Ruleset Update Summary - 2024/02/15 - v10533

rulesbot · February 15, 2024, 11:03pm

Summary:

20 new OPEN, 34 new PRO (20 + 14)

Thanks @ViriBack

Added rules:

Open:

2050876 - ET INFO Observed DNS Over HTTPS Domain (family .dns .teknoholistik .com in TLS SNI) (info.rules)
2050877 - ET INFO Observed DNS Over HTTPS Domain (dns .bravoc .one in TLS SNI) (info.rules)
2050878 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cattilecodereowop .pw) (malware.rules)
2050879 - ET MALWARE Observed Lumma Stealer Related Domain (cattilecodereowop .pw in TLS SNI) (malware.rules)
2050880 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (thinrecordsunrjisow .pw) (malware.rules)
2050881 - ET MALWARE Observed Lumma Stealer Related Domain (thinrecordsunrjisow .pw in TLS SNI) (malware.rules)
2050882 - ET INFO vk .com API Usage Observed (info.rules)
2050883 - ET INFO Observed DNS Query to vk .com API (api .vk .com) (info.rules)
2050884 - ET INFO Observed vk .com API Domain (api .vk .com in TLS SNI) (info.rules)
2050885 - ET MALWARE BunnyLoader 3.0 Initial Checkin (malware.rules)
2050886 - ET MALWARE BunnyLoader 3.0 Initial Checkin Response (malware.rules)
2050887 - ET MALWARE BunnyLoader 3.0 Heartbeat Checkin (malware.rules)
2050888 - ET MALWARE BunnyLoader 3.0 Heartbeat Response (malware.rules)
2050889 - ET MALWARE BunnyLoader 3.0 Tasking Checkin (malware.rules)
2050890 - ET MALWARE BunnyLoader 3.0 Tasking Response (malware.rules)
2050891 - ET MALWARE BunnyLoader 3.0 Echo Checkin (malware.rules)
2050892 - ET MALWARE BunnyLoader 3.0 DBID Checkin (malware.rules)
2050893 - ET MALWARE BunnyLoader 3.0 CID Checkin (malware.rules)
2050894 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (absolutecache .com) (exploit_kit.rules)
2050895 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (absolutecache .com) (exploit_kit.rules)

Pro:

2856359 - ETPRO MALWARE TA453 Controlled Domain in DNS Lookup (malware.rules)
2856360 - ETPRO MALWARE TA453 Controlled Domain in DNS Lookup (malware.rules)
2856361 - ETPRO MALWARE Observed TA453 Controlled Domain in TLS SNI (malware.rules)
2856362 - ETPRO MALWARE Observed TA453 Controlled Domain in TLS SNI (malware.rules)
2856363 - ETPRO MALWARE TA453 onrender Redirect Stage 1 (malware.rules)
2856364 - ETPRO MALWARE TA453 onrender Redirect Stage 2 - Request (malware.rules)
2856365 - ETPRO MALWARE TA453 onrender Redirect Stage 2 - Response M1 (malware.rules)
2856366 - ETPRO MALWARE TA453 onrender Redirect Stage 2 - Response M2 (malware.rules)
2856367 - ETPRO HUNTING Webex Meeting Redirect via onrender .com (hunting.rules)
2856368 - ETPRO MALWARE ChestBot CnC Activity (GET) (malware.rules)
2856369 - ETPRO MALWARE DNS Query to ChestBot Domain (malware.rules)
2856370 - ETPRO MALWARE Observed ChestBot Domain in TLS SNI (malware.rules)
2856373 - ETPRO HUNTING AutoIT3 EXE Download Request (hunting.rules)
2856374 - ETPRO MALWARE Possible Darkgate Test.txt Request (malware.rules)

Modified inactive rules:

2008489 - ET USER_AGENTS Suspicious User-Agent (dwplayer) (user_agents.rules)
2013948 - ET MALWARE PWS.TIBIA Checkin or Data Post (malware.rules)
2013949 - ET MALWARE PWS.TIBIA Checkin or Data Post 2 (malware.rules)
2014405 - ET MALWARE Cridex.B/Feodo Checkin (malware.rules)
2803706 - ETPRO MALWARE BackDoor.DOQ.gen.y Checkin 1 (malware.rules)
2803794 - ETPRO MALWARE Trojan.Win32.OddJob.A Checkin 3 (malware.rules)
2803891 - ETPRO MALWARE TrojanSpy.Win32/Banker.AAX Checkin (malware.rules)
2803988 - ETPRO MALWARE Win32/Toshinc.A Checkin (malware.rules)
2804014 - ETPRO MALWARE Trojan.Win32/Malat Checkin (malware.rules)
2804029 - ETPRO MALWARE Win32/Mafod!rts Checkin (malware.rules)
2804070 - ETPRO MALWARE Trojan-Banker.Win32.Banbra.amvh Checkin (malware.rules)
2804084 - ETPRO MALWARE Win32/Banker.YB Checkin (malware.rules)
2804697 - ETPRO MALWARE Trojan.Win32.Spy Checkin (malware.rules)

Disabled and modified rules:

2018184 - ET MALWARE Zeus.Downloader Campaign Second Stage Executable Request (malware.rules)
2018200 - ET MALWARE Win32/Matsnu.L Checkin (malware.rules)
2807712 - ETPRO MALWARE Win32/Rovnix.J Checkin (malware.rules)
2807762 - ETPRO MALWARE Win32/Killav.CM Checkin (malware.rules)
2807763 - ETPRO MALWARE Win32/Hider.G GET .ini Request (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	171	March 25, 2024
Ruleset Update Summary - 2024/02/05 - v10524 Ruleset Updates	327	February 5, 2024
Ruleset Update Summary - 2024/01/12 - v10506 Ruleset Updates	303	January 12, 2024
Ruleset Update Summary - 2024/02/06 - v10525 Ruleset Updates	311	February 6, 2024
Ruleset Update Summary - 2024/02/09 - v10528 Ruleset Updates	363	February 9, 2024

Ruleset Update Summary - 2024/02/15 - v10533

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Related Topics