Ruleset Update Summary - 2023/10/24 - v10447

rulesbot · October 24, 2023, 8:46pm

Summary:

133 new OPEN, 137 new PRO (133 + 4)

Added rules:

Open:

2048763 - ET PHISHING DNS Query to TOAD Domain (bshelp .us) (phishing.rules)
2048764 - ET PHISHING DNS Query to TOAD Domain (b2care .cc) (phishing.rules)
2048765 - ET PHISHING DNS Query to TOAD Domain (cshelp03 .us) (phishing.rules)
2048766 - ET PHISHING DNS Query to TOAD Domain (r2care .cc) (phishing.rules)
2048767 - ET PHISHING DNS Query to TOAD Domain (bghelp .us) (phishing.rules)
2048768 - ET PHISHING DNS Query to TOAD Domain (r2care .us) (phishing.rules)
2048769 - ET PHISHING DNS Query to TOAD Domain (dfhelp .live) (phishing.rules)
2048770 - ET PHISHING DNS Query to TOAD Domain (hshelp .live) (phishing.rules)
2048771 - ET PHISHING DNS Query to TOAD Domain (j2care .cc) (phishing.rules)
2048772 - ET PHISHING DNS Query to TOAD Domain (hscare .cc) (phishing.rules)
2048773 - ET PHISHING DNS Query to TOAD Domain (i2care .us) (phishing.rules)
2048774 - ET PHISHING DNS Query to TOAD Domain (hshelp .info) (phishing.rules)
2048775 - ET PHISHING DNS Query to TOAD Domain (bgcare .info) (phishing.rules)
2048776 - ET PHISHING DNS Query to TOAD Domain (bgcare .us) (phishing.rules)
2048777 - ET PHISHING DNS Query to TOAD Domain (a2help .us) (phishing.rules)
2048778 - ET PHISHING DNS Query to TOAD Domain (bshelp .support) (phishing.rules)
2048779 - ET PHISHING DNS Query to TOAD Domain (bscare .help) (phishing.rules)
2048780 - ET PHISHING DNS Query to TOAD Domain (c2care .cc) (phishing.rules)
2048781 - ET PHISHING DNS Query to TOAD Domain (hscare .info) (phishing.rules)
2048782 - ET PHISHING DNS Query to TOAD Domain (hscare .live) (phishing.rules)
2048783 - ET PHISHING DNS Query to TOAD Domain (brhelp .live) (phishing.rules)
2048784 - ET PHISHING DNS Query to TOAD Domain (bscare .cc) (phishing.rules)
2048785 - ET PHISHING DNS Query to TOAD Domain (cancel247 .info) (phishing.rules)
2048786 - ET PHISHING DNS Query to TOAD Domain (m2care .cc) (phishing.rules)
2048787 - ET PHISHING DNS Query to TOAD Domain (aphelp .us) (phishing.rules)
2048788 - ET PHISHING DNS Query to TOAD Domain (d2care .cc) (phishing.rules)
2048789 - ET PHISHING DNS Query to TOAD Domain (g2care .us) (phishing.rules)
2048790 - ET PHISHING DNS Query to TOAD Domain (bgcare .live) (phishing.rules)
2048791 - ET PHISHING DNS Query to TOAD Domain (j2care .us) (phishing.rules)
2048792 - ET PHISHING DNS Query to TOAD Domain (bshelp .info) (phishing.rules)
2048793 - ET PHISHING DNS Query to TOAD Domain (n2care .us) (phishing.rules)
2048794 - ET PHISHING DNS Query to TOAD Domain (nxhelp .live) (phishing.rules)
2048795 - ET PHISHING DNS Query to TOAD Domain (bghelp .online) (phishing.rules)
2048796 - ET PHISHING DNS Query to TOAD Domain (catreenpr .is) (phishing.rules)
2048797 - ET PHISHING DNS Query to TOAD Domain (hscare .online) (phishing.rules)
2048798 - ET PHISHING DNS Query to TOAD Domain (kelbyonel .nl) (phishing.rules)
2048799 - ET PHISHING DNS Query to TOAD Domain (m2care .us) (phishing.rules)
2048800 - ET PHISHING DNS Query to TOAD Domain (hshelp .online) (phishing.rules)
2048801 - ET PHISHING DNS Query to TOAD Domain (bscare .info) (phishing.rules)
2048802 - ET PHISHING DNS Query to TOAD Domain (hshelp .us) (phishing.rules)
2048803 - ET PHISHING DNS Query to TOAD Domain (hscare .us) (phishing.rules)
2048804 - ET PHISHING DNS Query to TOAD Domain (h2care .cc) (phishing.rules)
2048805 - ET PHISHING DNS Query to TOAD Domain (b2care .us) (phishing.rules)
2048806 - ET PHISHING DNS Query to TOAD Domain (bscare .live) (phishing.rules)
2048807 - ET PHISHING DNS Query to TOAD Domain (bshelp .live) (phishing.rules)
2048808 - ET PHISHING DNS Query to TOAD Domain (suvfix .us) (phishing.rules)
2048809 - ET PHISHING DNS Query to TOAD Domain (axhelp .us) (phishing.rules)
2048810 - ET PHISHING DNS Query to TOAD Domain (g2care .cc) (phishing.rules)
2048811 - ET PHISHING DNS Query to TOAD Domain (a2care .cc) (phishing.rules)
2048812 - ET PHISHING DNS Query to TOAD Domain (i2care .cc) (phishing.rules)
2048813 - ET PHISHING DNS Query to TOAD Domain (mshelp09 .live) (phishing.rules)
2048814 - ET PHISHING DNS Query to TOAD Domain (n2care .cc) (phishing.rules)
2048815 - ET PHISHING DNS Query to TOAD Domain (cashapphelp2 .us) (phishing.rules)
2048816 - ET PHISHING DNS Query to TOAD Domain (bscare .us) (phishing.rules)
2048817 - ET PHISHING DNS Query to TOAD Domain (hshelp .cc) (phishing.rules)
2048818 - ET PHISHING DNS Query to TOAD Domain (a2care .us) (phishing.rules)
2048819 - ET PHISHING DNS Query to TOAD Domain (bghelp .live) (phishing.rules)
2048820 - ET PHISHING DNS Query to TOAD Domain (bgcare .cc) (phishing.rules)
2048821 - ET PHISHING DNS Query to TOAD Domain (h2care .us) (phishing.rules)
2048822 - ET PHISHING DNS Query to TOAD Domain (bgcare .help) (phishing.rules)
2048823 - ET PHISHING DNS Query to TOAD Domain (bghelp .cc) (phishing.rules)
2048824 - ET PHISHING DNS Query to TOAD Domain (bgcare .online) (phishing.rules)
2048825 - ET PHISHING DNS Query to TOAD Domain (q2care .us) (phishing.rules)
2048826 - ET PHISHING DNS Query to TOAD Domain (d2care .us) (phishing.rules)
2048827 - ET PHISHING DNS Query to TOAD Domain (c2care .us) (phishing.rules)
2048828 - ET PHISHING Observed TOAD Domain (nxhelp .live in TLS SNI) (phishing.rules)
2048829 - ET PHISHING Observed TOAD Domain (r2care .cc in TLS SNI) (phishing.rules)
2048830 - ET PHISHING Observed TOAD Domain (bgcare .cc in TLS SNI) (phishing.rules)
2048831 - ET PHISHING Observed TOAD Domain (hscare .us in TLS SNI) (phishing.rules)
2048832 - ET PHISHING Observed TOAD Domain (bgcare .online in TLS SNI) (phishing.rules)
2048833 - ET PHISHING Observed TOAD Domain (bscare .live in TLS SNI) (phishing.rules)
2048834 - ET PHISHING Observed TOAD Domain (c2care .us in TLS SNI) (phishing.rules)
2048835 - ET PHISHING Observed TOAD Domain (cshelp03 .us in TLS SNI) (phishing.rules)
2048836 - ET PHISHING Observed TOAD Domain (a2help .us in TLS SNI) (phishing.rules)
2048837 - ET PHISHING Observed TOAD Domain (hscare .cc in TLS SNI) (phishing.rules)
2048838 - ET PHISHING Observed TOAD Domain (h2care .cc in TLS SNI) (phishing.rules)
2048839 - ET PHISHING Observed TOAD Domain (bghelp .live in TLS SNI) (phishing.rules)
2048840 - ET PHISHING Observed TOAD Domain (bgcare .info in TLS SNI) (phishing.rules)
2048841 - ET PHISHING Observed TOAD Domain (bshelp .info in TLS SNI) (phishing.rules)
2048842 - ET PHISHING Observed TOAD Domain (cashapphelp2 .us in TLS SNI) (phishing.rules)
2048843 - ET PHISHING Observed TOAD Domain (d2care .us in TLS SNI) (phishing.rules)
2048844 - ET PHISHING Observed TOAD Domain (c2care .cc in TLS SNI) (phishing.rules)
2048845 - ET PHISHING Observed TOAD Domain (g2care .us in TLS SNI) (phishing.rules)
2048846 - ET PHISHING Observed TOAD Domain (hscare .info in TLS SNI) (phishing.rules)
2048847 - ET PHISHING Observed TOAD Domain (a2care .cc in TLS SNI) (phishing.rules)
2048848 - ET PHISHING Observed TOAD Domain (hscare .online in TLS SNI) (phishing.rules)
2048849 - ET PHISHING Observed TOAD Domain (bscare .cc in TLS SNI) (phishing.rules)
2048850 - ET PHISHING Observed TOAD Domain (hshelp .online in TLS SNI) (phishing.rules)
2048851 - ET PHISHING Observed TOAD Domain (n2care .cc in TLS SNI) (phishing.rules)
2048852 - ET PHISHING Observed TOAD Domain (n2care .us in TLS SNI) (phishing.rules)
2048853 - ET PHISHING Observed TOAD Domain (mshelp09 .live in TLS SNI) (phishing.rules)
2048854 - ET PHISHING Observed TOAD Domain (i2care .cc in TLS SNI) (phishing.rules)
2048855 - ET PHISHING Observed TOAD Domain (b2care .cc in TLS SNI) (phishing.rules)
2048856 - ET PHISHING Observed TOAD Domain (bghelp .online in TLS SNI) (phishing.rules)
2048857 - ET PHISHING Observed TOAD Domain (bscare .us in TLS SNI) (phishing.rules)
2048858 - ET PHISHING Observed TOAD Domain (bscare .help in TLS SNI) (phishing.rules)
2048859 - ET PHISHING Observed TOAD Domain (bshelp .us in TLS SNI) (phishing.rules)
2048860 - ET PHISHING Observed TOAD Domain (g2care .cc in TLS SNI) (phishing.rules)
2048861 - ET PHISHING Observed TOAD Domain (h2care .us in TLS SNI) (phishing.rules)
2048862 - ET PHISHING Observed TOAD Domain (j2care .us in TLS SNI) (phishing.rules)
2048863 - ET PHISHING Observed TOAD Domain (q2care .us in TLS SNI) (phishing.rules)
2048864 - ET PHISHING Observed TOAD Domain (r2care .us in TLS SNI) (phishing.rules)
2048865 - ET PHISHING Observed TOAD Domain (a2care .us in TLS SNI) (phishing.rules)
2048866 - ET PHISHING Observed TOAD Domain (d2care .cc in TLS SNI) (phishing.rules)
2048867 - ET PHISHING Observed TOAD Domain (axhelp .us in TLS SNI) (phishing.rules)
2048868 - ET PHISHING Observed TOAD Domain (bgcare .help in TLS SNI) (phishing.rules)
2048869 - ET PHISHING Observed TOAD Domain (i2care .us in TLS SNI) (phishing.rules)
2048870 - ET PHISHING Observed TOAD Domain (suvfix .us in TLS SNI) (phishing.rules)
2048871 - ET PHISHING Observed TOAD Domain (bghelp .cc in TLS SNI) (phishing.rules)
2048872 - ET PHISHING Observed TOAD Domain (m2care .us in TLS SNI) (phishing.rules)
2048873 - ET PHISHING Observed TOAD Domain (dfhelp .live in TLS SNI) (phishing.rules)
2048874 - ET PHISHING Observed TOAD Domain (j2care .cc in TLS SNI) (phishing.rules)
2048875 - ET PHISHING Observed TOAD Domain (bgcare .live in TLS SNI) (phishing.rules)
2048876 - ET PHISHING Observed TOAD Domain (bshelp .live in TLS SNI) (phishing.rules)
2048877 - ET PHISHING Observed TOAD Domain (hshelp .live in TLS SNI) (phishing.rules)
2048878 - ET PHISHING Observed TOAD Domain (m2care .cc in TLS SNI) (phishing.rules)
2048879 - ET PHISHING Observed TOAD Domain (brhelp .live in TLS SNI) (phishing.rules)
2048880 - ET PHISHING Observed TOAD Domain (hshelp .cc in TLS SNI) (phishing.rules)
2048881 - ET PHISHING Observed TOAD Domain (bghelp .us in TLS SNI) (phishing.rules)
2048882 - ET PHISHING Observed TOAD Domain (cancel247 .info in TLS SNI) (phishing.rules)
2048883 - ET PHISHING Observed TOAD Domain (b2care .us in TLS SNI) (phishing.rules)
2048884 - ET PHISHING Observed TOAD Domain (hshelp .us in TLS SNI) (phishing.rules)
2048885 - ET PHISHING Observed TOAD Domain (bscare .info in TLS SNI) (phishing.rules)
2048886 - ET PHISHING Observed TOAD Domain (hscare .live in TLS SNI) (phishing.rules)
2048887 - ET PHISHING Observed TOAD Domain (kelbyonel .nl in TLS SNI) (phishing.rules)
2048888 - ET PHISHING Observed TOAD Domain (catreenpr .is in TLS SNI) (phishing.rules)
2048889 - ET PHISHING Observed TOAD Domain (hshelp .info in TLS SNI) (phishing.rules)
2048890 - ET PHISHING Observed TOAD Domain (aphelp .us in TLS SNI) (phishing.rules)
2048891 - ET PHISHING Observed TOAD Domain (bshelp .support in TLS SNI) (phishing.rules)
2048892 - ET PHISHING Observed TOAD Domain (bgcare .us in TLS SNI) (phishing.rules)
2048893 - ET MOBILE_MALWARE Android Nexus Banking Botnet Activity (GET) (mobile_malware.rules)
2048894 - ET HUNTING MacOS Process List in HTTP POST Request (/sbin/launchd) M1 (hunting.rules)
2048895 - ET HUNTING MacOS Process List in HTTP POST Request (/sbin/launchd) M2 (hunting.rules)

Pro:

2855478 - ETPRO MALWARE Unknown Golang Backdoor Activity (malware.rules)
2855479 - ETPRO HUNTING HTTP 666 Response Code (hunting.rules)
2855480 - ETPRO EXPLOIT_KIT WordPress Malicious Admin Creation Domain in DNS Lookup (exploit_kit.rules)
2855481 - ETPRO EXPLOIT_KIT WordPress Malicious Admin Creation Domain in TLS SNI (exploit_kit.rules)

Disabled and modified rules:

2046863 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (googletagmanagar .com) (exploit_kit.rules)
2046864 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (google-analytiks .com) (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/09/22 - v10423 Ruleset Updates	330	September 22, 2023
Ruleset Update Summary - 2023/08/10 - v10391 Ruleset Updates	255	August 10, 2023
Ruleset Update Summary - 2023/10/13 - v10439 Ruleset Updates	334	October 13, 2023
Ruleset Update Summary - 2023/10/03 - v10431 Ruleset Updates	234	October 3, 2023
Ruleset Update Summary - 2024/12/03 - v10783 Ruleset Updates	28	December 3, 2024

Ruleset Update Summary - 2023/10/24 - v10447

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics