Ruleset Update Summary - 2023/05/25 - v10332

rulesbot · May 25, 2023, 9:03pm

Summary:

10 new OPEN, 24 new PRO (10 + 14)

Thanks @Jane_0sint, @anyrun_app

There will not be a signature release Monday, May 29, 2023 due to a US holiday.

2016810 - ET INFO Tor2Web .onion Proxy Service SSL Cert (2) (info.rules)
2022815 - ET INFO Possible SQLi Attempt in User Agent (Outbound) (info.rules)
2027201 - ET INFO Explorer Shell CLSID COM Object Call Method Inbound via TCP (info.rules)
2045864 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ric .openbld .net) (info.rules)
2045865 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ada .openbld .net) (info.rules)
2045866 - ET MALWARE Bandit Stealer Data Exfiltration Attempt (malware.rules)
2045867 - ET MALWARE Bandit Stealer Reporting Attempt (malware.rules)
2045868 - ET MALWARE [ANY.RUN] WhiteSnake Stealer Reporting Request (Outbound) (malware.rules)
2045869 - ET MALWARE WhiteSnake Stealer Telegram Checkin (malware.rules)
2045870 - ET MALWARE SocGholish Domain in DNS Lookup (strategy .transversalgroup .co) (malware.rules)

2804589 - ETPRO INFO HTTP POST on port 53 DNS (info.rules)
2806057 - ETPRO INFO File Sharing Service SSL Certificate detected (info.rules)
2806289 - ETPRO INFO RemoteAdmin Win32.Ammyy.z Checkin (info.rules)
2806798 - ETPRO INFO XenArmor Password Recovery License Check/securityxploded retrieval UA (info.rules)
2807167 - ETPRO INFO Baidu Spider Crawler User-Agent Outbound (info.rules)
2809749 - ETPRO INFO WebDAV request for SysVol Outbound (info.rules)
2810515 - ETPRO INFO Elsinore ScreenConnect URI Struct (info.rules)
2814182 - ETPRO ADWARE_PUP Slimware Driver Updater Checkin (adware_pup.rules)
2816508 - ETPRO INFO Incog-Neato .onion Proxy Domain (info.rules)
2822023 - ETPRO INFO IP Check ip.tool.la (info.rules)
2832260 - ETPRO COINMINER Hashvault Monero Miner Pool Configuration File Downloaded (coinminer.rules)
2854405 - ETPRO MALWARE Suspected Kimsuky APT Related Activity (GET) (malware.rules)
2854406 - ETPRO MALWARE PureCrypter Loader Activity (malware.rules)
2854407 - ETPRO MALWARE PureCrypter Loader Activity (malware.rules)

2044242 - ET MALWARE SocGholish Domain in DNS Lookup (blockchain .shannongougenheim .com) (malware.rules)
2044554 - ET MALWARE SocGholish NetSupport CnC Domain in DNS Lookup (itugbjhb .xyz) (malware.rules)
2045176 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (greenpapers .org) (exploit_kit.rules)
2045199 - ET MALWARE TA453 Domain in DNS Lookup (update-windows-security .tk) (malware.rules)
2045200 - ET MALWARE TA453 Domain in DNS Lookup (sync-system-time .cf) (malware.rules)
2045201 - ET MALWARE TA453 Domain in DNS Lookup (oracle-java .cf) (malware.rules)
2045202 - ET MALWARE TA453 Domain in DNS Lookup (dns-iprecords .tk) (malware.rules)
2045286 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .score .symposiumhaiti .com) (malware.rules)
2045622 - ET MALWARE SocGholish Domain in DNS Lookup (backroom .tauetaepsilon .org) (malware.rules)

2014471 - ET POLICY DRIVEBY Generic - EXE Download by Java (policy.rules)
2016810 - ET POLICY Tor2Web .onion Proxy Service SSL Cert (2) (policy.rules)
2022815 - ET POLICY Possible SQLi Attempt in User Agent (Outbound) (policy.rules)
2027201 - ET POLICY Explorer Shell CLSID COM Object Call Method Inbound via TCP (policy.rules)
2804589 - ETPRO POLICY HTTP POST on port 53 DNS (policy.rules)
2806057 - ETPRO POLICY 4shared SSL Certificate detected (policy.rules)
2806289 - ETPRO POLICY RemoteAdmin Win32.Ammyy.z Checkin (policy.rules)
2806798 - ETPRO POLICY XenArmor Password Recovery License Check/securityxploded retrieval UA (policy.rules)
2807167 - ETPRO POLICY Baidu Spider Crawler User-Agent (baiduspider) (policy.rules)
2809749 - ETPRO POLICY WebDAV request for SysVol Outbound (policy.rules)
2810515 - ETPRO POLICY Elsinore ScreenConnect URI Struct (policy.rules)
2814182 - ETPRO POLICY Slimware Driver Updater Checkin (policy.rules)
2816508 - ETPRO POLICY Incog-Neato .onion Proxy Domain (policy.rules)
2822023 - ETPRO POLICY IP Check ip.tool.la (policy.rules)
2832260 - ETPRO POLICY Hashvault Monero Miner Pool Configuration File Downloaded (policy.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/05/03 - v10315 Ruleset Updates	291	May 3, 2023
Ruleset Update Summary - 2023/05/26 - v10333 Ruleset Updates	326	May 26, 2023
Ruleset Update Summary - 2023/08/24 - v10402 Ruleset Updates	267	August 24, 2023
Ruleset Update Summary - 2023/11/07 - v10460 Ruleset Updates	337	November 7, 2023
Ruleset Update Summary - 2023/08/01 - v10385 Ruleset Updates	345	August 1, 2023