Ruleset Update Summary - 2023/12/11 - v10483

rulesbot · December 11, 2023, 9:35pm

Summary:

7 new OPEN, 12 new PRO (7 + 5)

Thanks @anyrun_app

Added rules:

Open:

2049630 - ET ADWARE_PUP Drivermax Utility Checkin Activity (adware_pup.rules)
2049631 - ET INFO Observed DNS Over HTTPS Domain (dns .aquilenet .fr in TLS SNI) (info.rules)
2049632 - ET EXPLOIT Sophos Web Appliance Pre-Auth Command Injection Attempt (CVE-2023-1671) (exploit.rules)
2049633 - ET MALWARE Win32/Asmodeasmo Bot CnC Checkin (malware.rules)
2049634 - ET MALWARE Observed Malicious SSL Cert (Brushaloader CnC) 2023-12-4 (malware.rules)
2049635 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .settings .oysterfloats .org) (malware.rules)
2049636 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .settings .oysterfloats .org) (malware.rules)

Pro:

2855915 - ETPRO MALWARE Cobalt Strike Relate Domain in DNS Lookup (malware.rules)
2855916 - ETPRO MALWARE Observed Cobalt Strike Related Domain in TLS SNI (malware.rules)
2855917 - ETPRO MALWARE Win32/Suspected ValleyRat CnC Activity (malware.rules)
2855918 - ETPRO MALWARE Request to Fake Google Drive Payload Delivery Page (malware.rules)
2855919 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Disabled and modified rules:

2047950 - ET MALWARE Malicious Debugging Application Related Domain in DNS Lookup (dbgsymbol .com) (malware.rules)
2047951 - ET MALWARE Observed Malicious Debugging Application Related Domain (dbgsymbol .com in TLS SNI) (malware.rules)
2047952 - ET MALWARE Malicious Debugging Application Related Domain in DNS Lookup (blgbeach .com) (malware.rules)
2047953 - ET MALWARE Observed Malicious Debugging Application Related Domain (blgbeach .com in TLS SNI) (malware.rules)
2048532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eastrenclouds .com) (exploit_kit.rules)
2048533 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eastrenclouds .com) (exploit_kit.rules)
2048539 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnavigatio .com) (exploit_kit.rules)
2048540 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnavigatio .com) (exploit_kit.rules)
2825334 - ETPRO MALWARE MSIL/njRAT/Bladabindi CnC Checkin (Sudden Attack) (malware.rules)
2825356 - ETPRO MALWARE Bladabindi/njRat Variant CnC Checkin (CrezyMan) (malware.rules)
2825475 - ETPRO MALWARE MSIL/Unk.CoinMiner CnC Checkin (malware.rules)
2825613 - ETPRO MALWARE MSIL/Unk.PWS Reporting Infection via SMTP (malware.rules)
2825620 - ETPRO MALWARE PyCL/Fatboy Python Ransomware CnC Activity (malware.rules)
2825625 - ETPRO MALWARE PyCL/Fatboy Python Ransomware CnC Activity M2 (malware.rules)
2825991 - ETPRO MALWARE MSIL/Possessor Keylogger Retrieving Commands via FTP (malware.rules)
2825994 - ETPRO MALWARE MSIL/Possessor Keylogger Generating Logs via FTP (malware.rules)
2826023 - ETPRO MALWARE MSIL/XnxxAgent Spam Bot Checkin M1 (malware.rules)
2826099 - ETPRO MALWARE MSIL/Spy.Agent.AUE Checkin (malware.rules)
2826562 - ETPRO MALWARE Hidden-Tear Ransomware Variant CnC Checkin (malware.rules)
2827265 - ETPRO MALWARE MSIL/Unk.Stealer Exfil via FTP (malware.rules)
2855193 - ETPRO PHISHING Obuf Related Phish Activity (POST) (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/04/11 - v10295 Ruleset Updates	275	April 11, 2023
Ruleset Update Summary - 2023/12/27 - v10494 Ruleset Updates	279	December 27, 2023
Ruleset Update Summary - 2023/08/15 - v10394 Ruleset Updates	223	August 15, 2023
Ruleset Update Summary - 2023/07/17 - v10373 Ruleset Updates	265	July 17, 2023
Ruleset Update Summary - 2023/09/28 - v10428 Ruleset Updates	305	September 28, 2023

Ruleset Update Summary - 2023/12/11 - v10483

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics