Ruleset Update Summary - 2024/02/23 - v10539

rulesbot · February 23, 2024, 10:04pm

Summary:

3 new OPEN, 18 new PRO (3 + 15)

Thanks @Unit42_Intel

Added rules:

Open:

2051076 - ET MALWARE Win32/AsyncRAT CnC Checkin (GET) (malware.rules)
2051077 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (funcallback .com) (exploit_kit.rules)
2051078 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (funcallback .com) (exploit_kit.rules)

Pro:

2856383 - ETPRO MALWARE WasabiSeed Backdoor Payload Inbound (malware.rules)
2856384 - ETPRO MALWARE TA407 Domain in DNS Lookup (malware.rules)
2856385 - ETPRO MALWARE TA407 Domain in DNS Lookup (malware.rules)
2856386 - ETPRO MALWARE TA407 Domain in DNS Lookup (malware.rules)
2856387 - ETPRO MALWARE TA407 Domain in DNS Lookup (malware.rules)
2856388 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
2856389 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
2856390 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
2856391 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
2856392 - ETPRO MALWARE Observed TA407 Domain in TLS SNI (malware.rules)
2856393 - ETPRO PHISHING Successful TA407 Credential Phish 2024-02-23 (phishing.rules)
2856394 - ETPRO PHISHING TA407 Credential Phish Landing Page 2024-02-23 (phishing.rules)
2856395 - ETPRO MALWARE Cleanup Loader Command ID (malware.rules)
2856396 - ETPRO MALWARE Suspected TA453 Domain in DNS Lookup (malware.rules)
2856397 - ETPRO MALWARE Suspected TA453 Domain in TLS SNI (malware.rules)

Modified inactive rules:

2003449 - ET ADWARE_PUP Webbuying.net Spyware Install User-Agent 2 (wb v1.6.4) (adware_pup.rules)
2012136 - ET MALWARE Waledac 2.0/Storm Worm 3.0 GET request detected (malware.rules)
2014361 - ET MALWARE Win32/Protux.B Download Update (malware.rules)
2014914 - ET CURRENT_EVENTS NuclearPack - PDF Naming Algorithm (current_events.rules)
2015530 - ET MALWARE HTTP Request to RunForestRun DGA Domain 16-alpha.waw.pl (malware.rules)
2015533 - ET MALWARE Karagany checkin (sid5 1) (malware.rules)
2015534 - ET MALWARE Karagany checkin (sid5 2) (malware.rules)
2015748 - ET MALWARE Fake Anti-Hacking Tool (malware.rules)
2015835 - ET MALWARE Smoke Loader C2 Response (malware.rules)
2017743 - ET CURRENT_EVENTS Possible WhiteLotus IE Payload (current_events.rules)
2018925 - ET EXPLOIT_KIT Turla/SPL EK Java Exploit Requested - /spl/ (exploit_kit.rules)
2019078 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Aug 27 2014 (exploit_kit.rules)
2019180 - ET EXPLOIT_KIT Malvertising Leading to EK Aug 19 2014 M4 (exploit_kit.rules)
2019286 - ET MALWARE Job314 EK Payload Checkin (malware.rules)
2019543 - ET EXPLOIT_KIT Likely SweetOrange EK Flash Exploit URI Struct (exploit_kit.rules)
2019672 - ET EXPLOIT_KIT Possible HanJuan EK Flash Payload DL (exploit_kit.rules)
2019697 - ET MALWARE Possible Dridex Campaign Download Nov 11 2014 (malware.rules)
2019753 - ET CURRENT_EVENTS Possible FlashPack (FlashOnly) Payload Struct Nov 19 2014 (current_events.rules)
2019765 - ET EXPLOIT_KIT DRIVEBY Nuclear EK SWF (exploit_kit.rules)
2019766 - ET EXPLOIT FlashPack Flash Exploit Nov 20 2014 (exploit.rules)
2019799 - ET EXPLOIT Magnitude Flash Exploit (IE) (exploit.rules)
2019800 - ET CURRENT_EVENTS Magnitude Flash Payload (current_events.rules)
2019844 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Exploit Struct (exploit_kit.rules)
2019845 - ET EXPLOIT_KIT DRIVEBY Nuclear EK SWF (exploit_kit.rules)
2019846 - ET EXPLOIT_KIT DRIVEBY Nuclear EK SWF (exploit_kit.rules)
2019872 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Payload (flowbits set) (exploit_kit.rules)
2019873 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Payload (exploit_kit.rules)
2019877 - ET MALWARE MS Office Macro Dridex Download URI Dec 5 2014 (malware.rules)
2019895 - ET EXPLOIT_KIT Malicious Redirect Leading to EK Dec 08 2014 (exploit_kit.rules)
2019950 - ET EXPLOIT_KIT Malicious Referer Bulk Traffic Sometimes Leading to EKs (Possible Bedep infection) Dec 16 2014 (exploit_kit.rules)
2019953 - ET WEB_CLIENT Upatre Redirector Dec 16 2014 set (web_client.rules)
2020318 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Jan 27 2015 M1 (exploit_kit.rules)
2020319 - ET EXPLOIT_KIT DRIVEBY Nuclear EK Landing Jan 27 2015 M2 (exploit_kit.rules)
2020498 - ET EXPLOIT_KIT DRIVEBY Possible Unknown EK HFS CVE-2014-6332 (exploit_kit.rules)
2020584 - ET EXPLOIT_KIT Sweet Orange EK Flash Exploit IE March 03 2015 (exploit_kit.rules)
2020903 - ET EXPLOIT_KIT SPL2 EK Post-Compromise Data Dump M1 (exploit_kit.rules)
2020904 - ET EXPLOIT_KIT SPL2 EK Post-Compromise Data Dump M2 (exploit_kit.rules)
2020905 - ET EXPLOIT_KIT SPL2 EK Post-Compromise Data Dump M3 (exploit_kit.rules)
2020975 - ET EXPLOIT_KIT Nuclear EK Landing Apr 22 2015 (exploit_kit.rules)
2020994 - ET EXPLOIT_KIT Possible Sundown EK Flash Exploit Struct T2 Apr 24 2015 (exploit_kit.rules)
2021056 - ET MALWARE Dyre Downloading Mailer 2 (malware.rules)
2021244 - ET MALWARE Dridex Download June 10 2015 (malware.rules)
2021306 - ET EXPLOIT_KIT Likely CottonCastle/Niteris EK Response June 19 2015 (exploit_kit.rules)
2021640 - ET EXPLOIT_KIT CottonCastle/Niteris EK Exploit URI Struct Aug 17 2015 (exploit_kit.rules)
2021708 - ET EXPLOIT_KIT Nuclear EK IE Exploit Aug 23 2015 (exploit_kit.rules)
2021848 - ET WEB_CLIENT Evil Redirector from iframe Sep 29 2015 (web_client.rules)
2805189 - ETPRO MALWARE Graftor/General Downloader Checkin check_update.php (malware.rules)
2805263 - ETPRO MALWARE Trojan.Win32.Workir.yf Checkin (malware.rules)
2809006 - ETPRO MALWARE BackDoor.Tishop.2 Checkin (malware.rules)
2809077 - ETPRO MALWARE JST Perl IrcBot v3.0 HTTP GET Request (malware.rules)
2809205 - ETPRO MALWARE Win32.Trojan.Win32/Agent.QRI (Korplug Related) Checkin (malware.rules)
2810879 - ETPRO EXPLOIT_KIT Nuclear EK Landing April 30 2015 M4 (exploit_kit.rules)
2810900 - ETPRO WEB_CLIENT Evil Redirector Leading to EK/Malware (web_client.rules)
2811861 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing Jul 08 2015 M1 (exploit_kit.rules)
2811862 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing Jul 08 2015 M2 (exploit_kit.rules)
2811863 - ETPRO EXPLOIT_KIT Possible Nuclear EK Landing Jul 08 2015 M2 (exploit_kit.rules)
2811929 - ETPRO MALWARE Upatre Common URI Struct July 13 2015 (malware.rules)
2812428 - ETPRO MOBILE_MALWARE Android-Trojan/Infostealer.da87 Checkin (mobile_malware.rules)
2812540 - ETPRO MALWARE Win32/Setaclod.A Checkin (malware.rules)
2812603 - ETPRO MALWARE Win32/Genasom.FO Malicious Redirect (malware.rules)
2812634 - ETPRO MALWARE Win32.Scar Checkin (malware.rules)
2812844 - ETPRO MALWARE Win32/Trfijan.A Checkin (malware.rules)
2812851 - ETPRO MALWARE Unknown Powershell Backdoor Retrieve Commands M2 (malware.rules)
2812966 - ETPRO MALWARE MSIL/Stimilina.F Checkin (malware.rules)
2812983 - ETPRO MALWARE TrojanDownloader.Banload.VHZ Checkin 3 (malware.rules)
2814166 - ETPRO EXPLOIT_KIT Possible Nuclear EK Flash Exploit M1 (exploit_kit.rules)
2814388 - ETPRO EXPLOIT_KIT possible Nuclear EK DHE traffic server to client (exploit_kit.rules)
2814494 - ETPRO EXPLOIT_KIT Nuclear EK Landing Oct 20 2015 M3 (exploit_kit.rules)
2814676 - ETPRO MALWARE MSIL/Kryptik.CNO Retrieving Payload (malware.rules)
2814712 - ETPRO MALWARE Ursnif Payload via Document Macro (malware.rules)
2814756 - ETPRO MALWARE Ursnif Payload via Document Macro Nov 4 (malware.rules)
2814802 - ETPRO PHISHING JS Array Obfuscated Phishing Landing Nov 6 (phishing.rules)
2814804 - ETPRO MALWARE Ursnif Payload via Document Macro Nov 5 (malware.rules)
2814902 - ETPRO MALWARE CryptoBrazzer Ransomware Checkin (malware.rules)
2815006 - ETPRO PHISHING Successful Jimdo Outlook Web App Phishing Nov 19 (phishing.rules)
2815139 - ETPRO EXPLOIT_KIT Possible Nuclear EK Payload Nov 30 2015 (exploit_kit.rules)
2815178 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Pyrof.a Checkin (mobile_malware.rules)
2815214 - ETPRO EXPLOIT_KIT Possible Nuclear EK Payload Dec 06 2015 (exploit_kit.rules)
2815216 - ETPRO MALWARE Unknown CnC Checkin (malware.rules)
2815221 - ETPRO EXPLOIT_KIT Nuclear EK Flash Exploit Dec 03 2015 (exploit_kit.rules)
2815222 - ETPRO EXPLOIT_KIT Nuclear EK Flash Exploit Dec 03 2015 (exploit_kit.rules)
2815338 - ETPRO MALWARE Unknown CnC Checkin (malware.rules)
2815374 - ETPRO MALWARE Win32.Keylogger.dklygt Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/09/12 - v10415 Ruleset Updates	210	September 12, 2023
Ruleset Update Summary - 2023/09/20 - v10421 Ruleset Updates	243	September 20, 2023
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	204	June 20, 2023
Ruleset Update Summary - 2023/05/09 - v10319 Ruleset Updates	331	May 9, 2023
Ruleset Update Summary - 2023/09/11 - v10414 Ruleset Updates	291	September 11, 2023

Ruleset Update Summary - 2024/02/23 - v10539

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related Topics