Ruleset Update Summary - 2023/10/06 - v10434

rulesbot · October 6, 2023, 9:46pm

Summary:

24 new OPEN, 26 new PRO (24 + 2)

Thanks @IBMSecurity, @Jane_0sint, @reecdeep

Added rules:

Open:

2048469 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity (current_events.rules)
2048470 - ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity (current_events.rules)
2048471 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .live) (malware.rules)
2048472 - ET MALWARE Malicious Domain in DNS Lookup (cloudjs .live) (malware.rules)
2048473 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .ink) (malware.rules)
2048474 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .biz) (malware.rules)
2048475 - ET MALWARE Malicious Domain in DNS Lookup (jscdn .biz) (malware.rules)
2048476 - ET PHISHING Netscaler Gateway Credential Theft (POST) (phishing.rules)
2048477 - ET MALWARE [ANY.RUN] Win32/Gh0stRat Activity (malware.rules)
2048478 - ET MALWARE [ANY.RUN] Win32/Gh0stRat Keep-Alive (malware.rules)
2048479 - ET MALWARE Observed Malicious Domain (jscloud .live in TLS SNI) (malware.rules)
2048480 - ET MALWARE Observed Malicious Domain (cloudjs .live in TLS SNI) (malware.rules)
2048481 - ET MALWARE Observed Malicious Domain (jscloud .ink in TLS SNI) (malware.rules)
2048482 - ET MALWARE Observed Malicious Domain (jscloud .biz in TLS SNI) (malware.rules)
2048483 - ET MALWARE Observed Malicious Domain (jscdn .biz in TLS SNI) (malware.rules)
2048484 - ET MALWARE DNS Query to Ursnif Domain (communicalink .com) (malware.rules)
2048485 - ET MALWARE Ursnif Payload Downloader Inbound (malware.rules)
2048486 - ET MALWARE DNS Query to Ursnif Domain (mifrutty .com) (malware.rules)
2048487 - ET MALWARE Observed Ursnif Domain (mifrutty .com in TLS SNI) (malware.rules)
2048488 - ET EXPLOIT_KIT JavaScript DOS Injection (exploit_kit.rules)
2048489 - ET MALWARE Observed IcedID CnC Domain (mestorycallin .com in TLS SNI) (malware.rules)
2048490 - ET MALWARE Observed IcedID CnC Domain (carsfootyelo .com in TLS SNI) (malware.rules)
2048491 - ET MALWARE UAC-006 Domain in DNS Lookup (ukr-net-download-files-php-name .ru) (malware.rules)
2048492 - ET MALWARE UAC-006 Domain in TLS SNI (ukr-net-download-files-php-name .ru) (malware.rules)

Pro:

2855320 - ETPRO PHISHING DNS Query to TOAD Domain (phishing.rules)
2855321 - ETPRO PHISHING Observed TOAD Domain in TLS SNI (phishing.rules)

Disabled and modified rules:

2046645 - ET MALWARE Gamaredon Domain in DNS Lookup (namibbo .ru) (malware.rules)
2046646 - ET MALWARE Gamaredon Domain in DNS Lookup (kyzylkumbo .ru) (malware.rules)
2046647 - ET MALWARE Gamaredon Domain in DNS Lookup (bukatam .ru) (malware.rules)
2046648 - ET MALWARE Gamaredon Domain in DNS Lookup (negevbo .ru) (malware.rules)
2046649 - ET MALWARE Gamaredon Domain in DNS Lookup (totalav .ru) (malware.rules)
2046650 - ET MALWARE Gamaredon Domain in DNS Lookup (durakam .ru) (malware.rules)
2046651 - ET MALWARE Gamaredon Domain in DNS Lookup (gutarax .ru) (malware.rules)
2046712 - ET MALWARE TA444 Related Domain in DNS Lookup (crypto .hondchain .com) (malware.rules)
2046713 - ET MALWARE TA444 Related Domain in DNS Lookup (starbucls .xyz) (malware.rules)
2046736 - ET MALWARE TA444 Domain in DNS Lookup (cloud .dnx .capital) (malware.rules)
2046737 - ET MALWARE TA444 Domain in DNS Lookup (crypto .hondchain .com) (malware.rules)
2046972 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (polaris-bios-editor .ru) (malware.rules)
2046973 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (atiflash .ru) (malware.rules)
2046974 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (overdriventool .ru) (malware.rules)
2046975 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (balena-etcher .com) (malware.rules)
2046976 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (evga-precision .com) (malware.rules)
2046977 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (nvidiainspector .ru) (malware.rules)
2046978 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (ryzen-master .com) (malware.rules)
2046979 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (btc-tools .ru) (malware.rules)
2046980 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (more-power-tool .com) (malware.rules)
2046981 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (sapphiretrixx .com) (malware.rules)
2046982 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (clockgen64 .com) (malware.rules)
2046983 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (nvflash .ru) (malware.rules)
2046984 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (srbpolaris .ru) (malware.rules)
2046985 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (techpowerup-gpu-z .com) (malware.rules)
2046986 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (riva-tuner .com) (malware.rules)
2046987 - ET MALWARE Win32/Trojan.Fruity Domain in DNS Lookup (atikmdagpatcher .com) (malware.rules)
2046988 - ET MALWARE Win32/Trojan.Fruity Domain (polaris-bios-editor .ru) in TLS SNI (malware.rules)
2046989 - ET MALWARE Win32/Trojan.Fruity Domain (atiflash .ru) in TLS SNI (malware.rules)
2046990 - ET MALWARE Win32/Trojan.Fruity Domain (overdriventool .ru) in TLS SNI (malware.rules)
2046991 - ET MALWARE Win32/Trojan.Fruity Domain (balena-etcher .com) in TLS SNI (malware.rules)
2046992 - ET MALWARE Win32/Trojan.Fruity Domain (evga-precision .com) in TLS SNI (malware.rules)
2046993 - ET MALWARE Win32/Trojan.Fruity Domain (nvidiainspector .ru) in TLS SNI (malware.rules)
2046994 - ET MALWARE Win32/Trojan.Fruity Domain (ryzen-master .com) in TLS SNI (malware.rules)
2046995 - ET MALWARE Win32/Trojan.Fruity Domain (btc-tools .ru) in TLS SNI (malware.rules)
2046996 - ET MALWARE Win32/Trojan.Fruity Domain (more-power-tool .com) in TLS SNI (malware.rules)
2046997 - ET MALWARE Win32/Trojan.Fruity Domain (sapphiretrixx .com) in TLS SNI (malware.rules)
2046998 - ET MALWARE Win32/Trojan.Fruity Domain (clockgen64 .com) in TLS SNI (malware.rules)
2046999 - ET MALWARE Win32/Trojan.Fruity Domain (nvflash .ru) in TLS SNI (malware.rules)
2047000 - ET MALWARE Win32/Trojan.Fruity Domain (srbpolaris .ru) in TLS SNI (malware.rules)
2047001 - ET MALWARE Win32/Trojan.Fruity Domain (techpowerup-gpu-z .com) in TLS SNI (malware.rules)
2047002 - ET MALWARE Win32/Trojan.Fruity Domain (riva-tuner .com) in TLS SNI (malware.rules)
2047003 - ET MALWARE Win32/Trojan.Fruity Domain (atikmdagpatcher .com) in TLS SNI (malware.rules)
2047113 - ET MALWARE 8Base Ransomware Domain in DNS Lookup (dexblog45 .xyz) (malware.rules)
2047114 - ET MALWARE 8Base Ransomware Domain in DNS Lookup (sentrex219 .xyz) (malware.rules)
2047617 - ET MALWARE MacOS/RustBucket CnC Domain in DNS Lookup (autodynamics .work .gd) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/11/07 - v10460 Ruleset Updates	380	November 7, 2023
Ruleset Update Summary - 2024/04/29 - v10585 Ruleset Updates	273	April 29, 2024
Ruleset Update Summary - 2023/08/24 - v10402 Ruleset Updates	319	August 24, 2023
Ruleset Update Summary - 2024/01/23 - v10512 Ruleset Updates	268	January 23, 2024
Ruleset Update Summary - 2023/05/03 - v10315 Ruleset Updates	368	May 3, 2023

Ruleset Update Summary - 2023/10/06 - v10434

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics