Ruleset Update Summary - 2023/10/09 - v10435

rulesbot · October 9, 2023, 8:31pm

Summary:

14 new OPEN, 26 new PRO (14 + 12)

2048493 - ET INFO ISO File Downloaded (info.rules)
2048494 - ET ADWARE_PUP DNS Query to PacketShare Proxy API Domain (api .packetshare .io) (adware_pup.rules)
2048495 - ET ADWARE_PUP Observed PacketShare Proxy Domain Domain (api .packetshare .io in TLS SNI) (adware_pup.rules)
2048496 - ET ADWARE_PUP PacketShare Proxy Connection Init (POST) (adware_pup.rules)
2048497 - ET ADWARE_PUP PacketShare Proxy Connection Heartbeat (POST) (adware_pup.rules)
2048498 - ET ADWARE_PUP PacketShare Proxy Client Login (GET) (adware_pup.rules)
2048499 - ET INFO Filesharing Domain in DNS Lookip (lifeboxtransfer .com) (info.rules)
2048500 - ET INFO Observed Filesharing Domain (lifeboxtransfer .com in TLS SNI) (info.rules)
2048501 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (configuratorpro .com) (exploit_kit.rules)
2048502 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (antiqueglossary .com) (exploit_kit.rules)
2048503 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (configuratorpro .com) (exploit_kit.rules)
2048504 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (antiqueglossary .com) (exploit_kit.rules)
2048505 - ET MALWARE SocGholish Domain in DNS Lookup (sommelier .peppertreecanyon .com) (malware.rules)
2048506 - ET MALWARE SocGholish Domain in TLS SNI (sommelier .peppertreecanyon .com) (malware.rules)

2855334 - ETPRO MALWARE Malicious Domain in DNS Lookup (malware.rules)
2855335 - ETPRO MALWARE Observed Malicious Domain in TLS SNI (malware.rules)
2855336 - ETPRO MALWARE Cryptex Related Domain in DNS Lookup (malware.rules)
2855337 - ETPRO MALWARE Observed Cryptex Related Domain in TLS SNI (malware.rules)
2855338 - ETPRO MALWARE Possible Cryptex OPTIONS Request (malware.rules)
2855339 - ETPRO MALWARE Cryptex 302 Redirect (malware.rules)
2855340 - ETPRO EXPLOIT_KIT ZPHP Lure Request M2 (exploit_kit.rules)
2855341 - ETPRO EXPLOIT_KIT ZPHP Request M3 (exploit_kit.rules)
2855342 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2855343 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2855344 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
2855345 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/09/29 - v10429 Ruleset Updates	323	September 29, 2023
Ruleset Update Summary - 2024/03/19 - v10555 Ruleset Updates	249	March 19, 2024
Ruleset Update Summary - 2023/05/15 - v10323 Ruleset Updates	348	May 15, 2023
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	349	November 22, 2023
Ruleset Update Summary - 2024/07/12 - v10644 Ruleset Updates	86	July 12, 2024