Ruleset Update Summary - 2023/08/22 - v10400

rulesbot · August 22, 2023, 8:26pm

Summary:

23 new OPEN, 30 new PRO (23 + 7)

Thanks @SentinelOne

Added rules:

Open:

2047682 - ET INFO DYNAMIC_DNS Query to a *.bang .cl Domain (info.rules)
2047683 - ET INFO DYNAMIC_DNS HTTP Request to a *.bang .cl Domain (info.rules)
2047684 - ET INFO DYNAMIC_DNS Query to a *.estic .org Domain (info.rules)
2047685 - ET INFO DYNAMIC_DNS HTTP Request to a *.estic .org Domain (info.rules)
2047686 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .brioche-amsterdam .com) (malware.rules)
2047687 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .qhsbobfv .top) (malware.rules)
2047688 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .mommachic .com) (malware.rules)
2047689 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .hatch .computer) (malware.rules)
2047690 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .nationalrecoveryllc .com) (malware.rules)
2047691 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .spv88 .online) (malware.rules)
2047692 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .raveready .shop) (malware.rules)
2047693 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .activ-ketodietakjsy620 .cloud) (malware.rules)
2047694 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .lushespets .com) (malware.rules)
2047695 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .qq9122 .com) (malware.rules)
2047696 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .corkagenexus .com) (malware.rules)
2047697 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .growind .info) (malware.rules)
2047698 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .kiavisa .com) (malware.rules)
2047699 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .akrsnamchi .com) (malware.rules)
2047700 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .pinksugarpopmontana .com) (malware.rules)
2047701 - ET MALWARE MacOS/XLOADER Domain in DNS Lookup (www .switchmerge .com) (malware.rules)
2047702 - ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup (info.rules)
2047703 - ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI (info.rules)
2047704 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (offshorechain .org) (exploit_kit.rules)

Pro:

2855152 - ETPRO MALWARE Observed Malicious SSL Cert (reNgine) (malware.rules)
2855153 - ETPRO INFO PenTesting Related Domain in DNS Lookup (info.rules)
2855154 - ETPRO MALWARE reNgine Related Activity (malware.rules)
2855155 - ETPRO MALWARE Win32/Sainbox RAT CnC Activity (GET) M1 (malware.rules)
2855156 - ETPRO MALWARE Win32/Sainbox RAT CnC Activity (GET) M2 (malware.rules)
2855157 - ETPRO MALWARE Win32/Sainbox RAT CnC Activity (GET) M3 (malware.rules)
2855158 - ETPRO MALWARE Win32/Sainbox RAT CnC Activity (GET) M4 (malware.rules)

Enabled and modified rules:

2036321 - ET MALWARE 000Stealer Data Exfiltration M2 (malware.rules)
2036542 - ET MALWARE Eternity Stealer Data Exfiltration Activity (malware.rules)
2036610 - ET MALWARE BlueShtorm Infostealer Data Exfiltration (malware.rules)
2036958 - ET MALWARE Win32/Gomorrah Stealer Data Exfiltration (malware.rules)
2037091 - ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Steam_htmlcache.txt) (hunting.rules)
2038664 - ET MALWARE Win32/Caypnamer.A RAT CnC Initial Checkin (malware.rules)
2038703 - ET ADWARE_PUP MuLauncher Telemetry Gathering Attempt (adware_pup.rules)
2038947 - ET MALWARE Win32/Cryptbot V2 Data Exfiltration Attempt (malware.rules)
2039415 - ET MALWARE MSSQL maggie backdoor Query Observed (other functions) (malware.rules)
2039775 - ET MALWARE Laplas Clipper - Regex CnC Request (malware.rules)
2039776 - ET MALWARE Laplas Clipper - SetOnline CnC Checkin (malware.rules)
2039777 - ET MALWARE Laplas Clipper - GetAddress CnC Checkin (malware.rules)
2039796 - ET INFO External File Sharing Service in DNS Lookup (sharefile .com) (info.rules)
2044583 - ET MALWARE Win32/Root Finder Stealer Sending System Information via Telegram (GET) (malware.rules)
2044584 - ET MALWARE Win32/AMGO Keylogger - Keylogger Started Message via Telegram (POST) (malware.rules)
2044744 - ET MALWARE SOMNIRECORD Backdoor PROBE Command in DNS Query (malware.rules)
2044746 - ET MALWARE SOMNIRECORD Backdoor DATA Command in DNS Query (malware.rules)

Disabled and modified rules:

2045796 - ET MALWARE TA427 Related Domain in DNS Lookup (com-people .click) (malware.rules)
2045797 - ET MALWARE TA427 Related Domain in DNS Lookup (com-price .space) (malware.rules)
2045798 - ET MALWARE TA427 Related Domain in DNS Lookup (com-www .click) (malware.rules)
2045799 - ET MALWARE TA427 Related Domain in DNS Lookup (com-def .asia) (malware.rules)
2045800 - ET MALWARE TA427 Related Domain in DNS Lookup (com-otp .click) (malware.rules)
2045801 - ET MALWARE TA427 Related Domain in DNS Lookup (de-file .online) (malware.rules)
2045802 - ET MALWARE TA427 Related Domain in DNS Lookup (kr-me .click) (malware.rules)
2045803 - ET MALWARE TA427 Related Domain in DNS Lookup (com-port .space) (malware.rules)
2045804 - ET MALWARE TA427 Related Domain in DNS Lookup (cf-health .click) (malware.rules)
2045805 - ET MALWARE TA427 Related Domain in DNS Lookup (kr-angry .click) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/02/13 - v10531 Ruleset Updates	433	February 13, 2024
Ruleset Update Summary - 2023/07/25 - v10379 Ruleset Updates	288	July 25, 2023
Daily Ruleset Update Summary 2022/09/15 Ruleset Updates	139	September 15, 2022
Ruleset Update Summary - 2023/07/18 - v10374 Ruleset Updates	231	July 18, 2023
Ruleset Update Summary - 2024/07/08 - v10640 Ruleset Updates	144	July 8, 2024

Ruleset Update Summary - 2023/08/22 - v10400

Summary:

Added rules:

Open:

Pro:

Enabled and modified rules:

Disabled and modified rules:

Related topics