Ruleset Update Summary - 2023/07/03 - v10363

rulesbot · July 3, 2023, 6:49pm

Summary:

6 new OPEN, 6 new PRO (6 + 0)

Thanks @StopMalvertisin, @elastic

Added rules:

Open:

2046716 - ET INFO IDrive Backup Connection (info.rules)
2046717 - ET MALWARE TA444 Related Domain in DNS Lookup (malware.rules)
2046718 - ET MALWARE Observed DuckTail Domain (techvibeo .com in TLS SNI) (malware.rules)
2046719 - ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M1 (web_specific_apps.rules)
2046720 - ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M2 (web_specific_apps.rules)
2046721 - ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M3 (web_specific_apps.rules)

Disabled and modified rules:

2023942 - ET MALWARE Possibly Malicious Base64 Unicode WebClient DownloadString M2 (malware.rules)
2031449 - ET MALWARE FormBook CnC Checkin (GET) (malware.rules)
2031453 - ET MALWARE FormBook CnC Checkin (GET) (malware.rules)
2032421 - ET PHISHING Successful Excel Online Phish 2016-01-06 (phishing.rules)
2032433 - ET PHISHING Successful Sign PDF Phish 2016-05-18 (phishing.rules)
2032434 - ET PHISHING Successful Facebook Phish 2016-05-18 (phishing.rules)
2032436 - ET PHISHING Successful Ebay Phish 2016-06-14 (phishing.rules)
2032437 - ET PHISHING Successful Yahoo Phish M2 2016-06-15 (phishing.rules)
2032438 - ET PHISHING Successful Square Phish 2016-06-15 (phishing.rules)
2032439 - ET PHISHING Successful Navy Federal Phish 2016-06-16 (phishing.rules)
2032440 - ET PHISHING Successful Earthlink Phish 2016-06-16 (phishing.rules)
2032441 - ET PHISHING Successful Christian Mingle Phish 2016-06-17 (phishing.rules)
2032442 - ET PHISHING Successful Maybank2u Phish 2016-06-17 (phishing.rules)
2032443 - ET PHISHING Successful Xfinity/Comcast Phish 2016-06-17 (phishing.rules)
2032446 - ET PHISHING Successful Singtel Phish 2016-06-22 (phishing.rules)
2032447 - ET PHISHING Successful Email Termination Phish 2016-06-22 (phishing.rules)
2032448 - ET PHISHING Successful H&M Revenue Phish M2 2016-06-22 (phishing.rules)
2032449 - ET PHISHING Successful Microsoft Encrypted Email Phish M2 2016-06-23 (phishing.rules)
2032450 - ET PHISHING Successful Standard Bank Phish 2016-06-23 (phishing.rules)
2032451 - ET PHISHING Successful Google Drive Phish M1 2016-06-11 (phishing.rules)
2032452 - ET PHISHING Successful Google Drive Phish M2 2016-06-11 (phishing.rules)
2032847 - ET MOBILE_MALWARE Arid Viper (fasebcck .com in DNS Lookup) (mobile_malware.rules)
2036698 - ET INFO Possible JARM Fingerprinting Client Hello via tls1_3_reverse (info.rules)
2037163 - ET INFO Microsoft Attack Simulation Training Domain in DNS Lookup (mesharepoint .com) (info.rules)
2043290 - ET MALWARE ZeroBot/ZeroStresser Botnet Related Domain in DNS Lookup (zero .sudolite .ml) (malware.rules)
2044087 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officenced .com) (info.rules)
2044088 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (prizemons .com) (info.rules)
2044090 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (prizewel .com) (info.rules)
2044091 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharesbyte .com) (info.rules)
2044092 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharession .com) (info.rules)
2044093 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (prizegives .com) (info.rules)
2044094 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (prizewings .com) (info.rules)
2044095 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (doctricant .com) (info.rules)
2044096 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (attemplate .com) (info.rules)
2044097 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (templatent .com) (info.rules)
2044098 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharepointle .com) (info.rules)
2044099 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officences .com) (info.rules)
2044100 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharestion .com) (info.rules)
2044101 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharepointin .com) (info.rules)
2044102 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officested .com) (info.rules)
2044103 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (mcsharepoint .com) (info.rules)
2044104 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officence .com) (info.rules)
2044105 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (templatern .com) (info.rules)
2044106 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (sharepointen .com) (info.rules)
2044107 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (officentry .com) (info.rules)
2044108 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (templateau .com) (info.rules)
2044109 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (shareholds .com) (info.rules)
2044110 - ET INFO Microsoft Defender Attack Simulation Training Domain in DNS Lookup (windocyte .com) (info.rules)
2046504 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046506 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046508 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046509 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046511 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046512 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046513 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046514 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046515 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046517 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046518 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046522 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046525 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046526 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046527 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046528 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046529 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046530 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046534 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046535 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046536 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046538 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046539 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046541 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046542 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046543 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046544 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046546 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046549 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046555 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046556 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046557 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046558 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046559 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046560 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046561 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046565 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046566 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046568 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046572 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046573 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046574 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046578 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046579 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046580 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046581 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046582 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046583 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046584 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046585 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046586 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046591 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046592 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046593 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046594 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046595 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046596 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046597 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046598 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046599 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046602 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046603 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046604 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046606 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2820147 - ETPRO WEB_CLIENT Possible Adobe Reader (CVE-2016-1079) (web_client.rules)
2824320 - ETPRO WEB_CLIENT Possible Acrobat Reader JS Use After Free (CVE-2017-2958) (web_client.rules)
2825863 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure CVE-2017-3022 (web_client.rules)
2825874 - ETPRO WEB_CLIENT Possible Adobe Reader Information Disclosure CVE-2017-3044 (web_client.rules)
2829776 - ETPRO MALWARE AridViper Domain Observed (katesacker .club in DNS Lookup) (malware.rules)
2831253 - ETPRO EXPLOIT Flash Player OOB Read (CVE-2018-5001) (exploit.rules)
2850157 - ETPRO PHISHING Successful Generic Phish 2021-10-11 (phishing.rules)
2854071 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.at CnC Domain in DNS Lookup (mobile_malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/09/20 - v10421 Ruleset Updates	303	September 20, 2023
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	243	June 20, 2023
Ruleset Update Summary - 2023/07/24 - v10378 Ruleset Updates	233	July 24, 2023
Ruleset Update Summary - 2023/09/13 - v10416 Ruleset Updates	208	September 13, 2023
Daily Ruleset Update Summary 2022/09/22 Ruleset Updates	132	September 22, 2022

Ruleset Update Summary - 2023/07/03 - v10363

Summary:

Added rules:

Open:

Disabled and modified rules:

Related topics