Ruleset Update Summary - 2024/01/11 - v10505

rulesbot · January 11, 2024, 10:23pm

Summary:

21 new OPEN, 23 new PRO (21 + 2)

Added rules:

Open:

2050000 - ET MALWARE HTTP POST to Expected Compromised visits.py - Ivanti Connect Secure (malware.rules)
2050001 - ET MALWARE Suspected UTA0178 Domain in DNS Lookup (malware.rules)
2050002 - ET MALWARE Suspected UTA0178 Domain in DNS Lookup (malware.rules)
2050003 - ET MALWARE UTA0178 Domain in DNS Lookup (malware.rules)
2050004 - ET MALWARE Suspected UTA0178 Domain in TLS SNI (malware.rules)
2050005 - ET MALWARE Suspected UTA0178 Domain in TLS SNI (malware.rules)
2050006 - ET MALWARE UTA0178 Domain in TLS SNI (malware.rules)
2050007 - ET INFO Anonymous/Public File Sharing Service Domain in DNS Lookup (sftpcloud .io) (info.rules)
2050008 - ET MALWARE OrbitalBeam CnC Token Request (malware.rules)
2050009 - ET MALWARE OrbitalBeam CnC Token Response (malware.rules)
2050010 - ET MALWARE OrbitalBeam CnC Activity (Info) (malware.rules)
2050011 - ET MALWARE OrbitalBeam CnC Response (Info) (malware.rules)
2050012 - ET MALWARE OrbitalBeam CnC Activity (Debug) (malware.rules)
2050013 - ET MALWARE Epsilon Stealer Domain in DNS Lookup (3ps1l0n .life) (malware.rules)
2050014 - ET MALWARE Observed Epsilon Stealer Domain (3ps1l0n .life) in TLS SNI (malware.rules)
2050015 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (codecruncher .pro) (exploit_kit.rules)
2050016 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (codecruncher .pro) (exploit_kit.rules)
2050017 - ET MALWARE SocGholish Domain in DNS Lookup (event .coachgreb .com) (malware.rules)
2050018 - ET MALWARE SocGholish Domain in TLS SNI (event .coachgreb .com) (malware.rules)
2050019 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mariateresacalderon .com) (exploit_kit.rules)
2050020 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mariateresacalderon .com) (exploit_kit.rules)

Pro:

2856145 - ETPRO MALWARE Win32/Unknown Sending Windows Information (POST) (malware.rules)
2856146 - ETPRO MALWARE Screenshotter Backdoor User-Agent Observed (malware.rules)

Disabled and modified rules:

2013983 - ET ADWARE_PUP Adware-Win32/EoRezo Reporting (adware_pup.rules)
2014616 - ET MALWARE Win32/Usteal.B Checkin (malware.rules)
2016460 - ET MALWARE WEBC2-CSON Checkin - APT1 Related (malware.rules)
2049955 - ET MALWARE TrollAgent CnC Domain in DNS Lookup (ar .kostin .p-e .kr) (malware.rules)
2803801 - ETPRO ACTIVEX PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow (activex.rules)
2803859 - ETPRO MALWARE Backdoor.Win32.Wuca Checkin (malware.rules)
2803922 - ETPRO MALWARE Win32/Usteal.A Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	223	June 3, 2024
Ruleset Update Summary - 2024/04/29 - v10585 Ruleset Updates	271	April 29, 2024
Ruleset Update Summary - 2024/05/29 - v10605 Ruleset Updates	240	May 29, 2024
Ruleset Update Summary - 2023/09/19 - v10420 Ruleset Updates	264	September 19, 2023
Ruleset Update Summary - 2023/05/03 - v10315 Ruleset Updates	368	May 3, 2023

Ruleset Update Summary - 2024/01/11 - v10505

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics