Ruleset Update Summary - 2023/09/07 - v10412

Ruleset Updates
1

Summary:

31 new OPEN, 31 new PRO (31 + 0)

Thanks @bizone_en, @travisbgreen

Added rules:

Open:

  • 2047945 - ET MALWARE Win32/Bumblebee Loader Checkin Activity (set) (malware.rules)
  • 2047946 - ET MALWARE Win32/Bumblebee Loader Checkin Activity (malware.rules)
  • 2047947 - ET INFO Custom Endpoint Service Domain in DNS Lookup (mockbin .org) (info.rules)
  • 2047948 - ET INFO Custom Endpoint Service Domain in DNS Lookup (run .mocky .io) (info.rules)
  • 2047949 - ET INFO Observed Custom Endpoint Service Domain (run .mocky .io in TLS SNI) (info.rules)
  • 2047950 - ET MALWARE Malicious Debugging Application Related Domain in DNS Lookup (dbgsymbol .com) (malware.rules)
  • 2047951 - ET MALWARE Observed Malicious Debugging Application Related Domain (dbgsymbol .com in TLS SNI) (malware.rules)
  • 2047952 - ET MALWARE Malicious Debugging Application Related Domain in DNS Lookup (blgbeach .com) (malware.rules)
  • 2047953 - ET MALWARE Observed Malicious Debugging Application Related Domain (blgbeach .com in TLS SNI) (malware.rules)
  • 2047954 - ET WEB_SPECIFIC_APPS Apache RocketMQ 5.1.0 Arbitrary Code Injection in Broker Config (CVE-2023-33246) (web_specific_apps.rules)
  • 2047955 - ET MALWARE Suspected Red Wolf APT RedCurl.FSABIN Retrieval Attempt M1 (malware.rules)
  • 2047956 - ET MALWARE Suspected Red Wolf APT RedCurl.FSABIN Retrieval Attempt M2 (malware.rules)
  • 2047957 - ET MALWARE Suspected Red Wolf APT RedCurl.FSABIN Retrieval Attempt M3 (malware.rules)
  • 2047958 - ET MALWARE Suspected Red Wolf APT RedCurl.FSABIN Retrieval Attempt M4 (malware.rules)
  • 2047959 - ET MALWARE Suspected Red Wolf APT RedCurl.FSABIN Retrieval Attempt M5 (malware.rules)
  • 2047960 - ET MALWARE Suspected Red Wolf APT RedCurl.FSABIN Retrieval Attempt M6 (malware.rules)
  • 2047961 - ET MALWARE Suspected Red Wolf APT RedCurl.FSABIN Checkin (malware.rules)
  • 2047962 - ET MALWARE Suspected Red Wolf APT Domain in DNS Lookup (msftcloud .click) (malware.rules)
  • 2047963 - ET MALWARE Suspected Red Wolf APT Domain in DNS Lookup (servicehost .click) (malware.rules)
  • 2047964 - ET MALWARE Suspected Red Wolf APT Domain in DNS Lookup (amscloudhost .com) (malware.rules)
  • 2047965 - ET MALWARE Suspected Red Wolf APT Domain (servicehost .click) in TLS SNI (malware.rules)
  • 2047966 - ET MALWARE Suspected Red Wolf APT Domain (amscloudhost .com) in TLS SNI (malware.rules)
  • 2047967 - ET MALWARE Suspected Red Wolf APT Domain (msftcloud .click) in TLS SNI (malware.rules)
  • 2047968 - ET MALWARE Atomic macOS (AMOS) Stealer Payload Delivery Domain in DNS Lookup (trabingviews .com) (malware.rules)
  • 2047969 - ET MALWARE Atomic macOS (AMOS) Stealer Payload Delivery Domain in DNS Lookup (xn–tradgsvews-0ubd3y .com) (malware.rules)
  • 2047970 - ET MALWARE Atomic macOS (AMOS) Stealer Payload Delivery Domain in DNS Lookup (app-downloads .org) (malware.rules)
  • 2047971 - ET MALWARE Observed Atomic macOS (AMOS) Stealer Payload Deliver Domain (trabingviews .com) in TLS SNI (malware.rules)
  • 2047972 - ET MALWARE Observed Atomic macOS (AMOS) Stealer Payload Deliver Domain (xn–tradgsvews-0ubd3y .com) in TLS SNI (malware.rules)
  • 2047973 - ET MALWARE Observed Atomic macOS (AMOS) Stealer Payload Deliver Domain (app-downloads .org) in TLS SNI (malware.rules)
  • 2047974 - ET MALWARE SocGholish Domain in DNS Lookup (ghost .blueecho88 .com) (malware.rules)
  • 2047975 - ET MALWARE SocGholish Domain in TLS SNI (ghost .blueecho88 .com) (malware.rules)