Ruleset Update Summary - 2023/09/26 - v10425

rulesbot · September 26, 2023, 8:38pm

Summary:

30 new OPEN, 30 new PRO (30 + 0)

Added rules:

Open:

2048246 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048247 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048248 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048249 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048250 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048251 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048252 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048253 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048254 - ET MALWARE TA577 Style Request (2023-05-15) (malware.rules)
2048255 - ET INFO Webhook/HTTP Request Inspection Service Domain (mockbin .org in TLS SNI) (info.rules)
2048256 - ET INFO Webhook/HTTP Request Inspection Service Domain via HTTP (mockbin .org in TLS SNI) - Clone (info.rules)
2048257 - ET MALWARE Ducktail Malware Related Domain in DNS Lookup (ductai .xyz) (malware.rules)
2048258 - ET MALWARE Observed Ducktail Malware Related Domain in TLS SNI (ductai .xyz) (malware.rules)
2048259 - ET WEB_SPECIFIC_APPS Possible Weblogic RCE Inbound (CVE-2017-3506) (web_specific_apps.rules)
2048260 - ET MALWARE [ANY.RUN] Win32/EternityClipper CnC Activity (Successful Installation) (POST) (malware.rules)
2048261 - ET MALWARE [ANY.RUN] Win32/EternityClipper CnC Activity (Address Change) (POST) (malware.rules)
2048262 - ET INFO Credit and Debit Card Metadata Lookup Domain in DNS Lookup (binlist .net) (info.rules)
2048263 - ET INFO Observed Credit and Debit Card Metadata Lookup Domain (binlist .net in TLS SNI) (info.rules)
2048264 - ET MALWARE Possible ToneShell CnC Checkin M2 (malware.rules)
2048265 - ET MALWARE Possible ToneShell CnC Checkin M3 (malware.rules)
2048266 - ET MALWARE Alloy Taurus APT Zapoa Backdoor Activity (malware.rules)
2048267 - ET INFO DYNAMIC_DNS Query to softether .net Domain (info.rules)
2048268 - ET INFO DYNAMIC_DNS softether .net Domain Observed in TLS SNI (info.rules)
2048269 - ET INFO DYNAMIC_DNS HTTP Request to a softether .net Domain (info.rules)
2048270 - ET MALWARE Alloy Taurus Reshell Backdoor URI pattern Observed M1 (malware.rules)
2048271 - ET MALWARE Alloy Taurus Reshell Backdoor URI pattern Observed M2 (malware.rules)
2048272 - ET PHISHING Crypto Phishing DNS Lookup (phishing.rules)
2048273 - ET PHISHING Observed External IP Lookup Domain (imedcloud .net in TLS SNI) (phishing.rules)
2048274 - ET PHISHING Crypto Phishing DNS Lookup (phishing.rules)
2048275 - ET PHISHING Observed Crypto Phishing Domain in TLS SNI (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	349	November 22, 2023
Ruleset Update Summary - 2024/05/24 - v10603 Ruleset Updates	234	May 24, 2024
Ruleset Update Summary - 2023/09/05 - v10410 Ruleset Updates	287	September 5, 2023
Ruleset Update Summary - 2023/11/07 - v10460 Ruleset Updates	380	November 7, 2023
Ruleset Update Summary - 2023/05/19 - v10327 Ruleset Updates	222	May 19, 2023

Ruleset Update Summary - 2023/09/26 - v10425

Summary:

Added rules:

Open:

Related topics