Ruleset Update Summary - 2024/04/17 - v10577

Summary:

10 new OPEN, 14 new PRO (10 + 4)


Added rules:

Open:

  • 2052130 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kingofdolomites .com) (exploit_kit.rules)
  • 2052131 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mmasports786 .com) (exploit_kit.rules)
  • 2052132 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (onesmartiptv .com) (exploit_kit.rules)
  • 2052133 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beautyservicenearme .com) (exploit_kit.rules)
  • 2052134 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (architecture-interior .com) (exploit_kit.rules)
  • 2052135 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kingofdolomites .com) (exploit_kit.rules)
  • 2052136 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mmasports786 .com) (exploit_kit.rules)
  • 2052137 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (onesmartiptv .com) (exploit_kit.rules)
  • 2052138 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beautyservicenearme .com) (exploit_kit.rules)
  • 2052139 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (architecture-interior .com) (exploit_kit.rules)

Pro:

  • 2856664 - ETPRO MALWARE Win32/Sarwent Variant Checkin Related Activity (GET) (malware.rules)
  • 2856665 - ETPRO MALWARE Win32/Sarwent Variant Related Activity M3 (GET) (malware.rules)
  • 2856666 - ETPRO MALWARE Win32/Sarwent Variant Related Activity M4 (GET) (malware.rules)
  • 2856667 - ETPRO MALWARE Win32/Sarwent Variant Related Activity M5 (GET) (malware.rules)

Modified inactive rules:

  • 2018912 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018935 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2018939 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (CryptoWall C2) (malware.rules)
  • 2018942 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS MITM) (malware.rules)
  • 2018943 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak MITM) (malware.rules)
  • 2018944 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak MITM) (malware.rules)
  • 2018947 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2019149 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS C2) (malware.rules)
  • 2019363 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TeslaCrypt) (malware.rules)
  • 2019466 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2019516 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Backoff CnC) (malware.rules)
  • 2019517 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2019811 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2020075 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2021086 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
  • 2021102 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex CnC) (malware.rules)
  • 2021113 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (malware.rules)
  • 2021154 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (malware.rules)
  • 2021192 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021196 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (malware.rules)
  • 2021197 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021198 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021199 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021208 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021209 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021210 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021211 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021212 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021221 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021222 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021223 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021224 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Geodo MITM) (malware.rules)
  • 2021391 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (malware.rules)
  • 2021436 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM) (malware.rules)
  • 2021445 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM) (malware.rules)
  • 2021553 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (VMZeuS MITM) (malware.rules)
  • 2021565 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021566 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021592 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021593 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021594 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021598 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021599 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021602 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021604 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021720 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021721 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021733 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021734 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Tinba MITM) (malware.rules)
  • 2021815 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Spy.Shiz CnC) (malware.rules)
  • 2021844 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TorrentLocker CnC) (malware.rules)
  • 2022230 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit MITM) (malware.rules)
  • 2022247 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC) (malware.rules)
  • 2022920 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2022943 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2) (malware.rules)
  • 2023162 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
  • 2023163 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
  • 2023528 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Chthonic CnC) (malware.rules)
  • 2023530 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Chthonic MITM) (malware.rules)
  • 2023541 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TrickBot CnC) (malware.rules)

Disabled and modified rules:

  • 2035863 - ET MALWARE Pegasus Domain in DNS Lookup (malware.rules)
  • 2035872 - ET MALWARE Vidar Stealer CnC Domain in DNS Lookup (malware.rules)
  • 2036606 - ET MALWARE Restylink Domain in DNS Lookup (officehoster .com) (malware.rules)
  • 2051671 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (doughmebinnybunio .shop) (malware.rules)
  • 2051672 - ET MALWARE Observed Lumma Stealer Related Domain (doughmebinnybunio .shop in TLS SNI) (malware.rules)
  • 2051673 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (combinationconventiwov .shop) (malware.rules)
  • 2051674 - ET MALWARE Observed Lumma Stealer Related Domain (combinationconventiwov .shop in TLS SNI) (malware.rules)