Ruleset Update Summary - 2023/08/28 - v10404

Ruleset Updates
1

Summary:

43 new OPEN, 46 new PRO (43 + 3)

Thanks @rmceoin

Added rules:

Open:

  • 2047766 - ET INFO DNS Query for Webhook/HTTP Request Inspection/Tunneling Service (.free .beeceptor .com) (info.rules)
  • 2047767 - ET INFO Webhook/HTTP Request Inspection/Tunneling Service Domain (.free .beeceptor .com in TLS SNI) (info.rules)
  • 2047768 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (.curlhub .io) (info.rules)
  • 2047769 - ET INFO Webhook/HTTP Request Inspection Service Domain (.curlhub .io in TLS SNI) (info.rules)
  • 2047770 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (.apiary-mock .com) (info.rules)
  • 2047771 - ET INFO Webhook/HTTP Request Inspection Service Domain (.apiary-mock .com in TLS SNI) (info.rules)
  • 2047772 - ET INFO DNS Query for Webhook/HTTP Request Inspection Service (requestbin .cn) (info.rules)
  • 2047773 - ET INFO HTTP Request to Webhook/HTTP Request Inspection Service Domain (requestbin .cn) (info.rules)
  • 2047774 - ET INFO Interactsh Domain in DNS Lookup (.oast .me) (info.rules)
  • 2047775 - ET INFO Interactsh Domain in DNS Lookup (.oast .site) (info.rules)
  • 2047776 - ET INFO Interactsh Domain (.oast .site in TLS SNI) (info.rules)
  • 2047777 - ET INFO Interactsh Domain in DNS Lookup (.oast .live) (info.rules)
  • 2047778 - ET INFO Interactsh Domain (.oast .live in TLS SNI) (info.rules)
  • 2047779 - ET INFO Interactsh Domain in DNS Lookup (.oast .pro) (info.rules)
  • 2047780 - ET INFO Interactsh Domain (.oast .pro in TLS SNI) (info.rules)
  • 2047781 - ET INFO Interactsh Domain in DNS Lookup (.oast .online) (info.rules)
  • 2047782 - ET INFO Interactsh Domain (.oast .online in TLS SNI) (info.rules)
  • 2047783 - ET INFO Interactsh Domain in DNS Lookup (.oast .fun) (info.rules)
  • 2047784 - ET INFO Interactsh Domain (.oast .fun in TLS SNI) (info.rules)
  • 2047785 - ET INFO Interactsh Domain (.oast .me in TLS SNI) (info.rules)
  • 2047786 - ET HUNTING Base64 Encoded RAR File in HTML Body (Magic Bytes) (hunting.rules)
  • 2047787 - ET HUNTING Base64 Encoded zip-compressed File in HTML Body (Mime Type) (hunting.rules)
  • 2047788 - ET HUNTING Base64 Encoded ISO File in HTML Body (Magic Bytes) (hunting.rules)
  • 2047789 - ET HUNTING Base64 Encoded RAR Compressed File in HTML Body (Mime Type) (hunting.rules)
  • 2047790 - ET HUNTING Base64 Encoded octet-stream File in HTML Body (Mime Type) (hunting.rules)
  • 2047791 - ET HUNTING Base64 Encoded Null Byte Padded File in HTML Body (Magic Bytes) (hunting.rules)
  • 2047792 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (adqdqqewqewplzoqmzq .site) (exploit_kit.rules)
  • 2047793 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (borbrbmrtxtrbxrq .site) (exploit_kit.rules)
  • 2047794 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (komomjinndqndqwf .store ) (exploit_kit.rules)
  • 2047795 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (omdowqind .site) (exploit_kit.rules)
  • 2047796 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (wffewiuofegwumzowefmgwezfzew .site) (exploit_kit.rules)
  • 2047797 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (wnimodmoiejn .site) (exploit_kit.rules)
  • 2047798 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (adqdqqewqewplzoqmzq .site) (exploit_kit.rules)
  • 2047799 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (borbrbmrtxtrbxrq .site) (exploit_kit.rules)
  • 2047800 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (komomjinndqndqwf .store ) (exploit_kit.rules)
  • 2047801 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (omdowqind .site) (exploit_kit.rules)
  • 2047802 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (wffewiuofegwumzowefmgwezfzew .site) (exploit_kit.rules)
  • 2047803 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (wnimodmoiejn .site) (exploit_kit.rules)
  • 2047804 - ET EXPLOIT_KIT Keitaro Set-Cookie Inbound to ClearFake (71eb8) (exploit_kit.rules)
  • 2047805 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (martinreamask .com) (exploit_kit.rules)
  • 2047806 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (seyishalom .com) (exploit_kit.rules)
  • 2047807 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (martinreamask .com) (exploit_kit.rules)
  • 2047808 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (seyishalom .com) (exploit_kit.rules)

Pro:

  • 2855184 - ETPRO PHISHING Zimbra Phish Landing Page 2023-08-28 (phishing.rules)
  • 2855185 - ETPRO CURRENT_EVENTS Commonly Abused Domain Domain in DNS Lookup (current_events.rules)
  • 2855186 - ETPRO CURRENT_EVENTS Observed Commonly Abused Domain in TLS SNI (current_events.rules)