Ruleset Update Summary - 2024/02/19 - v10535

Ruleset Updates
1

Summary:

8 new OPEN, 9 new PRO (8 + 1)

Added rules:

Open:

  • 2050944 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (germanclics .com) (exploit_kit.rules)
  • 2050945 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (germanclics .com) (exploit_kit.rules)
  • 2050946 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jimissupercool .com) (exploit_kit.rules)
  • 2050947 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (myclubpicks .com) (exploit_kit.rules)
  • 2050948 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jimissupercool .com) (exploit_kit.rules)
  • 2050949 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (myclubpicks .com) (exploit_kit.rules)
  • 2050950 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .members .openarmscv .com) (malware.rules)
  • 2050951 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .members .openarmscv .com) (malware.rules)

Pro:

  • 2856377 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Modified inactive rules:

  • 2001449 - ET POLICY Proxy Connection detected (policy.rules)
  • 2002776 - ET MALWARE SickleBot Reporting User Activity (malware.rules)
  • 2002831 - ET POLICY Msnbot Crawl (policy.rules)
  • 2002946 - ET POLICY Java Url Lib User Agent (policy.rules)
  • 2003385 - ET USER_AGENTS sgrunt Dialer User Agent (sgrunt) (user_agents.rules)
  • 2007776 - ET MALWARE Krunchy/BZub HTTP POST Update (malware.rules)
  • 2008368 - ET MALWARE Unknown Keylogger checkin (malware.rules)
  • 2009540 - ET MALWARE PCFlashbang.com Spyware Checkin (PCFlashBangA) (malware.rules)
  • 2012628 - ET EXPLOIT Java Exploit Attempt Request for .id from octal host (exploit.rules)
  • 2013397 - ET MALWARE W32/Pandex Trojan Dropper Initial Checkin (malware.rules)
  • 2013701 - ET MALWARE Agent-TMF Checkin (malware.rules)
  • 2014219 - ET MALWARE TSPY_SPCESEND.A Checkin (malware.rules)
  • 2014750 - ET EXPLOIT_KIT Incognito/RedKit Exploit Kit vulnerable Java payload request to /1digit.html (exploit_kit.rules)
  • 2014892 - ET CURRENT_EVENTS RedKit - Jar File Naming Algorithm (current_events.rules)
  • 2014913 - ET EXPLOIT_KIT NuclearPack - JAR Naming Algorithm (exploit_kit.rules)
  • 2014928 - ET CURRENT_EVENTS Unknown - Java Request .jar from dl.dropbox.com (current_events.rules)
  • 2014959 - ET EXPLOIT Base64 - Java Exploit Requested - /1Digit (exploit.rules)
  • 2014969 - ET EXPLOIT Unknown - Java Exploit Requested - 13-14Alpha.jar (exploit.rules)
  • 2014982 - ET CURRENT_EVENTS Googlebot UA POST to /uploadify.php (current_events.rules)
  • 2015002 - ET MALWARE Pushbot User-Agent (malware.rules)
  • 2015022 - ET MALWARE W32/Zusy Gettime Checkin (malware.rules)
  • 2015024 - ET MALWARE Incognito - Malicious PDF Requested - /getfile.php (malware.rules)
  • 2015030 - ET EXPLOIT Incognito - Java Exploit Requested - /gotit.php by Java Client (exploit.rules)
  • 2015031 - ET CURRENT_EVENTS Incognito - Payload Request - /load.php by Java Client (current_events.rules)
  • 2015042 - ET CURRENT_EVENTS g01pack - 32Char.php by Java Client (current_events.rules)
  • 2015055 - ET CURRENT_EVENTS Unknown_s=1 - Payload Requested - 32AlphaNum?s=1 Java Request (current_events.rules)
  • 2015585 - ET CURRENT_EVENTS FoxxySoftware - Hit Counter Access (current_events.rules)
  • 2015617 - ET MALWARE Smardf/Boaxxe GET to cc.php3 (malware.rules)
  • 2015646 - ET EXPLOIT_KIT Unknown Exploit Kit seen with O1/O2.class /form (exploit_kit.rules)
  • 2015647 - ET EXPLOIT_KIT Unknown Exploit Kit seen with O1/O2.class /search (exploit_kit.rules)
  • 2015669 - ET WEB_CLIENT Malicious Redirect n.php h=&s= (web_client.rules)
  • 2015672 - ET EXPLOIT_KIT Unknown Exploit Kit redirect (exploit_kit.rules)
  • 2102230 - GPL SCAN NetGear router default password login attempt admin/password (scan.rules)
  • 2800875 - ETPRO MALWARE Trojan.Win32.Nopor.A GET Config (malware.rules)
  • 2802112 - ETPRO MALWARE Worm.Win32.Autorun.BPT Checkin (malware.rules)
  • 2803075 - ETPRO MALWARE Trojan.Win32.Clemag.A Checkin (malware.rules)
  • 2803708 - ETPRO MALWARE BackDoor.DOQ.gen.y Checkin 3 (malware.rules)
  • 2803718 - ETPRO MALWARE Win32/Vundo.B Checkin (malware.rules)
  • 2804128 - ETPRO MALWARE Win32/Delf.H Checkin (malware.rules)
  • 2804582 - ETPRO MALWARE Banker.Agent.byr/SMSHoax.55 Checkin (malware.rules)
  • 2804608 - ETPRO MALWARE P2P-Worm.Win32.Palevo.bijc INSTALL (malware.rules)
  • 2804787 - ETPRO MALWARE Win32/AgentBypass.gen!K Checkin (malware.rules)
  • 2804848 - ETPRO MALWARE Trojan-Downloader.Win32.Adload.cfms Checkin (malware.rules)
  • 2804949 - ETPRO MALWARE Fraudpack-356/RogueAntiSpyware.XPAntivirus Checkin (malware.rules)
  • 2804996 - ETPRO MALWARE Trojan-Banker.Win32.Banker.ssqw Checkin (malware.rules)
  • 2805002 - ETPRO MALWARE HackTool.Win32.VKTools.na Checkin 4 (malware.rules)
  • 2805005 - ETPRO MALWARE TrojanDownloader.Win32/Banload.ZL Checkin 1 (malware.rules)
  • 2805011 - ETPRO MALWARE Win32/Banload.ALK Checkin (malware.rules)
  • 2805013 - ETPRO MALWARE Trojan-Banker.Win32.Banker.pcl Checkin (malware.rules)
  • 2805027 - ETPRO MALWARE Win32/TrojanDownloader.Banload.RDL Checkin (malware.rules)
  • 2805031 - ETPRO MALWARE Win32/Weelsof.A Checkin (malware.rules)
  • 2805037 - ETPRO MALWARE Win32/Obvod.K Checkin (malware.rules)
  • 2805073 - ETPRO MALWARE Win32/Banker.AHM Checkin (malware.rules)
  • 2805078 - ETPRO MALWARE Ransom.Win32.ZedoPoo.aac Checkin (malware.rules)
  • 2805086 - ETPRO MALWARE TrojWare.Win32.TrojanDownloader.Banload.gen.f Checkin (malware.rules)
  • 2805096 - ETPRO MALWARE Downloader.Win32.Knigsfot.ev Download Request (malware.rules)
  • 2805097 - ETPRO MALWARE Win32/Vbinder.CO Checkin (malware.rules)
  • 2805100 - ETPRO MALWARE Win32/Bancos.ACM Checkin 2 (malware.rules)
  • 2805104 - ETPRO MALWARE Win32/Malagent Checkin (malware.rules)
  • 2805112 - ETPRO MALWARE Trojan.Buzus.lbfq Checkin (malware.rules)
  • 2805119 - ETPRO MALWARE HackTool.Win32.Binder.bs .exe file Download (malware.rules)
  • 2805131 - ETPRO MALWARE Win32/Banload.AMO Checkin (malware.rules)
  • 2805134 - ETPRO MALWARE NoBo Checkin (malware.rules)
  • 2805135 - ETPRO MALWARE NoBo Downloading TXT (malware.rules)
  • 2805152 - ETPRO MALWARE HackTool.MSIL.Flooder.gen Checkin (malware.rules)
  • 2805159 - ETPRO MALWARE Trojan.Agent-276095 Checkin (malware.rules)
  • 2805172 - ETPRO MALWARE W32/Downloader.BEMB.dropper Checkin (malware.rules)
  • 2805173 - ETPRO MALWARE Trojan-PSW.Win32.Agent.ozr Checkin (malware.rules)
  • 2805174 - ETPRO MALWARE W32/Banbra.ASYO!tr Checkin (malware.rules)
  • 2805176 - ETPRO MALWARE Backdoor.Zemra Checkin (malware.rules)
  • 2805182 - ETPRO MALWARE Win32/BitCoinMiner.A Checkin (malware.rules)
  • 2805184 - ETPRO MALWARE Win32/Clidak.A Checkin (malware.rules)
  • 2805185 - ETPRO MALWARE Win32/Biloky.A Checkin (malware.rules)
  • 2805191 - ETPRO MALWARE Win32/TrojanDownloader.Banload.QYE Checkin (malware.rules)
  • 2805198 - ETPRO MALWARE Trojan-PSW.Win32.LdPinch.awfp!A2 Checkin (malware.rules)
  • 2805199 - ETPRO MALWARE TrojanDownloader.Win32/Banload.AMU checkin (malware.rules)
  • 2805207 - ETPRO MALWARE Win32/Delf.W Checkin (malware.rules)
  • 2805224 - ETPRO MALWARE Win32/TrojanDownloader.Banload.OKO Checkin (malware.rules)
  • 2805247 - ETPRO MALWARE W32/Dapato.BLTR!tr Checkin (malware.rules)
  • 2805248 - ETPRO MALWARE Win32/ProxyChanger.EI Checkin (malware.rules)
  • 2805249 - ETPRO MALWARE Spy.Banker.QEP Checkin (malware.rules)
  • 2805250 - ETPRO MALWARE W32/Yoshi.X!tr Checkin (malware.rules)
  • 2805264 - ETPRO MALWARE Trojan.Win32.S.Banker.167310 Checkin (malware.rules)
  • 2805274 - ETPRO MALWARE Trojan/Banker.Banbra.oyx Checkin (malware.rules)
  • 2805276 - ETPRO MALWARE Win32/AgentBypass.gen!G Checkin (malware.rules)
  • 2805278 - ETPRO MALWARE Win32/Weelsof.C Checkin (malware.rules)
  • 2805281 - ETPRO MALWARE Win32/Spy.Banker.TXN Checkin (malware.rules)
  • 2805287 - ETPRO MALWARE W32/Jorik_Steckt.N!tr Checkin (malware.rules)
  • 2805294 - ETPRO MALWARE Trojan.Mosucker-60 Checkin 2 (malware.rules)
  • 2805295 - ETPRO MALWARE TR/Pasta.A.152 Checkin (malware.rules)
  • 2805301 - ETPRO MALWARE Trojan.Banker Checkin (malware.rules)
  • 2805302 - ETPRO MALWARE Win32/Raven.gen!A Checkin (malware.rules)
  • 2805309 - ETPRO MALWARE Trojan-Dropper.Win32.Injector.fjzu Checkin (malware.rules)
  • 2805311 - ETPRO MALWARE Win32/Rustock.E Checkin (malware.rules)
  • 2805312 - ETPRO MALWARE Win32/VBInject.RT Checkin (malware.rules)
  • 2805313 - ETPRO MALWARE Trojan.Win32.Cossta.tnh Checkin (malware.rules)
  • 2805331 - ETPRO MALWARE W32/Hupigon.CI!genr Checkin (malware.rules)
  • 2805333 - ETPRO MALWARE Trojan.Win32.Generic! Checkin (malware.rules)
  • 2805339 - ETPRO MALWARE Win32 Generic requesting .xml file (malware.rules)
  • 2805360 - ETPRO MALWARE Win32.Malware.rwx Checkin (malware.rules)
  • 2805361 - ETPRO MALWARE Win32/Vwealer.BQ Checkin (malware.rules)
  • 2805363 - ETPRO MALWARE DATCK/BYCC DDOS bot Checkin - SET (malware.rules)
  • 2805374 - ETPRO MALWARE Trojan.Win32.VBKrypt.cugq Checkin (malware.rules)
  • 2805376 - ETPRO MALWARE Win32/ProxyChanger.J Checkin (malware.rules)
  • 2805377 - ETPRO MALWARE Win32/Wadolin.A Checkin 2 (malware.rules)
  • 2805382 - ETPRO MALWARE Trojan-Dropper.Win32.Daws.atjm Checkin (malware.rules)
  • 2805383 - ETPRO MALWARE Trojan.Win32.Swisyn.bfua Checkin (malware.rules)
  • 2805387 - ETPRO MALWARE Win32/Banbot.A Checkin (malware.rules)
  • 2805388 - ETPRO MALWARE Win32/FakePlus Checkin (malware.rules)
  • 2805398 - ETPRO MALWARE Trojan.Heur.hm0@fjz6PkS Checkin (malware.rules)
  • 2805399 - ETPRO MALWARE Win32/Rochap.A Checkin (malware.rules)
  • 2805400 - ETPRO MALWARE W32/Yakes.AP!tr Checkin (malware.rules)