Ruleset Update Summary - 2023/08/14 - v10393

rulesbot · August 14, 2023, 9:05pm

Summary:

15 new OPEN, 15 new PRO (15 + 0)

Thanks @EclecticIQ, @zscaler, @uptycs

2047635 - ET INFO File Sharing Domain in DNS Lookup (drive .internxt .com) (info.rules)
2047636 - ET INFO Observed File Sharing Domain (drive .internxt .com in TLS SNI) (info.rules)
2047637 - ET MALWARE Suspected Bitter Elephant APT Related Activity (GET) (malware.rules)
2047638 - ET MALWARE APT29 CnC Domain in DNS Lookup (sgrhf .org .pk) (malware.rules)
2047639 - ET MALWARE APT29 CnC Domain in DNS Lookup (toyy .zulipchat .com) (malware.rules)
2047640 - ET MALWARE APT29 CnC Domain in DNS Lookup (edenparkweddings .com) (malware.rules)
2047641 - ET MALWARE Observed APT29 Domain (sgrhf .org .pk) in TLS SNI (malware.rules)
2047642 - ET MALWARE Observed APT29 Domain (toyy .zulipchat .com) in TLS SNI (malware.rules)
2047643 - ET MALWARE Observed APT29 Domain (edenparkweddings .com) in TLS SNI (malware.rules)
2047644 - ET MALWARE APT29 Duke Variant Malware CnC Checkin Observed (malware.rules)
2047645 - ET MALWARE APT29 HTA Dropper Checkin Observed (malware.rules)
2047646 - ET MALWARE JanelaRAT CnC Checkin Observed (malware.rules)
2047647 - ET MALWARE QwixxRAT - Telegram CnC Checkin (malware.rules)
2047648 - ET EXPLOIT_KIT Fake Browser Update in DNS Lookup (exploit_kit.rules)
2047649 - ET EXPLOIT_KIT Fake Browser Update in TLS SNI (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/09/05 - v10410 Ruleset Updates	289	September 5, 2023
Ruleset Update Summary - 2024/01/10 - v10503 Ruleset Updates	421	January 10, 2024
Ruleset Update Summary - 2024/05/06 - v10590 Ruleset Updates	334	May 6, 2024
Ruleset Update Summary - 2023/10/02 - v10430 Ruleset Updates	275	October 2, 2023
Ruleset Update Summary - 2023/07/18 - v10374 Ruleset Updates	231	July 18, 2023