Ruleset Update Summary - 2024/01/08 - v10501

Ruleset Updates
1

Summary:

19 new OPEN, 24 new PRO (19 + 5)

Thanks @timolongin

Added rules:

Open:

  • 2049928 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (reviveincapablewew .pw) (malware.rules)
  • 2049929 - ET MALWARE Observed Lumma Stealer Related Domain (reviveincapablewew .pw in TLS SNI) (malware.rules)
  • 2049930 - ET PHISHING Meta Credential Phish Landing Page 2024-01-08 (phishing.rules)
  • 2049931 - ET MALWARE Sharp Panda APT Related Activity M3 (malware.rules)
  • 2049932 - ET MALWARE Sharp Panda APT Related Domain in DNS Lookup (openxmlformats .shop) (malware.rules)
  • 2049933 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (nowordshere .org) (exploit_kit.rules)
  • 2049934 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (nowordshere .org) (exploit_kit.rules)
  • 2049935 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arkadyevna .com) (exploit_kit.rules)
  • 2049936 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (choosetotruck .com) (exploit_kit.rules)
  • 2049937 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (boxtechcompany .com) (exploit_kit.rules)
  • 2049938 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arkadyevna .com) (exploit_kit.rules)
  • 2049939 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (choosetotruck .com) (exploit_kit.rules)
  • 2049940 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (boxtechcompany .com) (exploit_kit.rules)
  • 2049941 - ET MALWARE SocGholish Domain in DNS Lookup (retraining .allstardriving .org) (malware.rules)
  • 2049942 - ET MALWARE SocGholish Domain in TLS SNI (retraining .allstardriving .org) (malware.rules)
  • 2049943 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (cloudwebhub .pro) (exploit_kit.rules)
  • 2049944 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (cloudwebhub .pro) (exploit_kit.rules)
  • 2049945 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (electricnico .com) (exploit_kit.rules)
  • 2049946 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (electricnico .com) (exploit_kit.rules)

Pro:

  • 2856096 - ETPRO MALWARE Win32/Unknown Bot CnC Activity (M1) (malware.rules)
  • 2856097 - ETPRO MALWARE Win32/Unknown Bot CnC Activity (M2) (malware.rules)
  • 2856098 - ETPRO EXPLOIT_KIT ZPHP Request M5 (exploit_kit.rules)
  • 2856099 - ETPRO EXPLOIT_KIT ZPHP Lure Request M4 (exploit_kit.rules)
  • 2856100 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Disabled and modified rules:

  • 2018182 - ET MALWARE Zeus Spam Campaign pdf.exe In ZIP - 26th Feb 2014 (malware.rules)
  • 2034090 - ET POLICY External IP Lookup via ad4989 .co .kr (policy.rules)
  • 2034452 - ET MALWARE Possible MalDoc Retrieving Payload 2021-07-19 (malware.rules)
  • 2849516 - ETPRO MALWARE Win32/ZXRMCTROL CnC Activity (malware.rules)
  • 2849590 - ETPRO MALWARE Win32/Unk.Loader.msxyz Activity (malware.rules)
  • 2849604 - ETPRO MALWARE Win32/SsStealer CnC Exfil (malware.rules)
  • 2849637 - ETPRO PHISHING Successful Yahoo Phish 2021-08-13 (phishing.rules)
  • 2849676 - ETPRO MALWARE Win32/Ratfishes Checkin (malware.rules)
  • 2849718 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
  • 2855236 - ETPRO EXPLOIT_KIT ZPHP Lure Request (exploit_kit.rules)
  • 2855237 - ETPRO EXPLOIT_KIT ZPHP Request M1 (exploit_kit.rules)
  • 2855238 - ETPRO EXPLOIT_KIT ZPHP Request M2 (exploit_kit.rules)
  • 2855340 - ETPRO EXPLOIT_KIT ZPHP Lure Request M2 (exploit_kit.rules)
  • 2855341 - ETPRO EXPLOIT_KIT ZPHP Request M3 (exploit_kit.rules)
  • 2855355 - ETPRO EXPLOIT_KIT ZPHP Request M4 (exploit_kit.rules)
  • 2855357 - ETPRO EXPLOIT_KIT ZPHP Lure Request M3 (exploit_kit.rules)