Ruleset Update Summary - 2023/08/29 - v10405

rulesbot · August 29, 2023, 8:55pm

Summary:

11 new OPEN, 13 new PRO (11 + 2)

Thanks @suyog41

2047809 - ET MALWARE IcedID CnC Domain in DNS Lookup (manderatapple .com) (malware.rules)
2047810 - ET MALWARE Observed IcedID Domain (manderatapple .com in TLS SNI) (malware.rules)
2047811 - ET MALWARE Glupteba CnC Domain in DNS Lookup (dazhiruoyu .org) (malware.rules)
2047812 - ET MALWARE Observed Glupteba Domain (dazhiruoyu .org in TLS SNI) (malware.rules)
2047813 - ET MALWARE Win32/Steallerium Stealer Data Exfil via Telegram (POST) (malware.rules)
2047814 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in DNS Lookup (stats-best .site) (exploit_kit.rules)
2047815 - ET EXPLOIT_KIT ClearFake Fingerprinting Domain in TLS SNI (stats-best .site) (exploit_kit.rules)
2047816 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (phimnhanh .info) (exploit_kit.rules)
2047817 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (phimnhanh .info) (exploit_kit.rules)
2047818 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (throatpills .org) (exploit_kit.rules)
2047819 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (throatpills .org) (exploit_kit.rules)

2855187 - ETPRO INFO Simulated Phish Training SSL Certificate detected (LUCY) (info.rules)
2855188 - ETPRO EXPLOIT_KIT ClearFake HTML Script Inject (exploit_kit.rules)

2037960 - ET HUNTING Observed Suspicious SSL Cert (Acme Co) (hunting.rules)
2039123 - ET MALWARE Observed DNS Query to DonotGroup Domain (stokpro .buzz) (malware.rules)
2039134 - ET PHISHING Account Credential Phish Landing Page 2022-10-10 (phishing.rules)
2040351 - ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (ec2-3-125-223-134 .eu-central-1 .compute .amazonaws .com) (malware.rules)
2041124 - ET MALWARE TA453 Related Domain in DNS Lookup (mailer-daemon .live) (malware.rules)
2043276 - ET MALWARE Observed IcedID Domain in DNS Lookup (bayernbadabum .com) (malware.rules)
2043278 - ET MALWARE Observed DNS Query to TA444/Lazarus Domain (concrecapital .com) (malware.rules)
2043297 - ET MALWARE Observed DNS Query to Xworm Domain (su1d .nerdpol .ovh) (malware.rules)
2044709 - ET MALWARE Observed DNS Query To Gamaredon Domain (raminla .ru) (malware.rules)
2044710 - ET MALWARE Observed DNS Query To Gamaredon Domain (daglarho .ru) (malware.rules)
2044711 - ET MALWARE Observed DNS Query to WinterVivern Domain (ocsp-report .com) (malware.rules)
2044712 - ET MALWARE Observed DNS Query to WinterVivern Domain (ocsp-reloads .com) (malware.rules)
2852663 - ETPRO MALWARE Suspected TA463 Domain in DNS Lookup (malware.rules)
2852664 - ETPRO MALWARE Suspected TA463 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/06/10 - v10613 Ruleset Updates	153	June 10, 2024
Ruleset Update Summary - 2023/07/25 - v10379 Ruleset Updates	288	July 25, 2023
Ruleset Update Summary - 2023/10/02 - v10430 Ruleset Updates	274	October 2, 2023
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	349	November 22, 2023
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	228	June 3, 2024