Ruleset Update Summary - 2023/05/15 - v10323

Ruleset Updates
1

Summary:

14 new OPEN, 46 new PRO (14 + 32)

Thanks @Gi7w0rm, @TLP_R3D, @suyog41

Added rules:

Open:

  • 2045694 - ET ATTACK_RESPONSE Amadey CnC Panel Inbound (attack_response.rules)
  • 2045695 - ET MALWARE DNS Query to SmokeLoader Domain (potunulit .org) (malware.rules)
  • 2045696 - ET MALWARE DNS Query to Glupteba Domain (geofaps .com) (malware.rules)
  • 2045697 - ET MALWARE DNS Query to Glupteba Domain (twopixis .com) (malware.rules)
  • 2045698 - ET MALWARE DNS Query to Glupteba Domain (cdneurops .health) (malware.rules)
  • 2045699 - ET MALWARE DNS Query to Glupteba Domain (beegolang .com) (malware.rules)
  • 2045700 - ET ADWARE_PUP DNS Query to Neoreklami (service-domain .xyz) (adware_pup.rules)
  • 2045701 - ET ADWARE_PUP DNS Query to Neoreklami (check-data .xyz) (adware_pup.rules)
  • 2045702 - ET ADWARE_PUP DNS Query to Neoreklami (vadimmqz .beget .tech) (adware_pup.rules)
  • 2045703 - ET MALWARE DNS Query to PekkaRat Domain (pekkarat .com) (malware.rules)
  • 2045704 - ET MALWARE Win32/Arid Gopher CnC Exfil (POST) (malware.rules)
  • 2045705 - ET ADWARE_PUP DNS Query to Neoreklami Domain (testupdate .info) (adware_pup.rules)
  • 2045706 - ET ADWARE_PUP DNS Query to Neoreklami Domain (133455789 .xyz) (adware_pup.rules)
  • 2045707 - ET PHISHING Greatness Phish Kit Landing Page M1 2023-05-15 (phishing.rules)

Pro:

  • 2854326 - ETPRO MALWARE Hawkish Eyes - Discord Checkin M1 (malware.rules)
  • 2854327 - ETPRO MALWARE Hawkish Eyes - Data Exfil via Discord (malware.rules)
  • 2854328 - ETPRO MALWARE Hawkish Eyes - Discord Checkin M2 (malware.rules)
  • 2854329 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2854330 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854331 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854332 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2854333 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2854334 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2854335 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2854336 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2854337 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2854338 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854339 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854340 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854341 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854342 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2854343 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854344 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854345 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2854346 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2854347 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2854348 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2854349 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2854350 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2854351 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854352 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854353 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854354 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854355 - ETPRO EXPLOIT_KIT Keitaro TDS Inject to Malicious NetSupport RAT (exploit_kit.rules)
  • 2854356 - ETPRO EXPLOIT_KIT Keitaro TDS Fake Update NetSupport Dropper (exploit_kit.rules)
  • 2854357 - ETPRO EXPLOIT_KIT DNS Query to Keitaro TDS to NetSupport RAT Domain (exploit_kit.rules)

Modified inactive rules:

  • 2810409 - ETPRO POLICY ge.tt file download (policy.rules)

Disabled and modified rules:

  • 2806888 - ETPRO POLICY DNS query to Dynamic Internet Technology Domains (Anti-Internet Censhorship) 2 (policy.rules)