Ruleset Update Summary - 2023/11/28 - v10474

rulesbot · November 28, 2023, 10:12pm

Summary:

71 new OPEN, 71 new PRO (71 + 0)

Thanks @AhnLab_ASEC

Added rules:

Open:

2049314 - ET WEB_CLIENT PROPFIND Method Xbit Set (web_client.rules)
2049315 - ET WEB_CLIENT WebDAV Retrieving File from .url (web_client.rules)
2049316 - ET MALWARE WebDAV Retrieving .exe from .url M1 (CVE-2023-36025) (malware.rules)
2049317 - ET MALWARE WebDAV Retrieving .zip from .url M1 (CVE-2023-36025) (malware.rules)
2049318 - ET WEB_CLIENT WebDAV GET Request for .url Flowbit Set (web_client.rules)
2049319 - ET WEB_CLIENT WebDAV PUT Request for .url Flowbit Set (web_client.rules)
2049320 - ET MALWARE WebDAV Retrieving .zip from .url M2 (CVE-2023-36025) (malware.rules)
2049321 - ET MALWARE WebDAV Retrieving .exe from .url M2 (CVE-2023-36025) (malware.rules)
2049322 - ET INFO Observed File Sharing Related Domain in TLS SNI (mediafire .com) (info.rules)
2049323 - ET INFO File Sharing Related Domain in TLS SNI (gofile .io) (info.rules)
2049324 - ET INFO File Sharing Related Domain in DNS Lookup (cyberfile .me) (info.rules)
2049325 - ET INFO File Sharing Related Domain in DNS Lookup (put .re) (info.rules)
2049326 - ET INFO File Sharing Related Domain in DNS Lookup (wetransfer .com) (info.rules)
2049327 - ET INFO File Sharing Related Domain in DNS Lookup (pomf .lain .la) (info.rules)
2049328 - ET INFO File Sharing Related Domain in DNS Lookup (pixeldrain .com) (info.rules)
2049329 - ET INFO File Sharing Related Domain in DNS Lookup (nitrofile .cc) (info.rules)
2049330 - ET INFO File Sharing Related Domain in DNS Lookup (hostr .co) (info.rules)
2049331 - ET INFO File Sharing Related Domain in DNS Lookup (p .fuwafuwa .moe) (info.rules)
2049332 - ET INFO File Sharing Related Domain in DNS Lookup (anonymfile .com) (info.rules)
2049333 - ET INFO File Sharing Related Domain in DNS Lookup (send .whateveritworks .org) (info.rules)
2049334 - ET INFO File Sharing Related Domain in DNS Lookup (wormhole .app) (info.rules)
2049335 - ET INFO File Sharing Related Domain in DNS Lookup (send-anywhere .com) (info.rules)
2049336 - ET INFO File Sharing Related Domain in DNS Lookup (gofile .cc) (info.rules)
2049337 - ET INFO File Sharing Related Domain in DNS Lookup (filecave .lol) (info.rules)
2049338 - ET INFO File Sharing Related Domain in DNS Lookup (instant .io) (info.rules)
2049339 - ET INFO File Sharing Related Domain in DNS Lookup (send .zcyph .cc) (info.rules)
2049340 - ET INFO File Sharing Related Domain in DNS Lookup (sendgb .com) (info.rules)
2049341 - ET INFO File Sharing Related Domain in DNS Lookup (drop .chapril .org) (info.rules)
2049342 - ET INFO File Sharing Related Domain in DNS Lookup (send .hrzn .cool) (info.rules)
2049343 - ET INFO File Sharing Related Domain in DNS Lookup (bunkrr .su) (info.rules)
2049344 - ET INFO File Sharing Related Domain in DNS Lookup (mega .nz) (info.rules)
2049345 - ET INFO File Sharing Related Domain in DNS Lookup (qiwi .gg) (info.rules)
2049346 - ET INFO File Sharing Related Domain in DNS Lookup (chibisafe .moe) (info.rules)
2049347 - ET INFO File Sharing Related Domain in DNS Lookup (krakenfiles .com) (info.rules)
2049348 - ET INFO File Sharing Related Domain in DNS Lookup (0x0 .st) (info.rules)
2049349 - ET INFO File Sharing Related Domain in DNS Lookup (file .pizza) (info.rules)
2049350 - ET INFO File Sharing Related Domain in DNS Lookup (www .sharedrop .io) (info.rules)
2049351 - ET INFO File Sharing Related Domain in DNS Lookup (peergos .org) (info.rules)
2049352 - ET INFO File Sharing Domain Observed in TLS SNI (cyberfile .me) (info.rules)
2049353 - ET INFO File Sharing Domain Observed in TLS SNI (put .re) (info.rules)
2049354 - ET INFO File Sharing Domain Observed in TLS SNI (wetransfer .com) (info.rules)
2049355 - ET INFO File Sharing Domain Observed in TLS SNI (pomf .lain .la) (info.rules)
2049356 - ET INFO File Sharing Domain Observed in TLS SNI (pixeldrain .com) (info.rules)
2049357 - ET INFO File Sharing Domain Observed in TLS SNI (nitrofile .cc) (info.rules)
2049358 - ET INFO File Sharing Domain Observed in TLS SNI (hostr .co) (info.rules)
2049359 - ET INFO File Sharing Domain Observed in TLS SNI (p .fuwafuwa .moe) (info.rules)
2049360 - ET INFO File Sharing Domain Observed in TLS SNI (anonymfile .com) (info.rules)
2049361 - ET INFO File Sharing Domain Observed in TLS SNI (send .whateveritworks .org) (info.rules)
2049362 - ET INFO File Sharing Domain Observed in TLS SNI (wormhole .app) (info.rules)
2049363 - ET INFO File Sharing Domain Observed in TLS SNI (send-anywhere .com) (info.rules)
2049364 - ET INFO File Sharing Domain Observed in TLS SNI (gofile .cc) (info.rules)
2049365 - ET INFO File Sharing Domain Observed in TLS SNI (filecave .lol) (info.rules)
2049366 - ET INFO File Sharing Domain Observed in TLS SNI (instant .io) (info.rules)
2049367 - ET INFO File Sharing Domain Observed in TLS SNI (send .zcyph .cc) (info.rules)
2049368 - ET INFO File Sharing Domain Observed in TLS SNI (sendgb .com) (info.rules)
2049369 - ET INFO File Sharing Domain Observed in TLS SNI (drop .chapril .org) (info.rules)
2049370 - ET INFO File Sharing Domain Observed in TLS SNI (send .hrzn .cool) (info.rules)
2049371 - ET INFO File Sharing Domain Observed in TLS SNI (bunkrr .su) (info.rules)
2049372 - ET INFO File Sharing Domain Observed in TLS SNI (mega .nz) (info.rules)
2049373 - ET INFO File Sharing Domain Observed in TLS SNI (qiwi .gg) (info.rules)
2049374 - ET INFO File Sharing Domain Observed in TLS SNI (chibisafe .moe) (info.rules)
2049375 - ET INFO File Sharing Domain Observed in TLS SNI (krakenfiles .com) (info.rules)
2049376 - ET INFO File Sharing Domain Observed in TLS SNI (0x0 .st) (info.rules)
2049377 - ET INFO File Sharing Domain Observed in TLS SNI (file .pizza) (info.rules)
2049378 - ET INFO File Sharing Domain Observed in TLS SNI (www .sharedrop .io) (info.rules)
2049379 - ET INFO File Sharing Domain Observed in TLS SNI (peergos .org) (info.rules)
2049380 - ET MALWARE Andariel Group Nukesped Variant CnC Checkin (malware.rules)
2049381 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nelubelei .com) (exploit_kit.rules)
2049382 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (informativosatelital .com) (exploit_kit.rules)
2049383 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nelubelei .com) (exploit_kit.rules)
2049384 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (informativosatelital .com) (exploit_kit.rules)

Disabled and modified rules:

2854651 - ETPRO MALWARE Suspected Screenshot/Logger Malware Related Domain in DNS Lookup (malware.rules)
2854652 - ETPRO MALWARE Suspected Screenshot/Logger Malware Related Domain in DNS Lookup (malware.rules)
2855189 - ETPRO MALWARE Observed Koadic Framework Related DNS Lookup (malware.rules)
2855190 - ETPRO MALWARE Observed Koadic Framework Domain in TLS SNI (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/01/17 - v10508 Ruleset Updates	488	January 17, 2024
Ruleset Update Summary - 2023/12/19 - v10489 Ruleset Updates	210	December 19, 2023
Ruleset Update Summary - 2023/08/11 - v10392 Ruleset Updates	256	August 11, 2023
Ruleset Update Summary - 2023/09/01 - v10408 Ruleset Updates	284	September 1, 2023
Ruleset Update Summary - 2024/04/08 - v10570 Ruleset Updates	164	April 8, 2024

Ruleset Update Summary - 2023/11/28 - v10474

Summary:

Added rules:

Open:

Disabled and modified rules:

Related Topics