Ruleset Update Summary - 2023/06/22 - v10356

Ruleset Updates
1

Summary:

132 new OPEN, 149 new PRO (132 + 17)

Added rules:

Open:

  • 2046502 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046503 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046504 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046505 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046506 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046507 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046508 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046509 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046510 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046511 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046512 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046513 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046514 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046515 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046516 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046517 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046518 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046519 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046520 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046521 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046522 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046523 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046524 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046525 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046526 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046527 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046528 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046529 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046530 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046531 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046532 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046533 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046534 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046535 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046536 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046537 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046538 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046539 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046540 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046541 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046542 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046543 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046544 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046545 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046546 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046547 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046548 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046549 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046550 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046551 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046552 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046553 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046554 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046555 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046556 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046557 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046558 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046559 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046560 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046561 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046562 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046563 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046564 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046565 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046566 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046567 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046568 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046569 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046570 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046571 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046572 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046573 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046574 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046575 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046576 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046577 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046578 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046579 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046580 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046581 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046582 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046583 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046584 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046585 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046586 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046587 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046588 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046589 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046590 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046591 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046592 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046593 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046594 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046595 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046596 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046597 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046598 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046599 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046600 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046601 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046602 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046603 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046604 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046605 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046606 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
  • 2046607 - ET MALWARE IcedID CnC Domain in DNS Lookup (nerfgamesarche .com) (malware.rules)
  • 2046608 - ET MALWARE IcedID CnC Domain in DNS Lookup (kojgimagi .com) (malware.rules)
  • 2046609 - ET INFO DYNAMIC_DNS Query to a *.ast .my Domain (info.rules)
  • 2046610 - ET INFO DYNAMIC_DNS HTTP Request to a *.ast .my Domain (info.rules)
  • 2046611 - ET INFO DYNAMIC_DNS Query to a *.nex .sh Domain (info.rules)
  • 2046612 - ET INFO DYNAMIC_DNS HTTP Request to a *.nex .sh Domain (info.rules)
  • 2046613 - ET MALWARE Observed Glupteba CnC Domain (deepsound .live in TLS SNI) (malware.rules)
  • 2046614 - ET MALWARE Observed Glupteba CnC Domain (biggames .online in TLS SNI) (malware.rules)
  • 2046615 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2046616 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
  • 2046617 - ET MALWARE Suspected Kimsuky Activity (POST) (malware.rules)
  • 2046618 - ET MALWARE Suspected Kimsuky Related Activity (set) (malware.rules)
  • 2046619 - ET MALWARE Suspected Kimsuky Related Activity (Response) (malware.rules)
  • 2046620 - ET PHISHING Obfuscated MrxC0DER Credential Phish Landing Page (phishing.rules)
  • 2046621 - ET PHISHING Generic Obfuscated Sign In Landing Page 2023-06-22 (phishing.rules)
  • 2046622 - ET MALWARE Possible DarkFinger Payload Retrieval Attempt - nc10 (malware.rules)
  • 2046623 - ET MALWARE Possible DarkFinger Payload Retrieval Attempt - ps10 (malware.rules)
  • 2046624 - ET MALWARE Possible DarkFinger ipconfig Retrieval Attempt (malware.rules)
  • 2046625 - ET MALWARE Possible DarkFinger tasklist Retrieval attempt (malware.rules)
  • 2046626 - ET MALWARE Win32/RedEnergy System Information Retrieval Attempt (malware.rules)
  • 2046627 - ET HUNTING Possible Node.js REPL Shell Banner - Reverse Shell (hunting.rules)
  • 2046628 - ET HUNTING Possible Node.js REPL Shell Banner - Bind Shell (hunting.rules)
  • 2046629 - ET MALWARE SocGholish Domain in DNS Lookup (described .moraver .com) (malware.rules)
  • 2046630 - ET MALWARE SocGholish Domain in DNS Lookup (inside .awesomepotions .com) (malware.rules)
  • 2046631 - ET MALWARE SocGholish Domain in DNS Lookup (artwork .siddavisart .com) (malware.rules)
  • 2046632 - ET MALWARE SocGholish Domain in DNS Lookup (brands .shopperstreets .com) (malware.rules)
  • 2046633 - ET MALWARE SocGholish Domain in DNS Lookup (career .humandesigns .com) (malware.rules)

Pro:

  • 2854655 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854656 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2854657 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854658 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2854659 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2854660 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2854661 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2854662 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2854663 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2854664 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2854665 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2854666 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2854667 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2854668 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2854669 - ETPRO EXPLOIT_KIT NetSupport Rat Domain in DNS Lookup (exploit_kit.rules)
  • 2854670 - ETPRO EXPLOIT_KIT NetSupport RAT Enjoy Smiley Web Dropper (exploit_kit.rules)
  • 2854671 - ETPRO MALWARE SnitchMoney OneDrive Impersonation Download URL (malware.rules)