Ruleset Update Summary - 2024/03/19 - v10555

rulesbot · March 19, 2024, 9:07pm

Summary:

2 new OPEN, 4 new PRO (2 + 2)

Thanks @malwrhunterteam

Added rules:

Open:

2051696 - ET MALWARE Win32/Remcos RAT Loader Related Activity (GET) (malware.rules)
2051697 - ET MALWARE Win64/FakeUnity CnC Activity (POST) (malware.rules)

Pro:

2856495 - ETPRO HUNTING If-Unmodified-Since Header with Microsoft BITS User-Agent (hunting.rules)
2856496 - ETPRO EXPLOIT_KIT VexTrio Obfuscated Inject (exploit_kit.rules)

Modified inactive rules:

2003154 - ET ADWARE_PUP Bestcount.net Spyware Data Upload (adware_pup.rules)

Disabled and modified rules:

2014359 - ET POLICY DNSWatch .info IP Check (policy.rules)
2014813 - ET WEB_SPECIFIC_APPS WordPress LeagueManager plugin season parameter Cross-Site Scripting Attempt (web_specific_apps.rules)
2048491 - ET MALWARE UAC-006 Domain in DNS Lookup (ukr-net-download-files-php-name .ru) (malware.rules)
2048492 - ET MALWARE UAC-006 Domain in TLS SNI (ukr-net-download-files-php-name .ru) (malware.rules)
2049933 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (nowordshere .org) (exploit_kit.rules)
2049934 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (nowordshere .org) (exploit_kit.rules)
2049935 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arkadyevna .com) (exploit_kit.rules)
2049936 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (choosetotruck .com) (exploit_kit.rules)
2049937 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (boxtechcompany .com) (exploit_kit.rules)
2049938 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arkadyevna .com) (exploit_kit.rules)
2049939 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (choosetotruck .com) (exploit_kit.rules)
2049940 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (boxtechcompany .com) (exploit_kit.rules)
2049945 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (electricnico .com) (exploit_kit.rules)
2049946 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (electricnico .com) (exploit_kit.rules)
2049960 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (lazittarl .com) (exploit_kit.rules)
2049961 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (lazittarl .com) (exploit_kit.rules)
2050019 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mariateresacalderon .com) (exploit_kit.rules)
2050020 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mariateresacalderon .com) (exploit_kit.rules)
2050099 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frenchpies .org) (exploit_kit.rules)
2050100 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (debasesingle .life) (exploit_kit.rules)
2050101 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frenchpies .org) (exploit_kit.rules)
2050102 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (scorelineupdate .com) (exploit_kit.rules)
2050103 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (phinetik .com) (exploit_kit.rules)
2804509 - ETPRO WEB_CLIENT Microsoft .NET Framework System.Uri.ReCreateParts method remote code execution (web_client.rules)
2804642 - ETPRO INFO Remote Manipulator System (RMS) Init Connect (info.rules)
2804852 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin (malware.rules)
2805014 - ETPRO MALWARE Trojan-Banker.Win32.Banker.mpx sending info via SMTP (malware.rules)
2856409 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2856427 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/11/14 - v10465 Ruleset Updates	256	November 14, 2023
Ruleset Update Summary - 2023/12/29 - v10496 Ruleset Updates	219	December 29, 2023
Ruleset Update Summary - 2024/02/23 - v10539 Ruleset Updates	169	February 23, 2024
Ruleset Update Summary - 2023/04/17 - v10299 Ruleset Updates	365	April 17, 2023
Ruleset Update Summary - 2023/05/26 - v10333 Ruleset Updates	331	May 26, 2023

Ruleset Update Summary - 2024/03/19 - v10555

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Related Topics