Ruleset Update Summary - 2023/09/14 - v10417

Ruleset Updates
1

Summary:

4 new OPEN, 4 new PRO (4 + 0)

Added rules:

Open:

  • 2048089 - ET MALWARE Darkgate Stealer CnC Checkin (malware.rules)
  • 2048090 - ET MALWARE Invoke-Phant0m Payload Request (GET) (malware.rules)
  • 2048091 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (krafttopia .net) (exploit_kit.rules)
  • 2048092 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (krafttopia .net) (exploit_kit.rules)

Disabled and modified rules:

  • 2044847 - ET EXPLOIT_KIT TA569 TDS Domain in DNS Lookup (xjquery .com) (exploit_kit.rules)
  • 2044886 - ET MALWARE Fake Browser Update Loader Domain in DNS Lookup (infoamanewonliag .online) (malware.rules)
  • 2044894 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (devqeury .org) (exploit_kit.rules)
  • 2044939 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (assistpayout .org) (exploit_kit.rules)
  • 2044940 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jsviewdev .org) (exploit_kit.rules)
  • 2047057 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .excluded .everyadpaysmefirst .com) (malware.rules)
  • 2047058 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .excluded .everyadpaysmefirst .com) (malware.rules)
  • 2047059 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (chestedband .org) (exploit_kit.rules)
  • 2047060 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limonpart .org) (exploit_kit.rules)
  • 2047061 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (chestedband .org) (exploit_kit.rules)
  • 2047062 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (limonpart .org) (exploit_kit.rules)
  • 2047160 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (bluegaslamp .org) (exploit_kit.rules)
  • 2047161 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (bluegaslamp .org) (exploit_kit.rules)
  • 2047162 - ET MALWARE TA446 Domain in DNS Lookup (directdocumentgate .com) (malware.rules)
  • 2047163 - ET MALWARE TA446 Domain in DNS Lookup (storagewarden .com) (malware.rules)
  • 2047164 - ET MALWARE TA446 Domain in DNS Lookup (commandentrance .com) (malware.rules)
  • 2047165 - ET MALWARE TA446 Domain in DNS Lookup (clouddefsystems .com) (malware.rules)
  • 2047166 - ET MALWARE TA446 Domain in DNS Lookup (sourcedoorway .com) (malware.rules)
  • 2047167 - ET MALWARE TA446 Domain in DNS Lookup (pdfdirectglobal .com) (malware.rules)
  • 2047168 - ET MALWARE TA446 Domain in DNS Lookup (controlgatestorage .com) (malware.rules)
  • 2047169 - ET MALWARE TA446 Domain in DNS Lookup (configuregatewayglobal .com) (malware.rules)
  • 2047170 - ET MALWARE TA446 Domain in DNS Lookup (storageinfogate .com) (malware.rules)
  • 2047171 - ET MALWARE TA446 Domain in DNS Lookup (yourdirectinfospace .com) (malware.rules)
  • 2047172 - ET MALWARE TA446 Domain in DNS Lookup (shortinfoonline .com) (malware.rules)
  • 2047173 - ET MALWARE TA446 Domain in DNS Lookup (gawecryptoinfosolutions .com) (malware.rules)
  • 2047174 - ET MALWARE TA446 Domain in DNS Lookup (sourcedoorways .com) (malware.rules)
  • 2047175 - ET MALWARE TA446 Domain in DNS Lookup (bittechllc .net) (malware.rules)
  • 2047176 - ET MALWARE TA446 Domain in DNS Lookup (entrywaycenter .com) (malware.rules)
  • 2047177 - ET MALWARE TA446 Domain in DNS Lookup (shielditlabel .com) (malware.rules)
  • 2047178 - ET MALWARE TA446 Domain in DNS Lookup (storagecryptogate .com) (malware.rules)
  • 2047179 - ET MALWARE TA446 Domain in DNS Lookup (itgatestorage .com) (malware.rules)
  • 2047180 - ET MALWARE TA446 Domain in DNS Lookup (managercodepro .com) (malware.rules)
  • 2047181 - ET MALWARE TA446 Domain in DNS Lookup (realeasyconfiguregateway .com) (malware.rules)
  • 2047182 - ET MALWARE TA446 Domain in DNS Lookup (intelligencerepository .com) (malware.rules)
  • 2047183 - ET MALWARE TA446 Domain in DNS Lookup (stateinfospace .com) (malware.rules)
  • 2047184 - ET MALWARE TA446 Domain in DNS Lookup (safetydocsgateway .com) (malware.rules)
  • 2047185 - ET MALWARE TA446 Domain in DNS Lookup (gateinfosecure .com) (malware.rules)
  • 2047186 - ET MALWARE TA446 Domain in DNS Lookup (transfer-dns .com) (malware.rules)
  • 2047187 - ET MALWARE TA446 Domain in DNS Lookup (secureglobaltele .com) (malware.rules)
  • 2047188 - ET MALWARE TA446 Domain in DNS Lookup (truncstorage .com) (malware.rules)
  • 2047189 - ET MALWARE TA446 Domain in DNS Lookup (yourspaceprotector .com) (malware.rules)
  • 2047190 - ET MALWARE TA446 Domain in DNS Lookup (prodefendme .com) (malware.rules)
  • 2047191 - ET MALWARE TA446 Domain in DNS Lookup (infostorageroute .com) (malware.rules)
  • 2047192 - ET MALWARE TA446 Domain in DNS Lookup (documentdirectllc .com) (malware.rules)
  • 2047193 - ET MALWARE TA446 Domain in DNS Lookup (prokeeperit .com) (malware.rules)
  • 2047194 - ET MALWARE TA446 Domain in DNS Lookup (itinfogate .com) (malware.rules)
  • 2047195 - ET MALWARE TA446 Domain in DNS Lookup (webgateway .ru) (malware.rules)
  • 2047196 - ET MALWARE TA446 Domain in DNS Lookup (datastoragecrypto .com) (malware.rules)
  • 2047197 - ET MALWARE TA446 Domain in DNS Lookup (directexpressgateway .com) (malware.rules)
  • 2047198 - ET MALWARE TA446 Domain in DNS Lookup (cloudcpanelhost .com) (malware.rules)
  • 2047199 - ET MALWARE TA446 Domain in DNS Lookup (myittechnext .com) (malware.rules)
  • 2047200 - ET MALWARE TA446 Domain in DNS Lookup (skycithereforeit .com) (malware.rules)
  • 2047201 - ET MALWARE TA446 Domain in DNS Lookup (definform .com) (malware.rules)
  • 2047202 - ET MALWARE TA446 Domain in DNS Lookup (myitappnext .com) (malware.rules)
  • 2047203 - ET MALWARE TA446 Domain in DNS Lookup (oneinformationcrypto .com) (malware.rules)
  • 2047204 - ET MALWARE TA446 Domain in DNS Lookup (webgatewayenter .com) (malware.rules)
  • 2047205 - ET MALWARE TA446 Domain in DNS Lookup (solutionsseccloud .com) (malware.rules)
  • 2047206 - ET MALWARE TA446 Domain in DNS Lookup (computingtechstudio .com) (malware.rules)
  • 2047207 - ET MALWARE TA446 Domain in DNS Lookup (meshgoin .com) (malware.rules)
  • 2047208 - ET MALWARE TA446 Domain in DNS Lookup (gatewayitsol .com) (malware.rules)
  • 2047209 - ET MALWARE TA446 Domain in DNS Lookup (controlstoragesolutions .com) (malware.rules)
  • 2047210 - ET MALWARE TA446 Domain in DNS Lookup (cryptdatagate .com) (malware.rules)
  • 2047211 - ET MALWARE TA446 Domain in DNS Lookup (storagekeeperinfopro .com) (malware.rules)
  • 2047212 - ET MALWARE TA446 Domain in DNS Lookup (incappcloud .com) (malware.rules)
  • 2047213 - ET MALWARE TA446 Domain in DNS Lookup (directdocumentgateway .com) (malware.rules)
  • 2047214 - ET MALWARE TA446 Domain in DNS Lookup (gatestoragetech .com) (malware.rules)
  • 2047215 - ET MALWARE TA446 Domain in DNS Lookup (storagecryptoweb .com) (malware.rules)
  • 2047216 - ET MALWARE TA446 Domain in DNS Lookup (cryptothistech .com) (malware.rules)
  • 2047217 - ET MALWARE TA446 Domain in DNS Lookup (pdfsecxcloudroute .com) (malware.rules)
  • 2047218 - ET MALWARE TA446 Domain in DNS Lookup (controlsstoragedirect .com) (malware.rules)
  • 2047219 - ET MALWARE TA446 Domain in DNS Lookup (serverguarditweb .com) (malware.rules)
  • 2047220 - ET MALWARE TA446 Domain in DNS Lookup (gatewaydocsint .com) (malware.rules)
  • 2047221 - ET MALWARE TA446 Domain in DNS Lookup (gatecryptospace .com) (malware.rules)
  • 2047222 - ET MALWARE TA446 Domain in DNS Lookup (storagetruncservices .com) (malware.rules)
  • 2047223 - ET MALWARE TA446 Domain in DNS Lookup (infogatestorage .com) (malware.rules)
  • 2047224 - ET MALWARE TA446 Domain in DNS Lookup (cloudrootstorage .com) (malware.rules)
  • 2047225 - ET MALWARE TA446 Domain in DNS Lookup (informationswitchsystems .com) (malware.rules)
  • 2047226 - ET MALWARE TA446 Domain in DNS Lookup (computertechdirectsystems .com) (malware.rules)
  • 2047227 - ET MALWARE TA446 Domain in DNS Lookup (threatcenterofreaserch .com) (malware.rules)
  • 2047228 - ET MALWARE TA446 Domain in DNS Lookup (po .vatangate .com) (malware.rules)
  • 2047229 - ET MALWARE TA446 Domain in DNS Lookup (suppdatacent .com) (malware.rules)
  • 2047230 - ET MALWARE TA446 Domain in DNS Lookup (directstoragegate .com) (malware.rules)
  • 2047231 - ET MALWARE TA446 Domain in DNS Lookup (protectordocumentcenter .com) (malware.rules)
  • 2047232 - ET MALWARE TA446 Domain in DNS Lookup (datagatellc .com) (malware.rules)
  • 2047233 - ET MALWARE TA446 Domain in DNS Lookup (getinfostarter .com) (malware.rules)
  • 2047234 - ET MALWARE TA446 Domain in DNS Lookup (cryptotechdirect .com) (malware.rules)
  • 2047235 - ET MALWARE TA446 Domain in DNS Lookup (gatewayrecord .com) (malware.rules)
  • 2047236 - ET MALWARE TA446 Domain in DNS Lookup (storagerootconnect .com) (malware.rules)
  • 2047237 - ET MALWARE TA446 Domain in DNS Lookup (documentdirectto .com) (malware.rules)
  • 2047238 - ET MALWARE TA446 Domain in DNS Lookup (keepitlabgroup .com) (malware.rules)
  • 2047239 - ET MALWARE TA446 Domain in DNS Lookup (infocryptogate .com) (malware.rules)
  • 2047240 - ET MALWARE TA446 Domain in DNS Lookup (docsinfogate .com) (malware.rules)
  • 2047241 - ET MALWARE TA446 Domain in DNS Lookup (networkgoin .com) (malware.rules)
  • 2047242 - ET MALWARE TA446 Domain in DNS Lookup (deskactivitygm .com) (malware.rules)
  • 2047243 - ET MALWARE TA446 Domain in DNS Lookup (checkscreenit .com) (malware.rules)
  • 2047244 - ET MALWARE TA446 Domain in DNS Lookup (storagekeeperinfotech .com) (malware.rules)
  • 2047245 - ET MALWARE TA446 Domain in DNS Lookup (datagatewayglobal .com) (malware.rules)
  • 2047246 - ET MALWARE TA446 Domain in DNS Lookup (webinterstellar .com) (malware.rules)
  • 2047247 - ET MALWARE TA446 Domain in DNS Lookup (informationcoindata .com) (malware.rules)
  • 2047248 - ET MALWARE TA446 Domain in DNS Lookup (protectedviews .com) (malware.rules)
  • 2047249 - ET MALWARE TA446 Domain in DNS Lookup (realitsolutionprimary .com) (malware.rules)
  • 2047250 - ET MALWARE TA446 Domain in DNS Lookup (gateblurbrepository .com) (malware.rules)
  • 2047251 - ET MALWARE TA446 Domain in DNS Lookup (centeritdefcity .com) (malware.rules)
  • 2047252 - ET MALWARE TA446 Domain in TLS SNI (directdocumentgate .com) (malware.rules)
  • 2047253 - ET MALWARE TA446 Domain in TLS SNI (storagewarden .com) (malware.rules)
  • 2047254 - ET MALWARE TA446 Domain in TLS SNI (commandentrance .com) (malware.rules)
  • 2047255 - ET MALWARE TA446 Domain in TLS SNI (clouddefsystems .com) (malware.rules)
  • 2047256 - ET MALWARE TA446 Domain in TLS SNI (sourcedoorway .com) (malware.rules)
  • 2047257 - ET MALWARE TA446 Domain in TLS SNI (pdfdirectglobal .com) (malware.rules)
  • 2047258 - ET MALWARE TA446 Domain in TLS SNI (controlgatestorage .com) (malware.rules)
  • 2047259 - ET MALWARE TA446 Domain in TLS SNI (configuregatewayglobal .com) (malware.rules)
  • 2047260 - ET MALWARE TA446 Domain in TLS SNI (storageinfogate .com) (malware.rules)
  • 2047261 - ET MALWARE TA446 Domain in TLS SNI (yourdirectinfospace .com) (malware.rules)
  • 2047262 - ET MALWARE TA446 Domain in TLS SNI (shortinfoonline .com) (malware.rules)
  • 2047263 - ET MALWARE TA446 Domain in TLS SNI (gawecryptoinfosolutions .com) (malware.rules)
  • 2047264 - ET MALWARE TA446 Domain in TLS SNI (sourcedoorways .com) (malware.rules)
  • 2047265 - ET MALWARE TA446 Domain in TLS SNI (bittechllc .net) (malware.rules)
  • 2047266 - ET MALWARE TA446 Domain in TLS SNI (entrywaycenter .com) (malware.rules)
  • 2047267 - ET MALWARE TA446 Domain in TLS SNI (shielditlabel .com) (malware.rules)
  • 2047268 - ET MALWARE TA446 Domain in TLS SNI (storagecryptogate .com) (malware.rules)
  • 2047269 - ET MALWARE TA446 Domain in TLS SNI (itgatestorage .com) (malware.rules)
  • 2047270 - ET MALWARE TA446 Domain in TLS SNI (managercodepro .com) (malware.rules)
  • 2047271 - ET MALWARE TA446 Domain in TLS SNI (realeasyconfiguregateway .com) (malware.rules)
  • 2047272 - ET MALWARE TA446 Domain in TLS SNI (intelligencerepository .com) (malware.rules)
  • 2047273 - ET MALWARE TA446 Domain in TLS SNI (stateinfospace .com) (malware.rules)
  • 2047274 - ET MALWARE TA446 Domain in TLS SNI (safetydocsgateway .com) (malware.rules)
  • 2047275 - ET MALWARE TA446 Domain in TLS SNI (gateinfosecure .com) (malware.rules)
  • 2047276 - ET MALWARE TA446 Domain in TLS SNI (transfer-dns .com) (malware.rules)
  • 2047277 - ET MALWARE TA446 Domain in TLS SNI (secureglobaltele .com) (malware.rules)
  • 2047278 - ET MALWARE TA446 Domain in TLS SNI (truncstorage .com) (malware.rules)
  • 2047279 - ET MALWARE TA446 Domain in TLS SNI (yourspaceprotector .com) (malware.rules)
  • 2047280 - ET MALWARE TA446 Domain in TLS SNI (prodefendme .com) (malware.rules)
  • 2047281 - ET MALWARE TA446 Domain in TLS SNI (infostorageroute .com) (malware.rules)
  • 2047282 - ET MALWARE TA446 Domain in TLS SNI (documentdirectllc .com) (malware.rules)
  • 2047283 - ET MALWARE TA446 Domain in TLS SNI (prokeeperit .com) (malware.rules)
  • 2047284 - ET MALWARE TA446 Domain in TLS SNI (itinfogate .com) (malware.rules)
  • 2047285 - ET MALWARE TA446 Domain in TLS SNI (webgateway .ru) (malware.rules)
  • 2047286 - ET MALWARE TA446 Domain in TLS SNI (datastoragecrypto .com) (malware.rules)
  • 2047287 - ET MALWARE TA446 Domain in TLS SNI (directexpressgateway .com) (malware.rules)
  • 2047288 - ET MALWARE TA446 Domain in TLS SNI (cloudcpanelhost .com) (malware.rules)
  • 2047289 - ET MALWARE TA446 Domain in TLS SNI (myittechnext .com) (malware.rules)
  • 2047290 - ET MALWARE TA446 Domain in TLS SNI (skycithereforeit .com) (malware.rules)
  • 2047291 - ET MALWARE TA446 Domain in TLS SNI (definform .com) (malware.rules)
  • 2047292 - ET MALWARE TA446 Domain in TLS SNI (myitappnext .com) (malware.rules)
  • 2047293 - ET MALWARE TA446 Domain in TLS SNI (oneinformationcrypto .com) (malware.rules)
  • 2047294 - ET MALWARE TA446 Domain in TLS SNI (webgatewayenter .com) (malware.rules)
  • 2047295 - ET MALWARE TA446 Domain in TLS SNI (solutionsseccloud .com) (malware.rules)
  • 2047296 - ET MALWARE TA446 Domain in TLS SNI (computingtechstudio .com) (malware.rules)
  • 2047297 - ET MALWARE TA446 Domain in TLS SNI (meshgoin .com) (malware.rules)
  • 2047298 - ET MALWARE TA446 Domain in TLS SNI (gatewayitsol .com) (malware.rules)
  • 2047299 - ET MALWARE TA446 Domain in TLS SNI (controlstoragesolutions .com) (malware.rules)
  • 2047300 - ET MALWARE TA446 Domain in TLS SNI (cryptdatagate .com) (malware.rules)
  • 2047301 - ET MALWARE TA446 Domain in TLS SNI (storagekeeperinfopro .com) (malware.rules)
  • 2047302 - ET MALWARE TA446 Domain in TLS SNI (incappcloud .com) (malware.rules)
  • 2047303 - ET MALWARE TA446 Domain in TLS SNI (directdocumentgateway .com) (malware.rules)
  • 2047304 - ET MALWARE TA446 Domain in TLS SNI (gatestoragetech .com) (malware.rules)
  • 2047305 - ET MALWARE TA446 Domain in TLS SNI (storagecryptoweb .com) (malware.rules)
  • 2047306 - ET MALWARE TA446 Domain in TLS SNI (cryptothistech .com) (malware.rules)
  • 2047307 - ET MALWARE TA446 Domain in TLS SNI (pdfsecxcloudroute .com) (malware.rules)
  • 2047308 - ET MALWARE TA446 Domain in TLS SNI (controlsstoragedirect .com) (malware.rules)
  • 2047309 - ET MALWARE TA446 Domain in TLS SNI (serverguarditweb .com) (malware.rules)
  • 2047310 - ET MALWARE TA446 Domain in TLS SNI (gatewaydocsint .com) (malware.rules)
  • 2047311 - ET MALWARE TA446 Domain in TLS SNI (gatecryptospace .com) (malware.rules)
  • 2047312 - ET MALWARE TA446 Domain in TLS SNI (storagetruncservices .com) (malware.rules)
  • 2047313 - ET MALWARE TA446 Domain in TLS SNI (infogatestorage .com) (malware.rules)
  • 2047314 - ET MALWARE TA446 Domain in TLS SNI (cloudrootstorage .com) (malware.rules)
  • 2047315 - ET MALWARE TA446 Domain in TLS SNI (informationswitchsystems .com) (malware.rules)
  • 2047316 - ET MALWARE TA446 Domain in TLS SNI (computertechdirectsystems .com) (malware.rules)
  • 2047317 - ET MALWARE TA446 Domain in TLS SNI (threatcenterofreaserch .com) (malware.rules)
  • 2047318 - ET MALWARE TA446 Domain in TLS SNI (po .vatangate .com) (malware.rules)
  • 2047319 - ET MALWARE TA446 Domain in TLS SNI (suppdatacent .com) (malware.rules)
  • 2047320 - ET MALWARE TA446 Domain in TLS SNI (directstoragegate .com) (malware.rules)
  • 2047321 - ET MALWARE TA446 Domain in TLS SNI (protectordocumentcenter .com) (malware.rules)
  • 2047322 - ET MALWARE TA446 Domain in TLS SNI (datagatellc .com) (malware.rules)
  • 2047323 - ET MALWARE TA446 Domain in TLS SNI (getinfostarter .com) (malware.rules)
  • 2047324 - ET MALWARE TA446 Domain in TLS SNI (cryptotechdirect .com) (malware.rules)
  • 2047325 - ET MALWARE TA446 Domain in TLS SNI (gatewayrecord .com) (malware.rules)
  • 2047326 - ET MALWARE TA446 Domain in TLS SNI (storagerootconnect .com) (malware.rules)
  • 2047327 - ET MALWARE TA446 Domain in TLS SNI (documentdirectto .com) (malware.rules)
  • 2047328 - ET MALWARE TA446 Domain in TLS SNI (keepitlabgroup .com) (malware.rules)
  • 2047329 - ET MALWARE TA446 Domain in TLS SNI (infocryptogate .com) (malware.rules)
  • 2047330 - ET MALWARE TA446 Domain in TLS SNI (docsinfogate .com) (malware.rules)
  • 2047331 - ET MALWARE TA446 Domain in TLS SNI (networkgoin .com) (malware.rules)
  • 2047332 - ET MALWARE TA446 Domain in TLS SNI (deskactivitygm .com) (malware.rules)
  • 2047333 - ET MALWARE TA446 Domain in TLS SNI (checkscreenit .com) (malware.rules)
  • 2047334 - ET MALWARE TA446 Domain in TLS SNI (storagekeeperinfotech .com) (malware.rules)
  • 2047335 - ET MALWARE TA446 Domain in TLS SNI (datagatewayglobal .com) (malware.rules)
  • 2047336 - ET MALWARE TA446 Domain in TLS SNI (webinterstellar .com) (malware.rules)
  • 2047337 - ET MALWARE TA446 Domain in TLS SNI (informationcoindata .com) (malware.rules)
  • 2047338 - ET MALWARE TA446 Domain in TLS SNI (protectedviews .com) (malware.rules)
  • 2047339 - ET MALWARE TA446 Domain in TLS SNI (realitsolutionprimary .com) (malware.rules)
  • 2047340 - ET MALWARE TA446 Domain in TLS SNI (gateblurbrepository .com) (malware.rules)
  • 2047341 - ET MALWARE TA446 Domain in TLS SNI (centeritdefcity .com) (malware.rules)
  • 2047618 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .timeline .transversallearning .com) (malware.rules)
  • 2047619 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .timeline .transversallearning .com) (malware.rules)
  • 2047648 - ET EXPLOIT_KIT Fake Browser Update in DNS Lookup (exploit_kit.rules)
  • 2047649 - ET EXPLOIT_KIT Fake Browser Update in TLS SNI (exploit_kit.rules)
  • 2047650 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .photo .beyoudcor .com) (malware.rules)
  • 2047651 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .photo .beyoudcor .com) (malware.rules)

Removed rules:

  • 2842772 - ETPRO MALWARE AutoIT/Trojan.Injector.Autoit.F Checkin (malware.rules)