Ruleset Update Summary - 2023/11/28 - v10474

Summary:

71 new OPEN, 71 new PRO (71 + 0)

Thanks @AhnLab_ASEC


Added rules:

Open:

  • 2049314 - ET WEB_CLIENT PROPFIND Method Xbit Set (web_client.rules)
  • 2049315 - ET WEB_CLIENT WebDAV Retrieving File from .url (web_client.rules)
  • 2049316 - ET MALWARE WebDAV Retrieving .exe from .url M1 (CVE-2023-36025) (malware.rules)
  • 2049317 - ET MALWARE WebDAV Retrieving .zip from .url M1 (CVE-2023-36025) (malware.rules)
  • 2049318 - ET WEB_CLIENT WebDAV GET Request for .url Flowbit Set (web_client.rules)
  • 2049319 - ET WEB_CLIENT WebDAV PUT Request for .url Flowbit Set (web_client.rules)
  • 2049320 - ET MALWARE WebDAV Retrieving .zip from .url M2 (CVE-2023-36025) (malware.rules)
  • 2049321 - ET MALWARE WebDAV Retrieving .exe from .url M2 (CVE-2023-36025) (malware.rules)
  • 2049322 - ET INFO Observed File Sharing Related Domain in TLS SNI (mediafire .com) (info.rules)
  • 2049323 - ET INFO File Sharing Related Domain in TLS SNI (gofile .io) (info.rules)
  • 2049324 - ET INFO File Sharing Related Domain in DNS Lookup (cyberfile .me) (info.rules)
  • 2049325 - ET INFO File Sharing Related Domain in DNS Lookup (put .re) (info.rules)
  • 2049326 - ET INFO File Sharing Related Domain in DNS Lookup (wetransfer .com) (info.rules)
  • 2049327 - ET INFO File Sharing Related Domain in DNS Lookup (pomf .lain .la) (info.rules)
  • 2049328 - ET INFO File Sharing Related Domain in DNS Lookup (pixeldrain .com) (info.rules)
  • 2049329 - ET INFO File Sharing Related Domain in DNS Lookup (nitrofile .cc) (info.rules)
  • 2049330 - ET INFO File Sharing Related Domain in DNS Lookup (hostr .co) (info.rules)
  • 2049331 - ET INFO File Sharing Related Domain in DNS Lookup (p .fuwafuwa .moe) (info.rules)
  • 2049332 - ET INFO File Sharing Related Domain in DNS Lookup (anonymfile .com) (info.rules)
  • 2049333 - ET INFO File Sharing Related Domain in DNS Lookup (send .whateveritworks .org) (info.rules)
  • 2049334 - ET INFO File Sharing Related Domain in DNS Lookup (wormhole .app) (info.rules)
  • 2049335 - ET INFO File Sharing Related Domain in DNS Lookup (send-anywhere .com) (info.rules)
  • 2049336 - ET INFO File Sharing Related Domain in DNS Lookup (gofile .cc) (info.rules)
  • 2049337 - ET INFO File Sharing Related Domain in DNS Lookup (filecave .lol) (info.rules)
  • 2049338 - ET INFO File Sharing Related Domain in DNS Lookup (instant .io) (info.rules)
  • 2049339 - ET INFO File Sharing Related Domain in DNS Lookup (send .zcyph .cc) (info.rules)
  • 2049340 - ET INFO File Sharing Related Domain in DNS Lookup (sendgb .com) (info.rules)
  • 2049341 - ET INFO File Sharing Related Domain in DNS Lookup (drop .chapril .org) (info.rules)
  • 2049342 - ET INFO File Sharing Related Domain in DNS Lookup (send .hrzn .cool) (info.rules)
  • 2049343 - ET INFO File Sharing Related Domain in DNS Lookup (bunkrr .su) (info.rules)
  • 2049344 - ET INFO File Sharing Related Domain in DNS Lookup (mega .nz) (info.rules)
  • 2049345 - ET INFO File Sharing Related Domain in DNS Lookup (qiwi .gg) (info.rules)
  • 2049346 - ET INFO File Sharing Related Domain in DNS Lookup (chibisafe .moe) (info.rules)
  • 2049347 - ET INFO File Sharing Related Domain in DNS Lookup (krakenfiles .com) (info.rules)
  • 2049348 - ET INFO File Sharing Related Domain in DNS Lookup (0x0 .st) (info.rules)
  • 2049349 - ET INFO File Sharing Related Domain in DNS Lookup (file .pizza) (info.rules)
  • 2049350 - ET INFO File Sharing Related Domain in DNS Lookup (www .sharedrop .io) (info.rules)
  • 2049351 - ET INFO File Sharing Related Domain in DNS Lookup (peergos .org) (info.rules)
  • 2049352 - ET INFO File Sharing Domain Observed in TLS SNI (cyberfile .me) (info.rules)
  • 2049353 - ET INFO File Sharing Domain Observed in TLS SNI (put .re) (info.rules)
  • 2049354 - ET INFO File Sharing Domain Observed in TLS SNI (wetransfer .com) (info.rules)
  • 2049355 - ET INFO File Sharing Domain Observed in TLS SNI (pomf .lain .la) (info.rules)
  • 2049356 - ET INFO File Sharing Domain Observed in TLS SNI (pixeldrain .com) (info.rules)
  • 2049357 - ET INFO File Sharing Domain Observed in TLS SNI (nitrofile .cc) (info.rules)
  • 2049358 - ET INFO File Sharing Domain Observed in TLS SNI (hostr .co) (info.rules)
  • 2049359 - ET INFO File Sharing Domain Observed in TLS SNI (p .fuwafuwa .moe) (info.rules)
  • 2049360 - ET INFO File Sharing Domain Observed in TLS SNI (anonymfile .com) (info.rules)
  • 2049361 - ET INFO File Sharing Domain Observed in TLS SNI (send .whateveritworks .org) (info.rules)
  • 2049362 - ET INFO File Sharing Domain Observed in TLS SNI (wormhole .app) (info.rules)
  • 2049363 - ET INFO File Sharing Domain Observed in TLS SNI (send-anywhere .com) (info.rules)
  • 2049364 - ET INFO File Sharing Domain Observed in TLS SNI (gofile .cc) (info.rules)
  • 2049365 - ET INFO File Sharing Domain Observed in TLS SNI (filecave .lol) (info.rules)
  • 2049366 - ET INFO File Sharing Domain Observed in TLS SNI (instant .io) (info.rules)
  • 2049367 - ET INFO File Sharing Domain Observed in TLS SNI (send .zcyph .cc) (info.rules)
  • 2049368 - ET INFO File Sharing Domain Observed in TLS SNI (sendgb .com) (info.rules)
  • 2049369 - ET INFO File Sharing Domain Observed in TLS SNI (drop .chapril .org) (info.rules)
  • 2049370 - ET INFO File Sharing Domain Observed in TLS SNI (send .hrzn .cool) (info.rules)
  • 2049371 - ET INFO File Sharing Domain Observed in TLS SNI (bunkrr .su) (info.rules)
  • 2049372 - ET INFO File Sharing Domain Observed in TLS SNI (mega .nz) (info.rules)
  • 2049373 - ET INFO File Sharing Domain Observed in TLS SNI (qiwi .gg) (info.rules)
  • 2049374 - ET INFO File Sharing Domain Observed in TLS SNI (chibisafe .moe) (info.rules)
  • 2049375 - ET INFO File Sharing Domain Observed in TLS SNI (krakenfiles .com) (info.rules)
  • 2049376 - ET INFO File Sharing Domain Observed in TLS SNI (0x0 .st) (info.rules)
  • 2049377 - ET INFO File Sharing Domain Observed in TLS SNI (file .pizza) (info.rules)
  • 2049378 - ET INFO File Sharing Domain Observed in TLS SNI (www .sharedrop .io) (info.rules)
  • 2049379 - ET INFO File Sharing Domain Observed in TLS SNI (peergos .org) (info.rules)
  • 2049380 - ET MALWARE Andariel Group Nukesped Variant CnC Checkin (malware.rules)
  • 2049381 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nelubelei .com) (exploit_kit.rules)
  • 2049382 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (informativosatelital .com) (exploit_kit.rules)
  • 2049383 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nelubelei .com) (exploit_kit.rules)
  • 2049384 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (informativosatelital .com) (exploit_kit.rules)

Disabled and modified rules:

  • 2854651 - ETPRO MALWARE Suspected Screenshot/Logger Malware Related Domain in DNS Lookup (malware.rules)
  • 2854652 - ETPRO MALWARE Suspected Screenshot/Logger Malware Related Domain in DNS Lookup (malware.rules)
  • 2855189 - ETPRO MALWARE Observed Koadic Framework Related DNS Lookup (malware.rules)
  • 2855190 - ETPRO MALWARE Observed Koadic Framework Domain in TLS SNI (malware.rules)