Ruleset Update Summary - 2023/09/25 - v10424

Ruleset Updates
1

Summary:

25 new OPEN, 27 new PRO (25 + 2)

Thanks @g0njxa

Added rules:

Open:

  • 2048221 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
  • 2048222 - ET MALWARE TA577 Style Response (2023-05-15) (malware.rules)
  • 2048223 - ET CURRENT_EVENTS Predator Spyware Infection Chain Related Domain in DNS Lookup (verifyurl .me) (current_events.rules)
  • 2048224 - ET CURRENT_EVENTS Predator Spyware Infection Chain Related Domain (verifyurl .me in TLS SNI) (current_events.rules)
  • 2048225 - ET CURRENT_EVENTS Predator Spyware Infection Chain Related Domain in DNS Lookup (sec-flare .com) (current_events.rules)
  • 2048226 - ET CURRENT_EVENTS Observed Predator Spyware Infection Chain Related Domain Domain (sec-flare .com in TLS SNI) (current_events.rules)
  • 2048227 - ET INFO URL Shortening Service Domain in DNS Lookup (appurl .io) (info.rules)
  • 2048228 - ET INFO Observed URL Shortening Service Domain (appurl .io in TLS SNI) (info.rules)
  • 2048229 - ET MALWARE Win32/nstealer CnC Exfiltration (POST) M1 (malware.rules)
  • 2048230 - ET MALWARE Win32/nstealer CnC Exfiltration (POST) M2 (malware.rules)
  • 2048231 - ET PHISHING TOAD Domain in DNS Lookup (gxcare .cc) (phishing.rules)
  • 2048232 - ET PHISHING TOAD Domain in DNS Lookup (tenty247 .top) (phishing.rules)
  • 2048233 - ET PHISHING Observed TOAD Domain (gxcare .cc in TLS SNI) (phishing.rules)
  • 2048234 - ET PHISHING Observed TOAD Domain (tenty247 .top in TLS SNI) (phishing.rules)
  • 2048235 - ET MALWARE Possible OwlProxy activity M1 (malware.rules)
  • 2048236 - ET MALWARE Possible OwlProxy activity M2 (malware.rules)
  • 2048237 - ET MALWARE Possible OwlProxy activity M3 (malware.rules)
  • 2048238 - ET MALWARE Possible OwlProxy activity M4 (malware.rules)
  • 2048239 - ET MALWARE Possible OwlProxy activity M5 (malware.rules)
  • 2048240 - ET MALWARE Possible OwlProxy activity M6 (malware.rules)
  • 2048241 - ET MALWARE Possible ToneShell CnC Checkin M1 (malware.rules)
  • 2048242 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (credit-volta .com) (exploit_kit.rules)
  • 2048243 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (aflomusic .com) (exploit_kit.rules)
  • 2048244 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (credit-volta .com) (exploit_kit.rules)
  • 2048245 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (aflomusic .com) (exploit_kit.rules)

Pro:

  • 2855281 - ETPRO ATTACK_RESPONSE Responder NTLM Authentication HTTP Response M4 (attack_response.rules)
  • 2855288 - ETPRO ATTACK_RESPONSE Responder NTLM Authentication HTTP Response M5 (attack_response.rules)