Ruleset Update Summary - 2023/11/02 - v10456

rulesbot · November 2, 2023, 9:17pm

Summary:

12 new OPEN, 14 new PRO (12 + 2)

Thanks @X1r0z

Added rules:

Open:

2049045 - ET EXPLOIT Apache ActiveMQ Remote Code Execution Attempt (CVE-2023-46604) (exploit.rules)
2049046 - ET INFO Remote Spring Application XML Configuration Downloaded with ProcessBuilder - Possible Apache ActiveMQ Remote Code Execution (CVE-2023-46604) (info.rules)
2049047 - ET MALWARE Suspected APT34 Related SSD Backdoor Activity (POST) (malware.rules)
2049048 - ET MALWARE Suspected APT34 Related SSD Backdoor Response (malware.rules)
2049049 - ET INFO Observed DNS Query to *.ngrok Domain (ngrok-free .dev) (info.rules)
2049050 - ET INFO Observed DNS Query to *.ngrok Domain (ngrok-free .app) (info.rules)
2049051 - ET INFO Observed DNS Query to *.ngrok Domain (ngrok .dev) (info.rules)
2049052 - ET INFO Observed DNS Query to *.ngrok Domain (ngrok .app) (info.rules)
2049053 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (farmexpressmachine .com) (exploit_kit.rules)
2049054 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pdfinfinity .com) (exploit_kit.rules)
2049055 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (farmexpressmachine .com) (exploit_kit.rules)
2049056 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pdfinfinity .com) (exploit_kit.rules)

Pro:

2855517 - ETPRO MALWARE AsyncRAT Payload Inbound (malware.rules)
2855518 - ETPRO MALWARE AsyncRAT Related CnC Activity (malware.rules)

Disabled and modified rules:

2045678 - ET MALWARE SocGholish Domain in DNS Lookup (achievements .ritagamer .com) (malware.rules)
2045812 - ET MALWARE SocGholish Domain in DNS Lookup (broadcast .ninemuses .io) (malware.rules)
2046862 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (updateadobeflash .website) (exploit_kit.rules)
2046883 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (sevenpunches .org) (exploit_kit.rules)
2046884 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (sevenpunches .org) (exploit_kit.rules)
2047792 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (adqdqqewqewplzoqmzq .site) (exploit_kit.rules)
2047793 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (borbrbmrtxtrbxrq .site) (exploit_kit.rules)
2047794 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (komomjinndqndqwf .store ) (exploit_kit.rules)
2047795 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (omdowqind .site) (exploit_kit.rules)
2047796 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (wffewiuofegwumzowefmgwezfzew .site) (exploit_kit.rules)
2047797 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (wnimodmoiejn .site) (exploit_kit.rules)
2047798 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (adqdqqewqewplzoqmzq .site) (exploit_kit.rules)
2047799 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (borbrbmrtxtrbxrq .site) (exploit_kit.rules)
2047800 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (komomjinndqndqwf .store ) (exploit_kit.rules)
2047801 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (omdowqind .site) (exploit_kit.rules)
2047802 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (wffewiuofegwumzowefmgwezfzew .site) (exploit_kit.rules)
2047803 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (wnimodmoiejn .site) (exploit_kit.rules)
2047858 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ewkekezmwzfevwvwvvmmmmmmwfwf .site) (exploit_kit.rules)
2047859 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (dust-0001 .delorazahnow .workers .dev) (exploit_kit.rules)
2047860 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ewkekezmwzfevwvwvvmmmmmmwfwf .site) (exploit_kit.rules)
2047861 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (dust-0001 .delorazahnow .workers .dev) (exploit_kit.rules)
2047863 - ET MALWARE SocGholish Domain in DNS Lookup (assay .porchlightcommunity .org) (malware.rules)
2047864 - ET MALWARE SocGholish Domain in TLS SNI (assay .porchlightcommunity .org) (malware.rules)
2047891 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (pwwqkppwqkezqer .site) (exploit_kit.rules)
2047892 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (pwwqkppwqkezqer .site) (exploit_kit.rules)
2047895 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (googlestates .com) (exploit_kit.rules)
2047896 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (googlestates .com) (exploit_kit.rules)
2048272 - ET PHISHING Crypto Phishing DNS Lookup (phishing.rules)
2048273 - ET PHISHING Phishing Domain in TLS SNI (imedcloud .net) (phishing.rules)
2048274 - ET PHISHING Crypto Phishing DNS Lookup (phishing.rules)
2048275 - ET PHISHING Observed Crypto Phishing Domain in TLS SNI (phishing.rules)
2048329 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Waytopmobirtb .com) (exploit_kit.rules)
2048330 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Wstatkblsenmb1234 .top) (exploit_kit.rules)
2048331 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (waytopmobi .com) (exploit_kit.rules)
2048332 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (tetstwitn12 .xyz) (exploit_kit.rules)
2048333 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Apsbvl .space) (exploit_kit.rules)
2048334 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Bhgusz .space) (exploit_kit.rules)
2048335 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (axufcs .space) (exploit_kit.rules)
2048336 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Luckypapa .top) (exploit_kit.rules)
2048338 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (Luckypuppy .top) (exploit_kit.rules)
2048340 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (bbd383ttka21 .top) (exploit_kit.rules)
2048341 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (21bustqisw2 .top) (exploit_kit.rules)
2048342 - ET EXPLOIT_KIT ScamClub Domain in DNS Lookup (2022325luckyday .top) (exploit_kit.rules)
2048343 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Waytopmobirtb .com) (exploit_kit.rules)
2048344 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Wstatkblsenmb1234 .top) (exploit_kit.rules)
2048345 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (waytopmobi .com) (exploit_kit.rules)
2048346 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (tetstwitn12 .xyz) (exploit_kit.rules)
2048347 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Apsbvl .space) (exploit_kit.rules)
2048348 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Bhgusz .space) (exploit_kit.rules)
2048349 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (axufcs .space) (exploit_kit.rules)
2048350 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypapa .top) (exploit_kit.rules)
2048352 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (Luckypuppy .top) (exploit_kit.rules)
2048354 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (bbd383ttka21 .top) (exploit_kit.rules)
2048355 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (21bustqisw2 .top) (exploit_kit.rules)
2048356 - ET EXPLOIT_KIT ScamClub Domain in TLS SNI (2022325luckyday .top) (exploit_kit.rules)
2855362 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/11/03 - v10457 Ruleset Updates	301	November 3, 2023
Ruleset Update Summary - 2023/11/01 - v10455 Ruleset Updates	350	November 1, 2023
Ruleset Update Summary - 2023/12/07 - v10481 Ruleset Updates	268	December 7, 2023
Ruleset Update Summary - 2024/08/26 - v10674 Ruleset Updates	137	August 26, 2024
Ruleset Update Summary - 2024/04/29 - v10585 Ruleset Updates	272	April 29, 2024

Ruleset Update Summary - 2023/11/02 - v10456

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics