Ruleset Update Summary - 2023/11/17 - v10468

rulesbot · November 17, 2023, 9:36pm

Summary:

4 new OPEN, 5 new PRO (4 + 1)

Added rules:

Open:

2049250 - ET INFO DNS Query to Browser FingerprintJS Domain (openfpcdn .io) (info.rules)
2049251 - ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI) (info.rules)
2049252 - ET INFO Query to FingerprintJS (GET) (info.rules)
2049253 - ET MALWARE [ANY.RUN] Stealc/Vidar Stealer TLS Certificate (malware.rules)

Pro:

2855829 - ETPRO MALWARE Win32/VF ImageLoader HTTP Payload Inbound (malware.rules)

Disabled and modified rules:

2039087 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (microsoftfileapis .com) (malware.rules)
2039088 - ET MALWARE Observed DNS Query to Comm100 Trojan Domain (windowstearns .com) (malware.rules)
2039430 - ET PHISHING Observed DNS Query to Phishing Domain (ficosha .com) (phishing.rules)
2044738 - ET MALWARE Xaview Stealer Admin Panel Inbound (malware.rules)
2045644 - ET MALWARE DNS Query to TA444 Domain (parallaxdigital .online) (malware.rules)
2045645 - ET MALWARE DNS Query to TA444 Domain (myfirmdocument .online) (malware.rules)
2048101 - ET MALWARE Atomic MacOS Stealer CnC Domain in DNS Lookup (maybe .host) (malware.rules)
2048102 - ET MALWARE Observed Atomic MacOS Stealer Domain (maybe .host in TLS SNI) (malware.rules)
2048144 - ET PHISHING DNS Query to TOAD Domain (eshopper .top) (phishing.rules)
2048147 - ET PHISHING TOAD Domain in DNS Lookup (athelp .live) (phishing.rules)
2048148 - ET PHISHING TOAD Domain in DNS Lookup (login .pcsystem247 .cc) (phishing.rules)
2048149 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .cc) (phishing.rules)
2048150 - ET PHISHING TOAD Domain in DNS Lookup (mghelp .live) (phishing.rules)
2048151 - ET PHISHING TOAD Domain in DNS Lookup (wdhelp .us) (phishing.rules)
2048152 - ET PHISHING TOAD Domain in DNS Lookup (support7 .cc) (phishing.rules)
2048153 - ET PHISHING TOAD Domain in DNS Lookup (wdhelp .live) (phishing.rules)
2048154 - ET PHISHING TOAD Domain in DNS Lookup (mta-sts .gub .bio) (phishing.rules)
2048155 - ET PHISHING TOAD Domain in DNS Lookup (kbhelp .info) (phishing.rules)
2048156 - ET PHISHING TOAD Domain in DNS Lookup (axhelp .live) (phishing.rules)
2048157 - ET PHISHING TOAD Domain in DNS Lookup (helpsystem .cc) (phishing.rules)
2048158 - ET PHISHING TOAD Domain in DNS Lookup (mail .retfaqboos .site) (phishing.rules)
2048159 - ET PHISHING TOAD Domain in DNS Lookup (gbhelp .live) (phishing.rules)
2048160 - ET PHISHING TOAD Domain in DNS Lookup (gbhelp .cc) (phishing.rules)
2048161 - ET PHISHING TOAD Domain in DNS Lookup (gchelp .info) (phishing.rules)
2048162 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .us) (phishing.rules)
2048163 - ET PHISHING TOAD Domain in DNS Lookup (cxhelp .us) (phishing.rules)
2048164 - ET PHISHING TOAD Domain in DNS Lookup (retfaqboos .site) (phishing.rules)
2048165 - ET PHISHING TOAD Domain in DNS Lookup (mail .mrree .gub .bio) (phishing.rules)
2048166 - ET PHISHING TOAD Domain in DNS Lookup (dfhelp .cc) (phishing.rules)
2048167 - ET PHISHING TOAD Domain in DNS Lookup (pcsystem247 .cc) (phishing.rules)
2048168 - ET PHISHING TOAD Domain in DNS Lookup (pxhelp .us) (phishing.rules)
2048169 - ET PHISHING TOAD Domain in DNS Lookup (amz34 .us) (phishing.rules)
2048170 - ET PHISHING TOAD Domain in DNS Lookup (emv1 .gub .bio) (phishing.rules)
2048171 - ET PHISHING TOAD Domain in DNS Lookup (mchelp .cc) (phishing.rules)
2048172 - ET PHISHING TOAD Domain in DNS Lookup (login .helpsystem .cc) (phishing.rules)
2048173 - ET PHISHING TOAD Domain in DNS Lookup (jxhelp .info) (phishing.rules)
2048174 - ET PHISHING TOAD Domain in DNS Lookup (33 .gub .bio) (phishing.rules)
2048175 - ET PHISHING TOAD Domain in DNS Lookup (dbhelp .info) (phishing.rules)
2048176 - ET PHISHING TOAD Domain in DNS Lookup (gub .bio) (phishing.rules)
2048177 - ET PHISHING TOAD Domain in DNS Lookup (lbhelp .us) (phishing.rules)
2048178 - ET PHISHING TOAD Domain in DNS Lookup (mshelp58 .us) (phishing.rules)
2048179 - ET PHISHING TOAD Domain in DNS Lookup (cashapphelp19 .us) (phishing.rules)
2048180 - ET PHISHING Observed TOAD Domain (login .helpsystem .cc in TLS SNI) (phishing.rules)
2048181 - ET PHISHING Observed TOAD Domain (gbhelp .cc in TLS SNI) (phishing.rules)
2048182 - ET PHISHING Observed TOAD Domain (lbhelp .us in TLS SNI) (phishing.rules)
2048183 - ET PHISHING Observed TOAD Domain (wdhelp .us in TLS SNI) (phishing.rules)
2048184 - ET PHISHING Observed TOAD Domain (mchelp .cc in TLS SNI) (phishing.rules)
2048185 - ET PHISHING Observed TOAD Domain (kbhelp .info in TLS SNI) (phishing.rules)
2048186 - ET PHISHING Observed TOAD Domain (mta-sts .gub .bio in TLS SNI) (phishing.rules)
2048187 - ET PHISHING Observed TOAD Domain (amz34 .us in TLS SNI) (phishing.rules)
2048188 - ET PHISHING Observed TOAD Domain (login .pcsystem247 .cc in TLS SNI) (phishing.rules)
2048189 - ET PHISHING Observed TOAD Domain (gbhelp .live in TLS SNI) (phishing.rules)
2048190 - ET PHISHING Observed TOAD Domain (dbhelp .info in TLS SNI) (phishing.rules)
2048191 - ET PHISHING Observed TOAD Domain (jxhelp .info in TLS SNI) (phishing.rules)
2048192 - ET PHISHING Observed TOAD Domain (axhelp .live in TLS SNI) (phishing.rules)
2048193 - ET PHISHING Observed TOAD Domain (jxhelp .us in TLS SNI) (phishing.rules)
2048194 - ET PHISHING Observed TOAD Domain (cashapphelp19 .us in TLS SNI) (phishing.rules)
2048195 - ET PHISHING Observed TOAD Domain (jxhelp .cc in TLS SNI) (phishing.rules)
2048196 - ET PHISHING Observed TOAD Domain (pcsystem247 .cc in TLS SNI) (phishing.rules)
2048197 - ET PHISHING Observed TOAD Domain (athelp .live in TLS SNI) (phishing.rules)
2048198 - ET PHISHING Observed TOAD Domain (wdhelp .live in TLS SNI) (phishing.rules)
2048199 - ET PHISHING Observed TOAD Domain (gub .bio in TLS SNI) (phishing.rules)
2048200 - ET PHISHING Observed TOAD Domain (mail .retfaqboos .site in TLS SNI) (phishing.rules)
2048201 - ET PHISHING Observed TOAD Domain (mghelp .live in TLS SNI) (phishing.rules)
2048202 - ET PHISHING Observed TOAD Domain (support7 .cc in TLS SNI) (phishing.rules)
2048203 - ET PHISHING Observed TOAD Domain (33 .gub .bio in TLS SNI) (phishing.rules)
2048204 - ET PHISHING Observed TOAD Domain (mail .mrree .gub .bio in TLS SNI) (phishing.rules)
2048205 - ET PHISHING Observed TOAD Domain (pxhelp .us in TLS SNI) (phishing.rules)
2048206 - ET PHISHING Observed TOAD Domain (emv1 .gub .bio in TLS SNI) (phishing.rules)
2048207 - ET PHISHING Observed TOAD Domain (helpsystem .cc in TLS SNI) (phishing.rules)
2048208 - ET PHISHING Observed TOAD Domain (retfaqboos .site in TLS SNI) (phishing.rules)
2048209 - ET PHISHING Observed TOAD Domain (cxhelp .us in TLS SNI) (phishing.rules)
2048210 - ET PHISHING Observed TOAD Domain (gchelp .info in TLS SNI) (phishing.rules)
2048211 - ET PHISHING Observed TOAD Domain (mshelp58 .us in TLS SNI) (phishing.rules)
2048212 - ET PHISHING Observed TOAD Domain (dfhelp .cc in TLS SNI) (phishing.rules)
2048231 - ET PHISHING TOAD Domain in DNS Lookup (gxcare .cc) (phishing.rules)
2048232 - ET PHISHING TOAD Domain in DNS Lookup (tenty247 .top) (phishing.rules)
2048233 - ET PHISHING Observed TOAD Domain (gxcare .cc in TLS SNI) (phishing.rules)
2048234 - ET PHISHING Observed TOAD Domain (tenty247 .top in TLS SNI) (phishing.rules)
2855316 - ETPRO PHISHING TOAD Domain in DNS Lookup (phishing.rules)
2855317 - ETPRO PHISHING Observed TOAD Domain in TLS SNI (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/09/20 - v10421 Ruleset Updates	258	September 20, 2023
Ruleset Update Summary - 2023/08/31 - v10407 Ruleset Updates	250	August 31, 2023
Ruleset Update Summary - 2023/10/03 - v10431 Ruleset Updates	210	October 3, 2023
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	213	June 20, 2023
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	293	November 22, 2023

Ruleset Update Summary - 2023/11/17 - v10468

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related Topics