Ruleset Update Summary - 2023/07/28 - v10383

rulesbot · July 28, 2023, 10:11pm

Summary:

7 new OPEN, 30 new PRO (7 + 23)

Thanks @g0njxa

Added rules:

Open:

2046951 - ET INFO DYNAMIC_DNS Query to a *.enia .net Domain (info.rules)
2046952 - ET INFO DYNAMIC_DNS HTTP Request to a *.enia .net Domain (info.rules)
2046953 - ET INFO DYNAMIC_DNS Query to a *.henher .com Domain (info.rules)
2046954 - ET INFO DYNAMIC_DNS HTTP Request to a *.henher .com Domain (info.rules)
2046955 - ET MALWARE IcedID CnC Domain in DNS Lookup (vrondafarih .com) (malware.rules)
2046956 - ET MALWARE Observed IcedID Domain (vrondafarih .com in TLS SNI) (malware.rules)
2046957 - ET MALWARE PennyWise Stealer Data Exfil M4 (malware.rules)

Pro:

2854945 - ETPRO MOBILE_MALWARE Observed Trojan-Banker.AndroidOS.Banbra.ah Domain in TLS SNI (mobile_malware.rules)
2854946 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Banbra.ah CnC Domain in DNS Lookup (mobile_malware.rules)
2854947 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Fakecalls.n Checkin (mobile_malware.rules)
2854948 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Badpack.e CnC Domain in DNS Lookup (mobile_malware.rules)
2854949 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lu Checkin (mobile_malware.rules)
2854950 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lu Checkin 2 (mobile_malware.rules)
2854951 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lu Checkin 3 (mobile_malware.rules)
2854952 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lu Checkin 4 (mobile_malware.rules)
2854953 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lu Checkin 5 (mobile_malware.rules)
2854954 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lu Checkin 6 (mobile_malware.rules)
2854955 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Agent.lu CnC Domain in DNS Lookup (mobile_malware.rules)
2854956 - ETPRO MOBILE_MALWARE Android/Banker.BGB!tr Checkin (mobile_malware.rules)
2854957 - ETPRO MOBILE_MALWARE Observed Trojan-Banker.AndroidOS.Rewardsteal.ab Domain in TLS SNI (mobile_malware.rules)
2854958 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.zs Checkin (mobile_malware.rules)
2854959 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.zs Checkin 2 (mobile_malware.rules)
2854960 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.zs Checkin 3 (mobile_malware.rules)
2854961 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.LKS CnC Domain in DNS Lookup (mobile_malware.rules)
2854964 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.FakeApp.q Checkin (mobile_malware.rules)
2854965 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.CtrlVNC.a CnC Domain in DNS Lookup (mobile_malware.rules)
2854966 - ETPRO MOBILE_MALWARE Observed Backdoor.AndroidOS.CtrlVNC.a Domain in TLS SNI (mobile_malware.rules)
2854967 - ETPRO MOBILE_MALWARE Android/Spy.Agent.CSY CnC Domain in DNS Lookup (mobile_malware.rules)
2854968 - ETPRO MOBILE_MALWARE Observed Android/Spy.Agent.CSY Domain in TLS SNI (mobile_malware.rules)
2854969 - ETPRO MOBILE_MALWARE Observed Android/Spy.Agent.CSY Domain in TLS SNI (mobile_malware.rules)

Disabled and modified rules:

2044165 - ET MALWARE SocGholish Domain in DNS Lookup (shock .creatingaharmoniouslife .net) (malware.rules)
2046236 - ET MALWARE SocGholish Domain in DNS Lookup (specific .autonerdmobilerepairs .com) (malware.rules)
2046238 - ET MALWARE SocGholish Domain in DNS Lookup (form .haysllc .net) (malware.rules)
2046239 - ET MALWARE SocGholish Domain in DNS Lookup (forbes .firstmillionaires .com) (malware.rules)
2046241 - ET MALWARE SocGholish Domain in DNS Lookup (superposition .mathgeniusacademy .com) (malware.rules)
2046261 - ET MALWARE SocGholish Domain in DNS Lookup (ibm .deltavis .net) (malware.rules)
2046271 - ET MALWARE SocGholish Domain in DNS Lookup (toolkit .mobileautorepairmechanic .com) (malware.rules)
2046272 - ET MALWARE SocGholish Domain in DNS Lookup (webdog .ilinkads .com) (malware.rules)
2046289 - ET MALWARE SocGholish Domain in DNS Lookup (subscription .provijuns .com) (malware.rules)
2046630 - ET MALWARE SocGholish Domain in DNS Lookup (inside .awesomepotions .com) (malware.rules)
2046633 - ET MALWARE SocGholish Domain in DNS Lookup (career .humandesigns .com) (malware.rules)
2046640 - ET MALWARE SocGholish Domain in DNS Lookup (devops .livinginthenowbook .info) (malware.rules)
2046666 - ET MALWARE SocGholish Domain in DNS Lookup (therapy .rationallifestyleconsulting .org) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/07/25 - v10379 Ruleset Updates	230	July 25, 2023
Ruleset Update Summary - 2023/06/19 - v10353 Ruleset Updates	213	June 19, 2023
Ruleset Update Summary - 2023/09/27 - v10426 Ruleset Updates	247	September 27, 2023
Ruleset Update Summary - 2023/07/18 - v10374 Ruleset Updates	198	July 18, 2023
Ruleset Update Summary - 2023/05/22 - v10329 Ruleset Updates	274	May 22, 2023

Ruleset Update Summary - 2023/07/28 - v10383

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related Topics