 - ET MALWARE IcedID CnC Domain in DNS Lookup (yhorneedminf .com) (malware.rules)
2044948 - ET MALWARE IcedID CnC Domain in DNS Lookup (troffyfrutlot .com) (malware.rules)
2044949 - ET INFO DYNAMIC_DNS Query to a *.dmb .hk Domain (info.rules)
2044950 - ET INFO DYNAMIC_DNS HTTP Request to a *.dmb .hk Domain (info.rules)
2044951 - ET INFO DYNAMIC_DNS Query to a *.blackbeltmail .se Domain (info.rules)
2044952 - ET INFO DYNAMIC_DNS HTTP Request to a *.blackbeltmail .se Domain (info.rules)
2044953 - ET INFO DYNAMIC_DNS Query to a *.hkieca .com Domain (info.rules)
2044954 - ET INFO DYNAMIC_DNS HTTP Request to a *.hkieca .com Domain (info.rules)
2044955 - ET MALWARE Tick Group APT Activity (GET) (malware.rules)
2044956 - ET MALWARE Donot Domain in DNS Lookup (dripgift .live) (malware.rules)
2044957 - ET MALWARE TA569 Keitaro TDS Domain in DNS Lookup (jquery0 .com) (malware.rules)
2044958 - ET MALWARE TA569 Keitaro TDS Domain in DNS Lookup (jquery01 .com) (malware.rules)
2044959 - ET MALWARE TA569 Keitaro TDS Domain in DNS Lookup (jquery-bin .com) (malware.rules)
2044960 - ET MALWARE Win32/TrojanDropper.Agent.SSQ Variant Checkin (malware.rules)
2044961 - ET WEB_CLIENT TA569 Keitaro TDS Domain in DNS Lookup (getquery .org) (web_client.rules)

Pro:

2854179 - ETPRO MALWARE TA452 (Lyceum) Related Backdoor Activity (GET) (malware.rules)

Enabled and modified rules:

2854155 - ETPRO MALWARE Qbot Style Payload Response - Encrypted Zip M2 (malware.rules)

Modified inactive rules:

2829356 - ETPRO INFO Observed Dynamic DNS Domain (*.linkpc .net) (info.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/09/27 - v10426 Ruleset Updates	248	September 27, 2023
Ruleset Update Summary - 2023/07/18 - v10374 Ruleset Updates	200	July 18, 2023
Ruleset Update Summary - 2023/04/27 - v10309 Ruleset Updates	247	April 27, 2023
Ruleset Update Summary - 2023/10/02 - v10430 Ruleset Updates	240	October 2, 2023
Ruleset Update Summary - 2023/07/25 - v10379 Ruleset Updates	231	July 25, 2023

Ruleset Update Summary - 2023/04/14 - v10298

Summary:

Added rules:

Open:

Pro:

Enabled and modified rules:

Modified inactive rules:

Related Topics