Ruleset Update Summary - 2023/12/15 - v10487

Summary:

19 new OPEN, 76 new PRO (19 + 57)

Thanks @naumovax, @reecdeep


Added rules:

Open:

  • 2049697 - ET MALWARE Win32/Spyder Sending Info to CnC (malware.rules)
  • 2049698 - ET MALWARE Win32/Spyder CnC Checkin (malware.rules)
  • 2049699 - ET MALWARE Win32/Spyder Successful CnC Checkin (malware.rules)
  • 2049700 - ET MALWARE Latrodectus Alive Response M2 (malware.rules)
  • 2049701 - ET MALWARE Latrodectus Alive Response M3 (malware.rules)
  • 2049702 - ET MALWARE Latrodectus Alive Response M4 (malware.rules)
  • 2049703 - ET MALWARE Latrodectus Alive Response M5 (malware.rules)
  • 2049704 - ET MALWARE Latrodectus Alive Response M6 (malware.rules)
  • 2049705 - ET MALWARE Latrodectus Alive Response M7 (malware.rules)
  • 2049706 - ET MALWARE Latrodectus Alive Response M8 (malware.rules)
  • 2049707 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2049708 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
  • 2049709 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
  • 2049710 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
  • 2049711 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
  • 2049712 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
  • 2049713 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
  • 2049714 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (catsndogz .org) (exploit_kit.rules)
  • 2049715 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (catsndogz .org) (exploit_kit.rules)

Pro:

  • 2855924 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855925 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2855926 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2855927 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855928 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855929 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2855930 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2855931 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2855932 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2855933 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2855934 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2855935 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2855936 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2855937 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2855938 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2855939 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2855940 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855941 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855942 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2855943 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2855944 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2855945 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2855946 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2855947 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2855948 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2855949 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2855950 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2855951 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2855952 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2855953 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855954 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855955 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2855956 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2855957 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2855958 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2855959 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2855960 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2855961 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2855962 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2855963 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2855964 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2855965 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2855966 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855967 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2855968 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2855969 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2855970 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2855971 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2855972 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2855973 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2855974 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2855975 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2855976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2855977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2855978 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
  • 2855979 - ETPRO MALWARE Observed IcedID Domain in TLS SNI (malware.rules)
  • 2855980 - ETPRO MALWARE Observed IcedID Domain in TLS SNI (malware.rules)

Enabled and modified rules:

  • 2049231 - ET MALWARE Latrodectus Alive Request (GET) (malware.rules)
  • 2049232 - ET MALWARE Latrodectus Alive Response M1 (malware.rules)

Disabled and modified rules:

  • 2025469 - ET MALWARE Win32/DanijBot User-Agent (malware.rules)
  • 2049662 - ET PHISHING EvilProxy/Tycoon Landing Page (phishing.rules)
  • 2830236 - ETPRO MALWARE MSIL/Agent.BIN CnC Activity (malware.rules)
  • 2830284 - ETPRO MALWARE Adderall Loader CnC Checkin (malware.rules)
  • 2830327 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL 2018-04-10 2) (malware.rules)
  • 2830459 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Checkin (Hassan) (malware.rules)
  • 2830496 - ETPRO MALWARE Win32/POWERSTATS CnC Activity (malware.rules)
  • 2830557 - ETPRO MALWARE MalDoc Retrieving Ursnif Payload 2018-04-25 (malware.rules)
  • 2830589 - ETPRO MALWARE MSIL/Opprysr Backdoor CnC Checkin (malware.rules)