Ruleset Update Summary - 2023/10/10 - v10436

rulesbot · October 10, 2023, 7:42pm

Summary:

27 new OPEN, 28 new PRO (27 + 1)

Thanks @malware_traffic

Added rules:

Open:

2048507 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (basic .rethinkdns .com) (info.rules)
2048508 - ET INFO LNK File Downloaded via HTTP (info.rules)
2048509 - ET MALWARE Darkgate Stealer CnC Checkin (POST) (malware.rules)
2048510 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns01 .flm9 .net) (info.rules)
2048511 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (clientdns3 .softcom .net) (info.rules)
2048512 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (irre .li) (info.rules)
2048513 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (lastentarvike .fi) (info.rules)
2048514 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .daw .dev) (info.rules)
2048515 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (muli .stusta .mhn .de) (info.rules)
2048516 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .hahnjo .de) (info.rules)
2048517 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doh .niyawe .de) (info.rules)
2048518 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cluster-1 .gac .edu) (info.rules)
2048519 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .in-berlin .de) (info.rules)
2048520 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .clanless .ovh) (info.rules)
2048521 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (cluster-0 .gac .edu) (info.rules)
2048522 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (esel .stusta .mhn .de) (info.rules)
2048523 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (timmes .nl) (info.rules)
2048524 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .jfchenier .ca) (info.rules)
2048525 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (ns .00dani .me) (info.rules)
2048526 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (doth .huque .com) (info.rules)
2048527 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .slinkyman .net) (info.rules)
2048528 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sky .rethinkdns .com) (info.rules)
2048529 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (jackyes .ovh) (info.rules)
2048530 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .fancyorg .at) (info.rules)
2048531 - ET PHISHING MageCart 404 COOKIE_ANNOT (phishing.rules)
2048532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eastrenclouds .com) (exploit_kit.rules)
2048533 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eastrenclouds .com) (exploit_kit.rules)

Pro:

2855346 - ETPRO MALWARE TA577 Red Response (malware.rules)

Removed rules:

2851065 - ETPRO INFO Observed DNS over HTTPS Domain in TLS SNI (basic .rethinkdns .com) (info.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/12/04 - v10478 Ruleset Updates	485	December 4, 2023
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	220	June 3, 2024
Ruleset Update Summary - 2024/01/24 - v10513 Ruleset Updates	266	January 24, 2024
Ruleset Update Summary - 2024/02/08 - v10527 Ruleset Updates	411	February 8, 2024
Ruleset Update Summary - 2024/01/31 - v10520 Ruleset Updates	355	January 31, 2024

Ruleset Update Summary - 2023/10/10 - v10436

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related Topics