Ruleset Update Summary - 2023/08/30 - v10406

Ruleset Updates
1

Summary:

42 new OPEN, 45 new PRO (42 + 3)

Thanks @James_inthe_box, @Jane_0sint

Added rules:

Open:

  • 2047820 - ET INFO Microsoft Dev Tunnels Domain DNS Lookup (devtunnels .ms) (info.rules)
  • 2047821 - ET MALWARE [ANY.RUN] TheBoxClipper (addbild) (malware.rules)
  • 2047822 - ET MALWARE [ANY.RUN] TheBoxClipper CnC Activity (getkeys) (malware.rules)
  • 2047823 - ET MALWARE [ANY.RUN] TheBoxClipper (updatebildchange) (malware.rules)
  • 2047824 - ET INFO Observed DNS over HTTPS Domain (dns .yingroad .top) (info.rules)
  • 2047825 - ET INFO Observed DNS over HTTPS Domain (query .hdns .io) (info.rules)
  • 2047826 - ET INFO Observed DNS over HTTPS Domain (dns .hubservices .vn) (info.rules)
  • 2047827 - ET INFO Observed DNS over HTTPS Domain (doh .qis .io) (info.rules)
  • 2047828 - ET INFO Observed DNS over HTTPS Domain (dns .repressoh .it) (info.rules)
  • 2047829 - ET INFO Observed DNS over HTTPS Domain (dns .circl .lu) (info.rules)
  • 2047830 - ET INFO Observed DNS over HTTPS Domain (dns .ndo .dev) (info.rules)
  • 2047831 - ET INFO Observed DNS over HTTPS Domain (nz01 .dns4me .net) (info.rules)
  • 2047832 - ET INFO Observed DNS over HTTPS Domain (spacedns .org) (info.rules)
  • 2047833 - ET INFO Observed DNS over HTTPS Domain (resolver3 .absolight .net) (info.rules)
  • 2047834 - ET INFO Observed DNS over HTTPS Domain (family .puredns .org) (info.rules)
  • 2047835 - ET INFO Observed DNS over HTTPS Domain (internetsehat .bebasid .com) (info.rules)
  • 2047836 - ET INFO Observed DNS over HTTPS Domain (antivirus .bebasid .com) (info.rules)
  • 2047837 - ET INFO Observed DNS over HTTPS Domain (dns .ramansarda .com) (info.rules)
  • 2047838 - ET INFO Observed DNS over HTTPS Domain (ag .brianlee .fun) (info.rules)
  • 2047839 - ET INFO Observed DNS over HTTPS Domain (secforads3 .ch) (info.rules)
  • 2047840 - ET INFO Observed DNS over HTTPS Domain (dns .s3cure .us) (info.rules)
  • 2047841 - ET INFO Observed DNS Over HTTPS Domain (dns .yingroad .top in TLS SNI) (info.rules)
  • 2047842 - ET INFO Observed DNS Over HTTPS Domain (query .hdns .io in TLS SNI) (info.rules)
  • 2047843 - ET INFO Observed DNS Over HTTPS Domain (dns .hubservices .vn in TLS SNI) (info.rules)
  • 2047844 - ET INFO Observed DNS Over HTTPS Domain (doh .qis .io in TLS SNI) (info.rules)
  • 2047845 - ET INFO Observed DNS Over HTTPS Domain (dns .repressoh .it in TLS SNI) (info.rules)
  • 2047846 - ET INFO Observed DNS Over HTTPS Domain (dns .circl .lu in TLS SNI) (info.rules)
  • 2047847 - ET INFO Observed DNS Over HTTPS Domain (dns .ndo .dev in TLS SNI) (info.rules)
  • 2047848 - ET INFO Observed DNS Over HTTPS Domain (nz01 .dns4me .net in TLS SNI) (info.rules)
  • 2047849 - ET INFO Observed DNS Over HTTPS Domain (spacedns .org in TLS SNI) (info.rules)
  • 2047850 - ET INFO Observed DNS Over HTTPS Domain (resolver3 .absolight .net in TLS SNI) (info.rules)
  • 2047851 - ET INFO Observed DNS Over HTTPS Domain (family .puredns .org in TLS SNI) (info.rules)
  • 2047852 - ET INFO Observed DNS Over HTTPS Domain (internetsehat .bebasid .com in TLS SNI) (info.rules)
  • 2047853 - ET INFO Observed DNS Over HTTPS Domain (antivirus .bebasid .com in TLS SNI) (info.rules)
  • 2047854 - ET INFO Observed DNS Over HTTPS Domain (dns .ramansarda .com in TLS SNI) (info.rules)
  • 2047855 - ET INFO Observed DNS Over HTTPS Domain (ag .brianlee .fun in TLS SNI) (info.rules)
  • 2047856 - ET INFO Observed DNS Over HTTPS Domain (secforads3 .ch in TLS SNI) (info.rules)
  • 2047857 - ET INFO Observed DNS Over HTTPS Domain (dns .s3cure .us in TLS SNI) (info.rules)
  • 2047858 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ewkekezmwzfevwvwvvmmmmmmwfwf .site) (exploit_kit.rules)
  • 2047859 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (dust-0001 .delorazahnow .workers .dev) (exploit_kit.rules)
  • 2047860 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ewkekezmwzfevwvwvvmmmmmmwfwf .site) (exploit_kit.rules)
  • 2047861 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (dust-0001 .delorazahnow .workers .dev) (exploit_kit.rules)

Pro:

  • 2855189 - ETPRO MALWARE Observed Koadic Framework Related DNS Lookup (malware.rules)
  • 2855190 - ETPRO MALWARE Observed Koadic Framework Domain in TLS SNI (malware.rules)
  • 2855191 - ETPRO MALWARE Maldoc Sending Windows System Information (POST) (malware.rules)