Ruleset Update Summary - 2023/12/21 - v10491

rulesbot · December 21, 2023, 10:50pm

Summary:

25 new OPEN, 42 new PRO (25 + 17)

Thanks @OleVilladsen, @g0njxa, @Malwarebytes, @James_inthe_box

Added rules:

Open:

2030992 - ET INFO Lucy Phishing Admin Panel Accessed on Internal Server (info.rules)
2030993 - ET INFO Lucy Phishing Panel Accessed on External Server (info.rules)
2042970 - ET INFO Lucy Security Phishing Server Reply (info.rules)
2042971 - ET INFO Lucy Security Phishing Awareness Landing Page (info.rules)
2049807 - ET MALWARE Brute Ratel Framework Related Domain in DNS Lookup (azureclouder .com) (malware.rules)
2049808 - ET MALWARE Observed Brute Ratel Framework Related Domain (azureclouder .com in TLS SNI) (malware.rules)
2049809 - ET MALWARE YoroTrooper APT Related Activty (GET) (malware.rules)
2049810 - ET INFO DNS Query to Suspicious Domain (vultrobjects .com) (info.rules)
2049811 - ET INFO Observed Suspicious Domain (vultrobjects .com in TLS SNI) (info.rules)
2049812 - ET MALWARE Lumma Stealer Related Activity M2 (malware.rules)
2049813 - ET MALWARE Win32/Doina Loader CnC Checkin M1 (malware.rules)
2049814 - ET MALWARE Win32/Doina Loader CnC Checkin M2 (malware.rules)
2049815 - ET MALWARE Win32/Doina Loader CnC Checkin M3 (malware.rules)
2049816 - ET MALWARE Win32/Doina Stealer CnC Checkin (malware.rules)
2049817 - ET MALWARE Win32/Unknown Stealer Data Exfiltration Attempt (malware.rules)
2049818 - ET MALWARE Win32/Unknown Stealer CnC Domain in DNS Lookup (webvideoshareonline .com) (malware.rules)
2049819 - ET MALWARE Suspicious Domain (webvideoshareonline .com) in TLS SNI (malware.rules)
2049820 - ET MALWARE Win32/Doina Loader/Stealer CnC Domain in DNS Lookup (podologie-werne .de) (malware.rules)
2049821 - ET MALWARE Observed Win32/Doina Loader/Stealer Domain (podologie-werne .de) in TLS SNI (malware.rules)
2049822 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (biggerfun .org) (exploit_kit.rules)
2049823 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (froggysnow .org) (exploit_kit.rules)
2049824 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (confirmapply .org) (exploit_kit.rules)
2049825 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (biggerfun .org) (exploit_kit.rules)
2049826 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (froggysnow .org) (exploit_kit.rules)
2049827 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (confirmapply .org) (exploit_kit.rules)

Pro:

2855993 - ETPRO MALWARE Win32/BlueWindow Loader Actvity M1 (GET) (malware.rules)
2855994 - ETPRO MALWARE Win32/BlueWindow Loader Actvity M2 (malware.rules)
2855995 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2855996 - ETPRO MALWARE DNS Query to TA453 Domain (malware.rules)
2855997 - ETPRO MALWARE DNS Query to TA453 Domain (malware.rules)
2855998 - ETPRO MALWARE DNS Query to TA453 Domain (malware.rules)
2855999 - ETPRO MALWARE DNS Query to TA453 Domain (malware.rules)
2856000 - ETPRO MALWARE DNS Query to TA453 Domain (malware.rules)
2856001 - ETPRO MALWARE DNS Query to TA453 Domain (malware.rules)
2856002 - ETPRO MALWARE DNS Query to TA453 Domain (malware.rules)
2856003 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2856004 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2856005 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2856006 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2856007 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2856008 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2856009 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)

Disabled and modified rules:

2028984 - ET MALWARE Win32/1xxbot CnC Checkin (malware.rules)
2031217 - ET MALWARE Win32/SDBbot CnC Checkin (malware.rules)
2838194 - ETPRO MALWARE Observed Malicious SSL Cert (PsiXBot CnC) (malware.rules)
2838513 - ETPRO MALWARE Win32/Ke3chang Ke3chang CnC Activity (malware.rules)
2838514 - ETPRO MALWARE Win32/Bitrep.B CnC Checkin (malware.rules)
2838730 - ETPRO MALWARE EvilVBS Loader Retrieving Payload (malware.rules)
2839018 - ETPRO MALWARE Win32/WinLoader Requesting Payload (malware.rules)
2839051 - ETPRO MALWARE Win32/Unk.Loader Retrieving Payload (malware.rules)

Removed rules:

2030992 - ET PHISHING Lucy Phishing Panel Accessed on Internal Server (phishing.rules)
2030993 - ET PHISHING Lucy Phishing Panel Accessed on External Server (phishing.rules)
2042970 - ET PHISHING Lucy Security Phishing Server Reply (phishing.rules)
2042971 - ET PHISHING Lucy Security Phishing Awareness Landing Page (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/12/26 - v10493 Ruleset Updates	298	December 26, 2023
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	207	June 20, 2023
Ruleset Update Summary - 2023/09/20 - v10421 Ruleset Updates	244	September 20, 2023
Ruleset Update Summary - 2024/02/07 - v10526 Ruleset Updates	328	February 7, 2024
Ruleset Update Summary - 2023/09/12 - v10415 Ruleset Updates	213	September 12, 2023

Ruleset Update Summary - 2023/12/21 - v10491

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Removed rules:

Related Topics