Ruleset Update Summary - 2023/11/09 - v10462

Ruleset Updates
1

Summary:

18 new OPEN, 22 new PRO (18 + 4)

Thanks @James_inthe_box

Added rules:

Open:

  • 2049129 - ET MALWARE MACE C2 Framework Activity (GET) (malware.rules)
  • 2049130 - ET MALWARE MACE C2 Framework Response M1 (malware.rules)
  • 2049131 - ET MALWARE MACE C2 Framework Response M2 (malware.rules)
  • 2049132 - ET INFO Supabase Development Platform Related Domain in DNS Lookup (info.rules)
  • 2049133 - ET ADWARE_PUP DNS Query to Seetrol RAT Domain (seetrol .com) (adware_pup.rules)
  • 2049134 - ET ADWARE_PUP DNS Query to Seetrol RAT Domain (seetrol .kr) (adware_pup.rules)
  • 2049135 - ET ADWARE_PUP Observed Seetrol RAT Domain (seetrol .kr in TLS SNI) (adware_pup.rules)
  • 2049136 - ET ADWARE_PUP Observed Seetrol RAT Domain (seetrol .com in TLS SNI) (adware_pup.rules)
  • 2049137 - ET ADWARE_PUP Seetrol Remote Administration Tool Download (adware_pup.rules)
  • 2049138 - ET USER_AGENTS Seetrol Client Remote Administration Tool User-Agent (user_agents.rules)
  • 2049139 - ET WEB_SPECIFIC_APPS Roundcube Webmail XSS Attempt (CVE-2023-5631) (web_specific_apps.rules)
  • 2049140 - ET MALWARE Win32/Unknown Infostealer Data Exfiltration Attempt (malware.rules)
  • 2049141 - ET MALWARE SocGholish Domain in DNS Lookup (modification .grebcocontractors .com) (malware.rules)
  • 2049142 - ET MALWARE SocGholish Domain in DNS Lookup (sermon .pastorbriantubbs .com) (malware.rules)
  • 2049143 - ET MALWARE SocGholish Domain in TLS SNI (modification .grebcocontractors .com) (malware.rules)
  • 2049144 - ET MALWARE SocGholish Domain in TLS SNI (sermon .pastorbriantubbs .com) (malware.rules)
  • 2049145 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cwgmanagementllc .com) (exploit_kit.rules)
  • 2049146 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cwgmanagementllc .com) (exploit_kit.rules)

Pro:

  • 2855536 - ETPRO MALWARE Unknown Golang Backdoor CnC Client Request M1 (malware.rules)
  • 2855537 - ETPRO MALWARE Unknown Golang Backdoor CnC Client Request M2 (malware.rules)
  • 2855538 - ETPRO MALWARE Unknown Golang Backdoor CnC Server Response M1 (malware.rules)
  • 2855539 - ETPRO MALWARE Unknown Golang Backdoor CnC Server Response M2 (malware.rules)