Ruleset Update Summary - 2023/09/06 - v10411

Ruleset Updates
1

Summary:

18 new OPEN, 23 new PRO (18 + 5)

Thanks @Cyber0verload

Added rules:

Open:

  • 2047927 - ET HUNTING Suspected Gamaredon Template Retrieval (hunting.rules)
  • 2047928 - ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) (malware.rules)
  • 2047929 - ET MALWARE Observed CoinMiner Domain (pool .supportxmr .com in TLS SNI) (malware.rules)
  • 2047930 - ET PHISHING Generic Credential Phish Landing Page 2023-09-05 (phishing.rules)
  • 2047931 - ET MALWARE Epsilon Stealer CnC Domain in DNS Lookup (epsilon1337 .com) (malware.rules)
  • 2047932 - ET MALWARE Observed Epsilon Stealer Domain (epsilon1337 .com) in TLS SNI (malware.rules)
  • 2047933 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules)
  • 2047934 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules)
  • 2047935 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules)
  • 2047936 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules)
  • 2047937 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (oekofkkfkoeefkefbnhgtrq .space) (exploit_kit.rules)
  • 2047938 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gkrokbmrkmrxtmxrxr .space) (exploit_kit.rules)
  • 2047939 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (znqjdnqzdqzfqmfqmkfq .site) (exploit_kit.rules)
  • 2047940 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (owkdzodqzodqjefjnnejenefe .site) (exploit_kit.rules)
  • 2047941 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (gctatick .com) (exploit_kit.rules)
  • 2047942 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (gctatick .com) (exploit_kit.rules)
  • 2047943 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (xxxmir .info) (exploit_kit.rules)
  • 2047944 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (xxxmir .info) (exploit_kit.rules)

Pro:

  • 2855239 - ETPRO MALWARE Win32/Amadey Stealer Activity M4 (POST) (malware.rules)
  • 2855240 - ETPRO MALWARE Win32/Amadey Stealer Activity M5 (POST) (malware.rules)
  • 2855241 - ETPRO MALWARE MSIL/TrojanDownloader.Agent Variant Payload Request (GET) M1 (malware.rules)
  • 2855242 - ETPRO MALWARE MSIL/TrojanDownloader.Agent Variant Payload Request (GET) M2 (malware.rules)
  • 2855243 - ETPRO EXPLOIT_KIT ClearFake HTML Script Inject M2 (exploit_kit.rules)