Ruleset Update Summary - 2024/04/17 - v10577

rulesbot · April 17, 2024, 9:09pm

Summary:

10 new OPEN, 14 new PRO (10 + 4)

Added rules:

Open:

2052130 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kingofdolomites .com) (exploit_kit.rules)
2052131 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mmasports786 .com) (exploit_kit.rules)
2052132 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onesmartiptv .com) (exploit_kit.rules)
2052133 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beautyservicenearme .com) (exploit_kit.rules)
2052134 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (architecture-interior .com) (exploit_kit.rules)
2052135 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kingofdolomites .com) (exploit_kit.rules)
2052136 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mmasports786 .com) (exploit_kit.rules)
2052137 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onesmartiptv .com) (exploit_kit.rules)
2052138 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beautyservicenearme .com) (exploit_kit.rules)
2052139 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (architecture-interior .com) (exploit_kit.rules)

Pro:

2856664 - ETPRO MALWARE Win32/Sarwent Variant Checkin Related Activity (GET) (malware.rules)
2856665 - ETPRO MALWARE Win32/Sarwent Variant Related Activity M3 (GET) (malware.rules)
2856666 - ETPRO MALWARE Win32/Sarwent Variant Related Activity M4 (GET) (malware.rules)
2856667 - ETPRO MALWARE Win32/Sarwent Variant Related Activity M5 (GET) (malware.rules)

Modified inactive rules:

2018912 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
2018935 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
2018939 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (CryptoWall C2) (malware.rules)
2018942 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS MITM) (malware.rules)
2018943 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak MITM) (malware.rules)
2018944 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak MITM) (malware.rules)
2018947 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
2019149 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
2019363 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TeslaCrypt) (malware.rules)
2019466 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
2019516 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Backoff CnC) (malware.rules)
2019517 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
2019811 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
2020075 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
2021086 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
2021102 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC) (malware.rules)
2021113 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (malware.rules)
2021154 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (malware.rules)
2021192 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021196 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (malware.rules)
2021197 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021198 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021199 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021208 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021209 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021210 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021211 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021212 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021221 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021222 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021223 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021224 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
2021391 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (malware.rules)
2021436 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM) (malware.rules)
2021445 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM) (malware.rules)
2021553 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM) (malware.rules)
2021565 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021566 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021592 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021593 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021594 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021598 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021599 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021602 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021604 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021720 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021721 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021733 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021734 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
2021815 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (malware.rules)
2021844 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
2022230 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM) (malware.rules)
2022247 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC) (malware.rules)
2022920 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
2022943 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
2023162 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
2023163 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
2023528 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Chthonic CnC) (malware.rules)
2023530 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Chthonic MITM) (malware.rules)
2023541 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC) (malware.rules)

Disabled and modified rules:

2035863 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
2035872 - ET MALWARE Vidar Stealer CnC Domain in DNS Lookup (malware.rules)
2036606 - ET MALWARE Restylink Domain in DNS Lookup (officehoster .com) (malware.rules)
2051671 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (doughmebinnybunio .shop) (malware.rules)
2051672 - ET MALWARE Observed Lumma Stealer Related Domain (doughmebinnybunio .shop in TLS SNI) (malware.rules)
2051673 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (combinationconventiwov .shop) (malware.rules)
2051674 - ET MALWARE Observed Lumma Stealer Related Domain (combinationconventiwov .shop in TLS SNI) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/02/19 - v10535 Ruleset Updates	267	February 19, 2024
Ruleset Update Summary - 2024/04/01 - v10564 Ruleset Updates	151	April 1, 2024
Ruleset Update Summary - 2024/01/08 - v10501 Ruleset Updates	437	January 8, 2024
Ruleset Update Summary - 2023/12/18 - v10488 Ruleset Updates	247	December 18, 2023
Ruleset Update Summary - 2024/02/05 - v10524 Ruleset Updates	336	February 5, 2024

Ruleset Update Summary - 2024/04/17 - v10577

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Related Topics