Ruleset Update Summary - 2023/08/25 - v10403

rulesbot · August 25, 2023, 9:18pm

Summary:

36 new OPEN, 38 new PRO (36 + 2)

Thanks @cybleglobal, @Jane_0sint

Added rules:

Open:

2039018 - ET INFO DNSBin Demo (requestbin .net) - Data Exfil (info.rules)
2047731 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (requestinspector .com) (info.rules)
2047732 - ET INFO Webhook/HTTP Request Inspection Service Domain (requestinspector .com in TLS SNI) (info.rules)
2047733 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (saucelabs .com) (info.rules)
2047734 - ET INFO Webhook/HTTP Request Inspection Service Domain (saucelabs .com in TLS SNI) (info.rules)
2047735 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (x .pipedream .net) (info.rules)
2047736 - ET INFO Webhook/HTTP Request Inspection Service Domain (x .pipedream .net in TLS SNI) (info.rules)
2047737 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (m .pipedream .net) (info.rules)
2047738 - ET INFO Webhook/HTTP Request Inspection Service Domain (m .pipedream .net in TLS SNI) (info.rules)
2047739 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (intercept .rest) (info.rules)
2047740 - ET INFO Webhook/HTTP Request Inspection Service Domain (intercept .rest in TLS SNI) (info.rules)
2047741 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (webhook .site) (info.rules)
2047742 - ET HUNTING WebDAV Retrieving .exe (hunting.rules)
2047743 - ET HUNTING WebDAV Retrieving .dll (hunting.rules)
2047744 - ET MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2047745 - ET MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2047746 - ET MALWARE Observed TA444 Domain in TLS SNI (malware.rules)
2047747 - ET MALWARE Observed TA444 Domain in TLS SNI (malware.rules)
2047748 - ET MALWARE Win32/CosmicRust TA444 CnC Activity (GET) (malware.rules)
2047749 - ET MALWARE Agent Tesla Reverse Base64 Encoded MZ In Image (malware.rules)
2047750 - ET MALWARE Agent Tesla Base64 Encoded MZ In Image (malware.rules)
2047751 - ET ADWARE_PUP Suspected Adware/AccessMembre Domain in DNS Lookup (iconm1 .com) (adware_pup.rules)
2047752 - ET ADWARE_PUP Suspected Adware/AccessMembre Checkin M2 (adware_pup.rules)
2047753 - ET ADWARE_PUP Suspected Adware/AccessMembre Checkin M3 (adware_pup.rules)
2047754 - ET MALWARE ZenRAT Ping Command (malware.rules)
2047755 - ET MALWARE ZenRAT CnC OK Response (malware.rules)
2047756 - ET MALWARE ZenRAT Get Status Command (malware.rules)
2047757 - ET MALWARE ZenRAT Status Response (malware.rules)
2047758 - ET MALWARE ZenRAT Change Status Command (malware.rules)
2047759 - ET MALWARE ZenRAT Request Module Command (malware.rules)
2047760 - ET MALWARE ZenRAT Request Module CnC Response (malware.rules)
2047761 - ET MALWARE ZenRAT Update Command (malware.rules)
2047762 - ET MALWARE ZenRAT Update CnC Response (Already Actual) (malware.rules)
2047763 - ET MALWARE ZenRAT Tasking Command (malware.rules)
2047764 - ET MALWARE ZenRAT Tasking CnC Response M1 (malware.rules)
2047765 - ET MALWARE ZenRAT Tasking CnC Response M2 (malware.rules)

Pro:

2855180 - ETPRO MALWARE Suspected TA456 GrumpyGrocer Related Activity (GET) (malware.rules)
2855181 - ETPRO MALWARE TA456 GrumpyGrocer Related Activity (Response) (malware.rules)

Modified inactive rules:

2046504 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046506 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046508 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046509 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046511 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046512 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046513 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046514 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046515 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046517 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046518 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046522 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046525 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046526 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046527 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046528 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046529 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046530 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046534 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046535 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046536 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046538 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046539 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046541 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046542 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046543 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046544 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046546 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046549 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046555 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046556 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046557 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046558 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046559 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046560 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046561 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046565 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046566 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046568 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046572 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046573 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046574 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046578 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046579 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046580 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046581 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046582 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046583 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046584 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046585 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046586 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046591 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046592 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046593 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046594 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046595 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046596 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046597 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046598 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046599 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046602 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046603 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046604 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2046606 - ET MOBILE_MALWARE Android Spy PREDATOR CnC Domain in DNS Lookup (mobile_malware.rules)
2807163 - ETPRO ADWARE_PUP Adware/AccesMembre Checkin M1 (adware_pup.rules)

Disabled and modified rules:

2035197 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035198 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035199 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035200 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035221 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035222 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035253 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035254 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035255 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035256 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035257 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035265 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035266 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2035267 - ET MALWARE Gamaredon Maldoc Activity (GET) (malware.rules)
2035449 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)

Removed rules:

2039018 - ET MALWARE DNSBin Demo (requestbin .net) - Data Exfil (malware.rules)
2855175 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2855176 - ETPRO MALWARE Observed DNS Query to TA444 Domain (malware.rules)
2855177 - ETPRO MALWARE Observed TA444 Domain in TLS SNI (malware.rules)
2855178 - ETPRO MALWARE Observed TA444 Domain in TLS SNI (malware.rules)
2855179 - ETPRO MALWARE Win32/CosmicRust TA444 CnC Activity (GET) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/08/28 - v10404 Ruleset Updates	730	August 28, 2023
Ruleset Update Summary - 2023/11/13 - v10464 Ruleset Updates	255	November 13, 2023
Ruleset Update Summary - 2024/05/21 - v10600 Ruleset Updates	234	May 21, 2024
Ruleset Update Summary - 2023/09/26 - v10425 Ruleset Updates	349	September 26, 2023
Ruleset Update Summary - 2024/07/12 - v10644 Ruleset Updates	88	July 12, 2024

Ruleset Update Summary - 2023/08/25 - v10403

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Removed rules:

Related topics