Ruleset Update Summary - 2023/09/13 - v10416

rulesbot · September 13, 2023, 9:50pm

Summary:

38 new OPEN, 38 new PRO (38 + 0)

Thanks j0hnb3r00t, @kaspersky, @TrendMicro, @symantec

Added rules:

Open:

2048051 - ET POLICY ScreenConnect-ConnectWise Initial Checkin Packet M2 (policy.rules)
2048052 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (snxn298y5brpxd67rbntynb6p4qupuuv .com) (phishing.rules)
2048053 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (3aqulcx8xkg6qxrhxgmisecrt98kxlenzj .com) (phishing.rules)
2048054 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q922jh6d3zk0aelqdfc7yygzjr29sle .com) (phishing.rules)
2048055 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qc230lt32ey73qlaj9rkujm0ujtv090 .com) (phishing.rules)
2048056 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q8hn7d0uhpspz9xcp3hl9e5erddlew .com) (phishing.rules)
2048057 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qr0kxc4gcqt2lcpkdnz8ehs02u9n2xkgz89rwpr .com) (phishing.rules)
2048058 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qp2we64k79237y0npqehprfgynlz02fwpktlwte .com) (phishing.rules)
2048059 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q6zd25jmkfh5x24ymp60tq99xdugpq .com) (phishing.rules)
2048060 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qm34lmk6eesc65zpw79lxes69zkq3ew .com) (phishing.rules)
2048061 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (1kmtet1wyig94bxbcke45nivfx1w3m3hth .com) (phishing.rules)
2048062 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (13fzyjcfqhnryc4dkxkykbaawkzwrmhcfc .com) (phishing.rules)
2048063 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q6crq62w2sclm0cwwk6m2wugr6jkh .com) (phishing.rules)
2048064 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1q0hcvl2p88zdv4dj97mfwtwv4usxm .com) (phishing.rules)
2048065 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qm34lsc65zpw79lxes69zkqmk6ee3ew .com) (phishing.rules)
2048066 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qjywr9cpsm5u7e4yrmnx2jsahgzzmm7 .com) (phishing.rules)
2048067 - ET PHISHING [TW] Microsoft Credential Phish V3 CnC Domain in DNS Lookup (bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h .com) (phishing.rules)
2048068 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (snxn298y5brpxd67rbntynb6p4qupuuv .com in TLS SNI) (phishing.rules)
2048069 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (3aqulcx8xkg6qxrhxgmisecrt98kxlenzj .com in TLS SNI) (phishing.rules)
2048070 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q922jh6d3zk0aelqdfc7yygzjr29sle .com in TLS SNI) (phishing.rules)
2048071 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qc230lt32ey73qlaj9rkujm0ujtv090 .com in TLS SNI) (phishing.rules)
2048072 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q8hn7d0uhpspz9xcp3hl9e5erddlew .com in TLS SNI) (phishing.rules)
2048073 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qr0kxc4gcqt2lcpkdnz8ehs02u9n2xkgz89rwpr .com in TLS SNI) (phishing.rules)
2048074 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qp2we64k79237y0npqehprfgynlz02fwpktlwte .com in TLS SNI) (phishing.rules)
2048075 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q6zd25jmkfh5x24ymp60tq99xdugpq .com in TLS SNI) (phishing.rules)
2048076 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qm34lmk6eesc65zpw79lxes69zkq3ew .com in TLS SNI) (phishing.rules)
2048077 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (1kmtet1wyig94bxbcke45nivfx1w3m3hth .com in TLS SNI) (phishing.rules)
2048078 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (13fzyjcfqhnryc4dkxkykbaawkzwrmhcfc .com in TLS SNI) (phishing.rules)
2048079 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q6crq62w2sclm0cwwk6m2wugr6jkh .com in TLS SNI) (phishing.rules)
2048080 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1q0hcvl2p88zdv4dj97mfwtwv4usxm .com in TLS SNI) (phishing.rules)
2048081 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qm34lsc65zpw79lxes69zkqmk6ee3ew .com in TLS SNI) (phishing.rules)
2048082 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qjywr9cpsm5u7e4yrmnx2jsahgzzmm7 .com in TLS SNI) (phishing.rules)
2048083 - ET PHISHING Observed Microsoft Credential Phish V3 Domain (bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h .com in TLS SNI) (phishing.rules)
2048084 - ET MOBILE_MALWARE Android/MMRAT Data Exfiltration Attempt (mobile_malware.rules)
2048085 - ET MOBILE_MALWARE Android/MMRAT CnC Checkin M1 (mobile_malware.rules)
2048086 - ET MOBILE_MALWARE Android/MMRAT CnC Checkin M2 (mobile_malware.rules)
2048087 - ET MALWARE Free Download Manager Backdoor Domain in DNS Lookup (fdmpkg .org) (malware.rules)
2048088 - ET MALWARE Redfly APT Shadowpad Backdoor Domain in DNS Lookup (websencl .com) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/08/14 - v10666 Ruleset Updates	61	August 14, 2024
Ruleset Update Summary - 2024/10/15 - v10720 Ruleset Updates	81	October 15, 2024
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	248	June 20, 2023
Ruleset Update Summary - 2025/02/19 - v10862 Ruleset Updates	104	February 19, 2025
Ruleset Update Summary - 2024/05/09 - v10593 Ruleset Updates	293	May 9, 2024

Ruleset Update Summary - 2023/09/13 - v10416

Summary:

Added rules:

Open:

Related topics