Ruleset Update Summary - 2023/05/30 - v10335

rulesbot · May 30, 2023, 9:04pm

Summary:

94 new OPEN, 96 new PRO (94 + 2)

Thanks @0xToxin, @sucurisecurity

Added rules:

Open:

2045879 - ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Password Reset Attempt (CVE-2023-32243) (web_specific_apps.rules)
2045880 - ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Successful Password Reset (CVE-2023-32243) (web_specific_apps.rules)
2045881 - ET MALWARE Wordpress - posts-layout (post-layout Doppelganger) Plugin Activation (malware.rules)
2045882 - ET WEB_SPECIFIC_APPS WordPress - Attempted Check for Malicious posts-layout (post-layout Doppelganger) Plugin (web_specific_apps.rules)
2045883 - ET WEB_SPECIFIC_APPS Wordpress - Successful Check for Malicious posts-layout (post-layout Doppelganger) Plugin - Infected Web Server (web_specific_apps.rules)
2045884 - ET EXPLOIT_KIT Observed Balada TDS Domain (scriptsplatform .com in TLS SNI) (exploit_kit.rules)
2045885 - ET ATTACK_RESPONSE Mana Tools-Lone Wolf Admin Panel Inbound (attack_response.rules)
2045886 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .209 .wf) (info.rules)
2045887 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .rkjha .com .np) (info.rules)
2045888 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .inforlogia .com) (info.rules)
2045889 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ivnkn .xyz) (info.rules)
2045890 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hoofoo .icu) (info.rules)
2045891 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .cynthialabs .net) (info.rules)
2045892 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn .gosami .xyz) (info.rules)
2045893 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (addguard .greenet .id) (info.rules)
2045894 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ngc7331 .top) (info.rules)
2045895 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .vpnglobal .my .id) (info.rules)
2045896 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .jstockley .com) (info.rules)
2045897 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .240527 .xyz) (info.rules)
2045898 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn .vokuev .org) (info.rules)
2045899 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns140 .zhhz .cc) (info.rules)
2045900 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bvo .giize .com) (info.rules)
2045901 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (www .aizi .app) (info.rules)
2045902 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .supercluster .io) (info.rules)
2045903 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .rowdyengeesje .nl) (info.rules)
2045904 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (link .altapo .ru) (info.rules)
2045905 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ora .yingroad .top) (info.rules)
2045906 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .uplenk .com) (info.rules)
2045907 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .apad .pro) (info.rules)
2045908 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adb-home .xaoimoon .fr) (info.rules)
2045909 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adtec .aidentec .top) (info.rules)
2045910 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (privacy .plumedns .com) (info.rules)
2045911 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .agadez .net) (info.rules)
2045912 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cloud .samutz .com) (info.rules)
2045913 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (chaos .altendorfme .com) (info.rules)
2045914 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .23-4 .cn) (info.rules)
2045915 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (storydoh .kinergetica .com) (info.rules)
2045916 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .ebner .tech) (info.rules)
2045917 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn .jogjacloud .com) (info.rules)
2045918 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .yameenassotally .com) (info.rules)
2045919 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (hermes .ohai .ca) (info.rules)
2045920 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .crownor .com) (info.rules)
2045921 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .safeith .com) (info.rules)
2045922 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .gambini .org) (info.rules)
2045923 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .decisivedevops .com) (info.rules)
2045924 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .aaronplayzgaming .com) (info.rules)
2045925 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .vishalk .com) (info.rules)
2045926 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .worthmind .net) (info.rules)
2045927 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns2 .gms .net .id) (info.rules)
2045928 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns168 .zhhz .cc) (info.rules)
2045929 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .purbalinggakab .go .id) (info.rules)
2045930 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .flwagners .com) (info.rules)
2045931 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .webstor .net) (info.rules)
2045932 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .cryptomize .com) (info.rules)
2045933 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (agh .xinfeng16m .top) (info.rules)
2045934 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .sev .monster) (info.rules)
2045935 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .privado .ovh) (info.rules)
2045936 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .jinwoo .dev) (info.rules)
2045937 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (arashi .eu .org) (info.rules)
2045938 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (appart .yoannchappaz .best) (info.rules)
2045939 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .4-the .win) (info.rules)
2045940 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .acrobyte .org) (info.rules)
2045941 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (darya .persiannit .net) (info.rules)
2045942 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .30x .me) (info.rules)
2045943 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .foximao .cn) (info.rules)
2045944 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .yamamoto .ren) (info.rules)
2045945 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .zxi7 .cn) (info.rules)
2045946 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (open-resolver1 .unima .ac .id) (info.rules)
2045947 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .cretu .xyz) (info.rules)
2045948 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns-public .ibakerserver .pt) (info.rules)
2045949 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .moeyk .com) (info.rules)
2045950 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .5ive .net) (info.rules)
2045951 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .yunmoc .top) (info.rules)
2045952 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adg .rokh .biz) (info.rules)
2045953 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .goldplate .org) (info.rules)
2045954 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .nielsdb .be) (info.rules)
2045955 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .spaceindex .net) (info.rules)
2045956 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (www .91557 .cn) (info.rules)
2045957 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .tipsy .coffee) (info.rules)
2045958 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ams .nl .agh-dns .net) (info.rules)
2045959 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .techeasy .org) (info.rules)
2045960 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (140 .238 .202 .136 .sslip .io) (info.rules)
2045961 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (www .nilanjan .rocks) (info.rules)
2045962 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .1 .bsh4 .com) (info.rules)
2045963 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .timochan .cn) (info.rules)
2045964 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (v2 .xm706v .com) (info.rules)
2045965 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (killads .vpms .xyz) (info.rules)
2045966 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .tracker .ink) (info.rules)
2045967 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .glorydns .com) (info.rules)
2045968 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .spyrisk .fr) (info.rules)
2045969 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (cancelledfirestarter .org) (exploit_kit.rules)
2045970 - ET MALWARE SocGholish Domain in DNS Lookup (deploy .vanquicktech .com) (malware.rules)
2045971 - ET MALWARE SocGholish Domain in DNS Lookup (practices .bodyandsoulmassage .com) (malware.rules)
2045972 - ET MALWARE SocGholish Domain in DNS Lookup (old .onepercentage .org) (malware.rules)

Pro:

2854444 - ETPRO WEB_SPECIFIC_APPS Wordpress Plugin Installation Request M1 (web_specific_apps.rules)
2854445 - ETPRO WEB_SPECIFIC_APPS Wordpress Plugin Installation Request M2 (web_specific_apps.rules)

Disabled and modified rules:

2040349 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (e4c0660414bf .eu .ngrok .io) (malware.rules)
2041123 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .me) (malware.rules)
2041125 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .net) (malware.rules)
2045026 - ET MALWARE Observed DNS Query to Gamaredon Domain (aydoganpo .ru) (malware.rules)
2045027 - ET MALWARE Observed DNS Query to Gamaredon Domain (aktanpo .ru) (malware.rules)
2045028 - ET MALWARE Observed DNS Query to Gamaredon Domain (aytashpo .ru) (malware.rules)
2045029 - ET MALWARE Observed DNS Query to Gamaredon Domain (nalogw .ru) (malware.rules)
2045030 - ET MALWARE Observed DNS Query to Gamaredon Domain (aytyurkpo .ru) (malware.rules)
2045031 - ET MALWARE Observed DNS Query to Gamaredon Domain (baharas .ru) (malware.rules)
2045032 - ET MALWARE Observed DNS Query to Gamaredon Domain (lefant .ru) (malware.rules)
2045033 - ET MALWARE Observed DNS Query to Gamaredon Domain (agakiypo .ru) (malware.rules)
2045034 - ET MALWARE Observed DNS Query to Gamaredon Domain (agastanpo .ru) (malware.rules)
2045037 - ET MALWARE Observed DNS Query to Nemesis Domain (deveparty .com) (malware.rules)
2852661 - ETPRO MALWARE TA4563 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/12/05 - v10479 Ruleset Updates	592	December 5, 2023
Ruleset Update Summary - 2023/05/31 - v10336 Ruleset Updates	277	May 31, 2023
Ruleset Update Summary - 2025/01/17 - v10840 Ruleset Updates	139	January 17, 2025
Ruleset Update Summary - 2023/10/23 - v10446 Ruleset Updates	513	October 23, 2023
Ruleset Update Summary - 2024/11/19 - v10745 Ruleset Updates	135	November 19, 2024

Ruleset Update Summary - 2023/05/30 - v10335

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics