Ruleset Update Summary - 2023/12/15 - v10487

rulesbot · December 15, 2023, 9:34pm

Summary:

19 new OPEN, 76 new PRO (19 + 57)

Thanks @naumovax, @reecdeep

Added rules:

Open:

2049697 - ET MALWARE Win32/Spyder Sending Info to CnC (malware.rules)
2049698 - ET MALWARE Win32/Spyder CnC Checkin (malware.rules)
2049699 - ET MALWARE Win32/Spyder Successful CnC Checkin (malware.rules)
2049700 - ET MALWARE Latrodectus Alive Response M2 (malware.rules)
2049701 - ET MALWARE Latrodectus Alive Response M3 (malware.rules)
2049702 - ET MALWARE Latrodectus Alive Response M4 (malware.rules)
2049703 - ET MALWARE Latrodectus Alive Response M5 (malware.rules)
2049704 - ET MALWARE Latrodectus Alive Response M6 (malware.rules)
2049705 - ET MALWARE Latrodectus Alive Response M7 (malware.rules)
2049706 - ET MALWARE Latrodectus Alive Response M8 (malware.rules)
2049707 - ET MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2049708 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
2049709 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
2049710 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
2049711 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
2049712 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
2049713 - ET MALWARE Observed Malicious SSL Cert (TA577) (malware.rules)
2049714 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (catsndogz .org) (exploit_kit.rules)
2049715 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (catsndogz .org) (exploit_kit.rules)

Pro:

2855924 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855925 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2855926 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2855927 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855928 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855929 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2855930 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2855931 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2855932 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2855933 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2855934 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2855935 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2855936 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2855937 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2855938 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2855939 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2855940 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855941 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855942 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2855943 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2855944 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2855945 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2855946 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2855947 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2855948 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2855949 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2855950 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2855951 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2855952 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2855953 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855954 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855955 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2855956 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2855957 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2855958 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2855959 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2855960 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2855961 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2855962 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2855963 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2855964 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2855965 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2855966 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855967 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2855968 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2855969 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2855970 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2855971 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2855972 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2855973 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2855974 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2855975 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2855976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2855977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2855978 - ETPRO MALWARE IcedID CnC Domain in DNS Lookup (malware.rules)
2855979 - ETPRO MALWARE Observed IcedID Domain in TLS SNI (malware.rules)
2855980 - ETPRO MALWARE Observed IcedID Domain in TLS SNI (malware.rules)

Enabled and modified rules:

2049231 - ET MALWARE Latrodectus Alive Request (GET) (malware.rules)
2049232 - ET MALWARE Latrodectus Alive Response M1 (malware.rules)

Disabled and modified rules:

2025469 - ET MALWARE Win32/DanijBot User-Agent (malware.rules)
2049662 - ET PHISHING EvilProxy/Tycoon Landing Page (phishing.rules)
2830236 - ETPRO MALWARE MSIL/Agent.BIN CnC Activity (malware.rules)
2830284 - ETPRO MALWARE Adderall Loader CnC Checkin (malware.rules)
2830327 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL 2018-04-10 2) (malware.rules)
2830459 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Checkin (Hassan) (malware.rules)
2830496 - ETPRO MALWARE Win32/POWERSTATS CnC Activity (malware.rules)
2830557 - ETPRO MALWARE MalDoc Retrieving Ursnif Payload 2018-04-25 (malware.rules)
2830589 - ETPRO MALWARE MSIL/Opprysr Backdoor CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/05/11 - v10321 Ruleset Updates	233	May 11, 2023
Ruleset Update Summary - 2023/12/27 - v10494 Ruleset Updates	278	December 27, 2023
Ruleset Update Summary - 2023/04/11 - v10295 Ruleset Updates	275	April 11, 2023
Ruleset Update Summary - 2023/09/28 - v10428 Ruleset Updates	305	September 28, 2023
Ruleset Update Summary - 2023/12/20 - v10490 Ruleset Updates	213	December 20, 2023

Ruleset Update Summary - 2023/12/15 - v10487

Summary:

Added rules:

Open:

Pro:

Enabled and modified rules:

Disabled and modified rules:

Related topics