Ruleset Update Summary - 2023/06/07 - v10342

Ruleset Updates
1

Summary:

37 new OPEN, 37 new PRO (37 + 0)

Thanks @StopMalvertisin, @Jane_0sint

Added rules:

Open:

  • 2046131 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046132 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046133 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046134 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046135 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046136 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046137 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046138 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046139 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046140 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046141 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046142 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046143 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046144 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046145 - ET MOBILE_MALWARE Trojan/iOS Operation Triangulation CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046146 - ET MALWARE Sharp Panda APT Style RTF Request (GET) (malware.rules)
  • 2046147 - ET MALWARE Sharp Panda APT RTF Retrieval (Inbound) (malware.rules)
  • 2046148 - ET MALWARE Observed Sharp Panda APT Related Activity M2 (malware.rules)
  • 2046149 - ET HUNTING Default Tomcat JSP web.xml Observed - Possible CVE-2020-1938 Exploit Success (hunting.rules)
  • 2046150 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (Screenshot) (malware.rules)
  • 2046151 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (System Information) (malware.rules)
  • 2046152 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (Check-in) (malware.rules)
  • 2046153 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (Activity) (malware.rules)
  • 2046154 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Activity (END) (malware.rules)
  • 2046155 - ET MALWARE [ANY.RUN] Win32/ObserverStealer CnC Response (malware.rules)
  • 2046156 - ET MALWARE Possible MEME#4CHAN Exfil Activity (malware.rules)
  • 2046157 - ET MALWARE MEME#4CHAN Redirect Activity to Payload (malware.rules)
  • 2046158 - ET SCADA IEC-104 TESTFR (Test Frame) Activation (scada.rules)
  • 2046159 - ET SCADA IEC-104 TESTFR (Test Frame) Confirmation (scada.rules)
  • 2046160 - ET SCADA IEC-104 STARTDT (Start Data Transfer) Activation (scada.rules)
  • 2046161 - ET SCADA IEC-104 STARTDT (Start Data Transfer) Confirmation (scada.rules)
  • 2046162 - ET SCADA IEC-104 STOPDT (Stop Data Transfer) Activation (scada.rules)
  • 2046163 - ET SCADA IEC-104 STOPDT (Stop Data Transfer) Confirmation (scada.rules)
  • 2046164 - ET SCADA IEC-104 Station Interrogation - Global ASDU Broadcast (scada.rules)
  • 2046165 - ET SCADA IEC-104 Clock Synchronization Command (scada.rules)
  • 2046166 - ET MALWARE SocGholish Domain in DNS Lookup (illustrations .ipocla .org) (malware.rules)
  • 2046167 - ET MALWARE SocGholish Domain in DNS Lookup (wholesale .surewareusa .com) (malware.rules)