Ruleset Update Summary - 2023/07/26 - v10380

Ruleset Updates
1

Summary:

41 new OPEN, 41 new PRO (41 + 0)

Thanks @LabsSentinel

Added rules:

Open:

  • 2046907 - ET MALWARE NanoCore RAT Keepalive 1 (malware.rules)
  • 2046908 - ET MALWARE NanoCore RAT Keepalive 2 (malware.rules)
  • 2046909 - ET MALWARE NanoCore RAT Keepalive Response 1 (malware.rules)
  • 2046910 - ET MALWARE NanoCore RAT Keepalive Response 2 (malware.rules)
  • 2046911 - ET MALWARE NanoCore RAT Keepalive Response 3 (malware.rules)
  • 2046912 - ET MALWARE NanoCore RAT Keepalive 3 (malware.rules)
  • 2046913 - ET MALWARE NanoCore RAT Keepalive 4 (malware.rules)
  • 2046914 - ET MALWARE NanoCore RAT CnC 7 (malware.rules)
  • 2046915 - ET MALWARE NanoCore RAT CnC 24 (malware.rules)
  • 2046916 - ET MALWARE NanoCore RAT CnC 26 (malware.rules)
  • 2046917 - ET MALWARE NanoCore RAT Keep-Alive Beacon (Inbound) (malware.rules)
  • 2046918 - ET MALWARE NanoCore RAT CnC 28 (malware.rules)
  • 2046919 - ET MALWARE NanoCore RAT CnC 23 (malware.rules)
  • 2046920 - ET MALWARE NanoCore RAT Keepalive Response 4 (malware.rules)
  • 2046921 - ET MALWARE NanoCore RAT Keepalive Response 5 (malware.rules)
  • 2046922 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (launchruse .com) (malware.rules)
  • 2046923 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (datadog-graph .com) (malware.rules)
  • 2046924 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (alwaysckain .com) (malware.rules)
  • 2046925 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (centos-pkg .org) (malware.rules)
  • 2046926 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (canolagroove .com) (malware.rules)
  • 2046927 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (reggedrobin .com) (malware.rules)
  • 2046928 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (nomadpkgs .com) (malware.rules)
  • 2046929 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (primerosauxiliosperu .com) (malware.rules)
  • 2046930 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (toyourownbeat .com) (malware.rules)
  • 2046931 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (datadog-cloud .com) (malware.rules)
  • 2046932 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (centos-repos .org) (malware.rules)
  • 2046933 - ET MALWARE TraderTraitor CnC Domain in DNS Lookup (nomadpkg .com) (malware.rules)
  • 2046934 - ET MALWARE Observed TraderTraitor Domain (launchruse .com in TLS SNI) (malware.rules)
  • 2046935 - ET MALWARE Observed TraderTraitor Domain (datadog-graph .com in TLS SNI) (malware.rules)
  • 2046936 - ET MALWARE Observed TraderTraitor Domain (alwaysckain .com in TLS SNI) (malware.rules)
  • 2046937 - ET MALWARE Observed TraderTraitor Domain (centos-pkg .org in TLS SNI) (malware.rules)
  • 2046938 - ET MALWARE Observed TraderTraitor Domain (canolagroove .com in TLS SNI) (malware.rules)
  • 2046939 - ET MALWARE Observed TraderTraitor Domain (reggedrobin .com in TLS SNI) (malware.rules)
  • 2046940 - ET MALWARE Observed TraderTraitor Domain (nomadpkgs .com in TLS SNI) (malware.rules)
  • 2046941 - ET MALWARE Observed TraderTraitor Domain (primerosauxiliosperu .com in TLS SNI) (malware.rules)
  • 2046942 - ET MALWARE Observed TraderTraitor Domain (toyourownbeat .com in TLS SNI) (malware.rules)
  • 2046943 - ET MALWARE Observed TraderTraitor Domain (datadog-cloud .com in TLS SNI) (malware.rules)
  • 2046944 - ET MALWARE Observed TraderTraitor Domain (centos-repos .org in TLS SNI) (malware.rules)
  • 2046945 - ET MALWARE Observed TraderTraitor Domain (nomadpkg .com in TLS SNI) (malware.rules)
  • 2046946 - ET MALWARE SocGholish Domain in TLS SNI (content .garretttrails .org) (malware.rules)
  • 2046947 - ET MALWARE SocGholish Domain in TLS SNI (creativity .kinchcorp .com) (malware.rules)

Disabled and modified rules:

  • 2025019 - ET MALWARE Possible NanoCore C2 60B (malware.rules)
  • 2046301 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .rfc .zitoprohealth .com) (malware.rules)
  • 2854669 - ETPRO EXPLOIT_KIT NetSupport Rat Domain in DNS Lookup (exploit_kit.rules)

Removed rules:

  • 2810288 - ETPRO MALWARE NanoCore RAT Keepalive 1 (malware.rules)
  • 2810289 - ETPRO MALWARE NanoCore RAT Keepalive 2 (malware.rules)
  • 2810290 - ETPRO MALWARE NanoCore RAT Keepalive Response 1 (malware.rules)
  • 2810291 - ETPRO MALWARE NanoCore RAT Keepalive Response 2 (malware.rules)
  • 2810451 - ETPRO MALWARE NanoCore RAT Keepalive Response 3 (malware.rules)
  • 2810452 - ETPRO MALWARE NanoCore RAT Keepalive 3 (malware.rules)
  • 2810453 - ETPRO MALWARE NanoCore RAT Keepalive 4 (malware.rules)
  • 2816766 - ETPRO MALWARE NanoCore RAT CnC 7 (malware.rules)
  • 2828398 - ETPRO MALWARE NanoCore RAT Keepalive Response 4 (malware.rules)
  • 2828399 - ETPRO MALWARE NanoCore RAT Keepalive Response 5 (malware.rules)
  • 2831256 - ETPRO MALWARE NanoCore RAT CnC 23 (malware.rules)
  • 2833901 - ETPRO MALWARE NanoCore RAT CnC 24 (malware.rules)
  • 2834441 - ETPRO MALWARE NanoCore RAT CnC 26 (malware.rules)
  • 2841753 - ETPRO MALWARE NanoCore RAT Keep-Alive Beacon (Inbound) (malware.rules)
  • 2845509 - ETPRO MALWARE NanoCore RAT CnC 28 (malware.rules)