Ruleset Update Summary - 2023/06/01 - v10337

rulesbot · June 1, 2023, 9:21pm

Summary:

67 new OPEN, 80 new PRO (67 + 13)

Added rules:

Open:

2043233 - ET INFO Microsoft net.tcp Connection Initialization Activity (info.rules)
2045981 - ET INFO DYNAMIC_DNS Query to a *.camdvr .org Domain (info.rules)
2045982 - ET INFO DYNAMIC_DNS HTTP Request to a *.camdvr .org Domain (info.rules)
2045983 - ET INFO DYNAMIC_DNS Query to a *.casacam .net Domain (info.rules)
2045984 - ET INFO DYNAMIC_DNS HTTP Request to a *.casacam .net Domain (info.rules)
2045985 - ET INFO DYNAMIC_DNS Query to a *.webredirect .org Domain (info.rules)
2045986 - ET INFO DYNAMIC_DNS HTTP Request to a *.webredirect .org Domain (info.rules)
2045987 - ET INFO DYNAMIC_DNS Query to a *.mywire .org Domain (info.rules)
2045988 - ET INFO DYNAMIC_DNS HTTP Request to a *.mywire .org Domain (info.rules)
2045989 - ET INFO DYNAMIC_DNS Query to a *.1cooldns .com Domain (info.rules)
2045990 - ET INFO DYNAMIC_DNS HTTP Request to a *.1cooldns .com Domain (info.rules)
2045991 - ET INFO DYNAMIC_DNS Query to a *.gleeze .com Domain (info.rules)
2045992 - ET INFO DYNAMIC_DNS HTTP Request to a *.gleeze .com Domain (info.rules)
2045993 - ET INFO DYNAMIC_DNS Query to a *.kozow .com Domain (info.rules)
2045994 - ET INFO DYNAMIC_DNS HTTP Request to a *.kozow .com Domain (info.rules)
2045995 - ET INFO DYNAMIC_DNS Query to a *.dynuddns .net Domain (info.rules)
2045996 - ET INFO DYNAMIC_DNS HTTP Request to a *.dynuddns .net Domain (info.rules)
2045997 - ET INFO DYNAMIC_DNS Query to a *.ooguy .com Domain (info.rules)
2045998 - ET INFO DYNAMIC_DNS HTTP Request to a *.ooguy .com Domain (info.rules)
2045999 - ET INFO DYNAMIC_DNS Query to a *.mysynology .net Domain (info.rules)
2046000 - ET INFO DYNAMIC_DNS HTTP Request to a *.mysynology .net Domain (info.rules)
2046001 - ET INFO DYNAMIC_DNS Query to a *.ddnsfree .com Domain (info.rules)
2046002 - ET INFO DYNAMIC_DNS HTTP Request to a *.ddnsfree .com Domain (info.rules)
2046003 - ET INFO DYNAMIC_DNS Query to a *.bumbleshrimp .com Domain (info.rules)
2046004 - ET INFO DYNAMIC_DNS HTTP Request to a *.bumbleshrimp .com Domain (info.rules)
2046005 - ET INFO DYNAMIC_DNS Query to a *.freeddns .org Domain (info.rules)
2046006 - ET INFO DYNAMIC_DNS HTTP Request to a *.freeddns .org Domain (info.rules)
2046007 - ET INFO DYNAMIC_DNS Query to a *.theworkpc .com Domain (info.rules)
2046008 - ET INFO DYNAMIC_DNS HTTP Request to a *.theworkpc .com Domain (info.rules)
2046009 - ET INFO DYNAMIC_DNS Query to a *.ddnsgeek .com Domain (info.rules)
2046010 - ET INFO DYNAMIC_DNS HTTP Request to a *.ddnsgeek .com Domain (info.rules)
2046011 - ET INFO DYNAMIC_DNS Query to a *.dynuddns .com Domain (info.rules)
2046012 - ET INFO DYNAMIC_DNS HTTP Request to a *.dynuddns .com Domain (info.rules)
2046013 - ET INFO DYNAMIC_DNS Query to a *.4cloud .click Domain (info.rules)
2046014 - ET INFO DYNAMIC_DNS HTTP Request to a *.4cloud .click Domain (info.rules)
2046015 - ET INFO DYNAMIC_DNS Query to a *.giize .com Domain (info.rules)
2046016 - ET INFO DYNAMIC_DNS HTTP Request to a *.giize .com Domain (info.rules)
2046017 - ET INFO DYNAMIC_DNS Query to a *.ddnsguru .com Domain (info.rules)
2046018 - ET INFO DYNAMIC_DNS HTTP Request to a *.ddnsguru .com Domain (info.rules)
2046019 - ET INFO DYNAMIC_DNS Query to a *.accesscam .org Domain (info.rules)
2046020 - ET INFO DYNAMIC_DNS HTTP Request to a *.accesscam .org Domain (info.rules)
2046021 - ET INFO DYNAMIC_DNS Query to a *.loseyourip .com Domain (info.rules)
2046022 - ET INFO DYNAMIC_DNS HTTP Request to a *.loseyourip .com Domain (info.rules)
2046023 - ET INFO DYNAMIC_DNS Query to a *.hmail .us Domain (info.rules)
2046024 - ET INFO DYNAMIC_DNS HTTP Request to a *.hmail .us Domain (info.rules)
2046025 - ET INFO DYNAMIC_DNS Query to a *.theserver .tk Domain (info.rules)
2046026 - ET INFO DYNAMIC_DNS HTTP Request to a *.theserver .tk Domain (info.rules)
2046027 - ET INFO DYNAMIC_DNS Query to a *.kstar .us Domain (info.rules)
2046028 - ET INFO DYNAMIC_DNS HTTP Request to a *.kstar .us Domain (info.rules)
2046029 - ET INFO DYNAMIC_DNS Query to a *.yozh .us Domain (info.rules)
2046030 - ET INFO DYNAMIC_DNS HTTP Request to a *.yozh .us Domain (info.rules)
2046031 - ET INFO DYNAMIC_DNS Query to a *.ugli .se Domain (info.rules)
2046032 - ET INFO DYNAMIC_DNS HTTP Request to a *.ugli .se Domain (info.rules)
2046033 - ET INFO DYNAMIC_DNS Query to a *.oc .com .ar Domain (info.rules)
2046034 - ET INFO DYNAMIC_DNS HTTP Request to a *.oc .com .ar Domain (info.rules)
2046035 - ET INFO DYNAMIC_DNS Query to a *.pleasecome .in Domain (info.rules)
2046036 - ET INFO DYNAMIC_DNS HTTP Request to a *.pleasecome .in Domain (info.rules)
2046037 - ET INFO DYNAMIC_DNS Query to a *.ltu .one .pl Domain (info.rules)
2046038 - ET INFO DYNAMIC_DNS HTTP Request to a *.ltu .one .pl Domain (info.rules)
2046039 - ET INFO DYNAMIC_DNS Query to a *.kolody .net Domain (info.rules)
2046040 - ET INFO DYNAMIC_DNS HTTP Request to a *.kolody .net Domain (info.rules)
2046041 - ET INFO DYNAMIC_DNS Query to a *.jweststudio .com Domain (info.rules)
2046042 - ET INFO DYNAMIC_DNS HTTP Request to a *.jweststudio .com Domain (info.rules)
2046043 - ET INFO DYNAMIC_DNS Query to a *.pgdotocec .org Domain (info.rules)
2046044 - ET INFO DYNAMIC_DNS HTTP Request to a *.pgdotocec .org Domain (info.rules)
2046045 - ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) (malware.rules)
2046046 - ET MALWARE [ANY.RUN] PikaBot Related Activity (GET) (malware.rules)

Pro:

2854462 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2854463 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2854464 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2854465 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2854466 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2854467 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2854468 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2854469 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2854470 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2854471 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2854472 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2854473 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2854474 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Modified inactive rules:

2003006 - ET POLICY TLS/SSL Client Key Exchange on Unusual Port (policy.rules)

Removed rules:

2043233 - ET MALWARE RedLine Stealer TCP CnC net.tcp Init (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/11/15 - v10466 Ruleset Updates	507	November 15, 2023
Ruleset Update Summary - 2023/08/16 - v10395 Ruleset Updates	174	August 16, 2023
Ruleset Update Summary - 2024/04/22 - v10580 Ruleset Updates	160	April 22, 2024
Ruleset Update Summary - 2023/05/17 - v10325 Ruleset Updates	244	May 17, 2023
Ruleset Update Summary - 2023/08/25 - v10403 Ruleset Updates	377	August 25, 2023

Ruleset Update Summary - 2023/06/01 - v10337

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Removed rules:

Related Topics