Ruleset Update Summary - 2023/09/12 - v10415

Summary:

15 new OPEN, 15 new PRO (15 + 0)

Thanks @Jane_0sint, @twinwavesec


Added rules:

Open:

  • 2017365 - ET HUNTING SUSPICIOUS UA (iexplore) (hunting.rules)
  • 2048037 - ET INFO Pastebin Style Domain in DNS Lookup (www .logpasta .com) (info.rules)
  • 2048038 - ET INFO Observed Pastbin Style Domain (www .logpasta .com in TLS SNI) (info.rules)
  • 2048039 - ET MALWARE TA406 Related Domain in DNS Lookup (malware.rules)
  • 2048040 - ET MALWARE Observed TA406 Related Domain in TLS SNI (malware.rules)
  • 2048041 - ET MALWARE TA406 Related Activity (GET) (malware.rules)
  • 2048042 - ET MALWARE Reptile Linux LKM Rootkit Backdoor Activity (malware.rules)
  • 2048043 - ET MALWARE Win32/Chifrax.a CnC Exfil via TCP (malware.rules)
  • 2048044 - ET PHISHING [TW] CodeCrafters Phishkit Domain Observed (codecrafterspro .com) (phishing.rules)
  • 2048045 - ET PHISHING [TW] CodeCrafters Phishkit Domain Observed (codecrafters .su) (phishing.rules)
  • 2048046 - ET PHISHING [TW] CodeCrafters Phishkit Domain Observed (devcraftingsolutions .com) (phishing.rules)
  • 2048047 - ET PHISHING [TW] CodeCrafters Phishkit Domain (devcraftingsolutions .com in TLS SNI) (phishing.rules)
  • 2048048 - ET PHISHING [TW] CodeCrafters Phishkit Domain (codecrafterspro .com in TLS SNI) (phishing.rules)
  • 2048049 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (machinetext .org) (exploit_kit.rules)
  • 2048050 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (machinetext .org) (exploit_kit.rules)

Removed rules:

  • 2017365 - ET MALWARE SUSPICIOUS UA (iexplore) (malware.rules)