Ruleset Update Summary - 2023/12/22 - v10492

rulesbot · December 22, 2023, 8:55pm

Summary:

5 new OPEN, 7 new PRO (5 + 2)

Due to company observed holiday, there will be no rule release on Monday, December 25th.

Added rules:

Open:

2049828 - ET PHISHING Lucy Security Time Tracking - Phishing Simulation (phishing.rules)
2049829 - ET INFO Lucy Security Time Tracking - Awareness Training (info.rules)
2049830 - ET PHISHING Lucy Security - Credential Submission (set) (phishing.rules)
2049831 - ET INFO Suspicious Domain in DNS Lookup (f5sec .s3 .il-central-1 .amazonaws .com) (info.rules)
2049832 - ET INFO Observed Suspicious Domain (f5sec .s3 .il-central-1 .amazonaws .com in TLS SNI) (info.rules)

Pro:

2856010 - ETPRO PHISHING Successful Zimbra Credential Phish 2023-12-22 (phishing.rules)
2856011 - ETPRO PHISHING Zimbra Credential Phish Landing Page 2023-12-22 (phishing.rules)

Disabled and modified rules:

2042972 - ET PHISHING Lucy Security Time Tracking POST (phishing.rules)
2048577 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arauas .com) (exploit_kit.rules)
2048578 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gamefllix .com) (exploit_kit.rules)
2048579 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arauas .com) (exploit_kit.rules)
2048580 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gamefllix .com) (exploit_kit.rules)
2048650 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dodgesteelbuildings .com) (exploit_kit.rules)
2048651 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dodgesteelbuildings .com) (exploit_kit.rules)
2048693 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .result .garrettcountygranfondo .org) (malware.rules)
2048694 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .result .garrettcountygranfondo .org) (malware.rules)
2048751 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (rentfrejob .com) (exploit_kit.rules)
2048752 - ET EXPLOIT_KIT RogueRaticate Domain in DNS Lookup (neurotonix–buy .us) (exploit_kit.rules)
2048754 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (rentfrejob .com) (exploit_kit.rules)
2048755 - ET EXPLOIT_KIT RogueRaticate Domain in TLS SNI (neurotonix–buy .us) (exploit_kit.rules)
2048757 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (implacavelvideos .com) (exploit_kit.rules)
2048758 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kgscrew .com) (exploit_kit.rules)
2048759 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (implacavelvideos .com) (exploit_kit.rules)
2048760 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kgscrew .com) (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/12/26 - v10493 Ruleset Updates	298	December 26, 2023
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	207	June 20, 2023
Ruleset Update Summary - 2023/12/21 - v10491 Ruleset Updates	168	December 21, 2023
Ruleset Update Summary - 2024/02/12 - v10530 Ruleset Updates	184	February 12, 2024
Daily Ruleset Update Summary 2022/10/27 Ruleset Updates	291	October 27, 2022

Ruleset Update Summary - 2023/12/22 - v10492

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related Topics