Ruleset Update Summary - 2023/12/28 - v10495

rulesbot · December 28, 2023, 9:24pm

Summary:

6 new OPEN, 32 new PRO (6 + 26)

Added rules:

Open:

2049862 - ET USER_AGENTS Observed Suspicious User-Agent (JWrapperDownloader) (user_agents.rules)
2049863 - ET ADWARE_PUP SimpleHelp Remote Access Software Activity (adware_pup.rules)
2049864 - ET MALWARE Generic Stealer Checkin (malware.rules)
2049865 - ET MALWARE Observed DNS Query to Malicious Domain (sun876954 .space) (malware.rules)
2049866 - ET MALWARE Observed Malicious Domain (sun876954 .space in TLS SNI) (malware.rules)
2049867 - ET MALWARE PS1/Unknown Payload C2 Downloader (GET) (malware.rules)

Pro:

2856043 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2856044 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2856045 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2856046 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2856047 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2856048 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2856049 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2856050 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2856051 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2856052 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2856053 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2856054 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2856055 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2856056 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2856057 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2856058 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2856059 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2856060 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2856061 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2856062 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2856063 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2856064 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2856065 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2856066 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2856067 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2856068 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Modified inactive rules:

2048902 - ET MALWARE [ANY.RUN] PureLogs Stealer C2 Connection M1 (malware.rules)

Disabled and modified rules:

2001743 - ET MALWARE HackerDefender Root Kit Remote Connection Attempt Detected (malware.rules)
2029924 - ET MALWARE Win32/CONFUCIUS_B CnC Checkin (malware.rules)
2029925 - ET MALWARE Win32/CONFUCIUS_B External IP Check to CnC M2 (malware.rules)
2030183 - ET MALWARE BigLock Ransomware CnC Activity (gen) (malware.rules)
2030184 - ET MALWARE BigLock Ransomware CnC Activity (id) (malware.rules)
2809107 - ETPRO MALWARE Win32/Spy.Banker.ABCO Checkin (malware.rules)
2809251 - ETPRO MALWARE Win32/Notodar Checkin (malware.rules)
2842035 - ETPRO MALWARE Win32/Agent.ABLU Connectivity Check (malware.rules)
2842059 - ETPRO MALWARE MalDoc Retrieving Payload 2020-04-16 M2 (malware.rules)
2842061 - ETPRO MALWARE MalDoc Retrieving Lemon_Duck Payload 2020-04-16 (malware.rules)
2842174 - ETPRO MALWARE Possible MuddyWater DNSClient CnC (Outbound) (malware.rules)
2842305 - ETPRO MALWARE More_eggs CnC Activity (malware.rules)
2842455 - ETPRO MALWARE Win64/Spy.Agent.CB CnC Activity (malware.rules)
2842512 - ETPRO MALWARE MalDoc Request for Payload 2020-05-12 (malware.rules)
2843074 - ETPRO MALWARE Observed DNS Query to Unk.Loader Domain M6 (malware.rules)
2843206 - ETPRO MALWARE ToxicEye Stealer Checkin via Telegram (malware.rules)
2843403 - ETPRO MALWARE Win32/SSTS Bot CnC Checkin (malware.rules)
2843404 - ETPRO MALWARE Win32/SSTS Bot CnC Requesting Commands (malware.rules)
2843619 - ETPRO ADWARE_PUP Win32/Caypnamer CnC Activity M2 (adware_pup.rules)
2843711 - ETPRO MALWARE MalDoc Requesting Payload 2020-07-27 (malware.rules)

Removed rules:

2845478 - ETPRO USER_AGENTS Observed Suspicious User-Agent (JWrapperDownloader) (user_agents.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/08/21 - v10399 Ruleset Updates	205	August 21, 2023
Ruleset Update Summary - 2024/03/21 - v10557 Ruleset Updates	130	March 21, 2024
Ruleset Update Summary - 2023/12/20 - v10490 Ruleset Updates	139	December 20, 2023
Ruleset Update Summary - 2023/12/27 - v10494 Ruleset Updates	233	December 27, 2023
Ruleset Update Summary - 2023/05/01 - v10312 Ruleset Updates	392	May 1, 2023

Ruleset Update Summary - 2023/12/28 - v10495

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Removed rules:

Related Topics