Ruleset Update Summary - 2023/08/08 - v10389

rulesbot · August 8, 2023, 9:13pm

Summary:

45 new OPEN, 46 new PRO (45 + 1)

Thanks @Jane_0sit

Added rules:

Open:

2018752 - ET HUNTING Generic .bin download from Dotted Quad (hunting.rules)
2047071 - ET INFO DYNAMIC_DNS Query to a *.zerocoolgames .com Domain (info.rules)
2047072 - ET INFO DYNAMIC_DNS HTTP Request to a *.zerocoolgames .com Domain (info.rules)
2047073 - ET INFO DYNAMIC_DNS Query to a *.ragtopvintage .com Domain (info.rules)
2047074 - ET INFO DYNAMIC_DNS HTTP Request to a *.ragtopvintage .com Domain (info.rules)
2047075 - ET INFO DYNAMIC_DNS Query to a *.appia .com .au Domain (info.rules)
2047076 - ET INFO DYNAMIC_DNS HTTP Request to a *.appia .com .au Domain (info.rules)
2047077 - ET INFO DYNAMIC_DNS Query to a *.joseulloa .cl Domain (info.rules)
2047078 - ET INFO DYNAMIC_DNS HTTP Request to a *.joseulloa .cl Domain (info.rules)
2047079 - ET INFO External IP Check Domain in DNS Lookup (ip .cn) (info.rules)
2047080 - ET INFO Observed External IP Lookup Domain (ip .cn in TLS SNI) (info.rules)
2047081 - ET INFO External IP Check Domain in DNS Lookup (ip .me) (info.rules)
2047082 - ET INFO Observed External IP Lookup Domain (ip .me in TLS SNI) (info.rules)
2047083 - ET HUNTING [ANY.RUN] DARKCLOUD Style External IP Check (hunting.rules)
2047084 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (humorumbi .ru) (malware.rules)
2047085 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (aethionemaso .ru) (malware.rules)
2047086 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (bulot .ru) (malware.rules)
2047087 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (alliumso .ru) (malware.rules)
2047088 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (baruta .ru) (malware.rules)
2047089 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (nicsan .ru) (malware.rules)
2047090 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (mojavebo .ru) (malware.rules)
2047091 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (imbriumbi .ru) (malware.rules)
2047092 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (acaenaso .ru) (malware.rules)
2047093 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (bolonna .ru) (malware.rules)
2047094 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (alceaso .ru) (malware.rules)
2047095 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (acanthusso .ru) (malware.rules)
2047096 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (butoza .ru) (malware.rules)
2047097 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (patrios .ru) (malware.rules)
2047098 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (acorusso .ru) (malware.rules)
2047099 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (buritoc .ru) (malware.rules)
2047100 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (achilleaso .ru) (malware.rules)
2047101 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (wadibo .ru) (malware.rules)
2047102 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (anguisbi .ru) (malware.rules)
2047103 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (saharabo .ru) (malware.rules)
2047104 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (cresozoq .ru) (malware.rules)
2047105 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (alismaso .ru) (malware.rules)
2047106 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (wahibabo .ru) (malware.rules)
2047107 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (adiantumso .ru) (malware.rules)
2047108 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (tolofa .ru) (malware.rules)
2047109 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (rogac .ru) (malware.rules)
2047110 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (cupata .ru) (malware.rules)
2047111 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (macda .ru) (malware.rules)
2047112 - ET MALWARE Gamaredon APT Related Domain in DNS Lookup (aconitumso .ru) (malware.rules)
2047113 - ET MALWARE 8Base Ransomware Domain in DNS Lookup (dexblog45 .xyz) (malware.rules)
2047114 - ET MALWARE 8Base Ransomware Domain in DNS Lookup (sentrex219 .xyz) (malware.rules)

Pro:

2855039 - ETPRO MALWARE UNK Stealer Telegram Exfil (malware.rules)

Disabled and modified rules:

2043006 - ET MALWARE SocGholish Domain in DNS Lookup (extcourse .zurvio .com) (malware.rules)
2044516 - ET MALWARE SocGholish Domain in DNS Lookup (profit .3stepsprofit .com) (malware.rules)
2045627 - ET MALWARE SocGholish Domain in DNS Lookup (framework .rankinfiles .com) (malware.rules)
2045811 - ET MALWARE SocGholish Domain in DNS Lookup (tube .saltminecomics .com) (malware.rules)

Removed rules:

2018752 - ET MALWARE Generic .bin download from Dotted Quad (malware.rules)
2042799 - ET INFO DYNAMIC_DNS HTTP Request to a *.servehttp .com Domain (info.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/05/24 - v10331 Ruleset Updates	273	May 24, 2023
Ruleset Update Summary - 2023/05/16 - v10324 Ruleset Updates	308	May 16, 2023
Ruleset Update Summary - 2024/01/26 - v10515 Ruleset Updates	169	January 26, 2024
Ruleset Update Summary - 2023/10/18 - v10444 Ruleset Updates	302	October 18, 2023
Ruleset Update Summary - 2023/11/15 - v10466 Ruleset Updates	500	November 15, 2023

Ruleset Update Summary - 2023/08/08 - v10389

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Removed rules:

Related Topics