Ruleset Update Summary - 2024/04/23 - v10581

rulesbot · April 23, 2024, 8:38pm

Summary:

13 new OPEN, 14 new PRO (13 + 1)

Thanks @kaspersky

Added rules:

Open:

2052235 - ET MALWARE APT Related CR4T Backdoor Activity (malware.rules)
2052236 - ET MALWARE APT Related CR4T Dropper Activity M1 (GET) (malware.rules)
2052237 - ET MALWARE APT Related CR4T Dropper Domain in DNS Lookup (commonline .space) (malware.rules)
2052238 - ET MALWARE Observed APT Related CR4T Dropper Domain (commonline .space in TLS SNI) (malware.rules)
2052239 - ET MALWARE APT Related CR4T Dropper Domain in DNS Lookup (userfeedsync .com) (malware.rules)
2052240 - ET MALWARE Observed APT Related CR4T Dropper Domain (userfeedsync .com in TLS SNI) (malware.rules)
2052241 - ET MALWARE APT Related CR4T Dropper Activity M2 (GET) (malware.rules)
2052242 - ET INFO Commonly Abused Link Agregating Service Domain in DNS Lookup (linkup .top) (info.rules)
2052243 - ET INFO Observed Commonly Abused Link Agregating Service Domain (linkup .top in TLS SNI) (info.rules)
2052244 - ET MALWARE SocGholish Domain in TLS SNI (nano .anygreaterways .tech) (malware.rules)
2052245 - ET MALWARE SocGholish Domain in DNS Lookup (nano .anygreaterways .tech) (malware.rules)
2052246 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (marvin-occentus .net) (exploit_kit.rules)
2052247 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (marvin-occentus .net) (exploit_kit.rules)

Pro:

2856773 - ETPRO EXPLOIT_KIT Parrot TDS NDSJ Check (exploit_kit.rules)

Modified inactive rules:

2019518 - ET MALWARE Win32/Chanitor.A Domain in SNI (malware.rules)
2019645 - ET MALWARE Bedep SSL Cert (malware.rules)
2021194 - ET MALWARE Qadars WebInject SSL Cert (malware.rules)
2021260 - ET MALWARE Torrentlocker C2 SSL cert (malware.rules)
2021867 - ET MALWARE Winlock/Torrentlocker SSL Cert (malware.rules)
2021868 - ET MALWARE Winlock/Torrentlocker SSL Cert (malware.rules)
2021869 - ET MALWARE Winlock/Torrentlocker SSL Cert (malware.rules)
2021894 - ET MALWARE Winlock/Torrentlocker SSL Cert (malware.rules)
2022218 - ET POLICY Lets Encrypt Free SSL Cert Observed (policy.rules)
2022253 - ET MALWARE Possible Gootkit CnC SSL Cert M1 (malware.rules)
2022254 - ET MALWARE Possible Gootkit CnC SSL Cert M2 (malware.rules)
2022255 - ET MALWARE Possible Gootkit CnC SSL Cert M3 (malware.rules)
2022256 - ET MALWARE Possible Gootkit CnC SSL Cert M4 (malware.rules)
2022257 - ET MALWARE Possible Gootkit CnC SSL Cert M5 (malware.rules)
2022258 - ET MALWARE Possible Gootkit CnC SSL Cert M6 (malware.rules)
2022259 - ET MALWARE Possible Gootkit CnC SSL Cert M7 (malware.rules)
2022292 - ET MALWARE Possible Gootkit CnC SSL Cert M8 (malware.rules)
2023952 - ET MALWARE MAGICHOUND.FETCH SSL Cert (malware.rules)
2024124 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M1 (web_client.rules)
2024125 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M2 (web_client.rules)
2024126 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M3 (web_client.rules)
2024127 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M4 (web_client.rules)
2024128 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M5 (web_client.rules)
2024129 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M6 (web_client.rules)
2024130 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M7 (web_client.rules)
2024131 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M8 (web_client.rules)
2024132 - ET WEB_CLIENT Lets Encrypt Free SSL Cert Observed in Tech Support Scams M9 (web_client.rules)
2024304 - ET MALWARE MSIL/May Ransomware SSL Cert Observed (malware.rules)
2030366 - ET JA3 Hash - Possible POSHC2 Client CnC (ja3.rules)
2030367 - ET JA3 Hash - Possible POSHC2 Server Response (ja3.rules)
2807056 - ETPRO MALWARE Win32.Kryptik.BJWG 1 (malware.rules)
2807057 - ETPRO MALWARE Win32.Kryptik.BJWG 2 (malware.rules)
2807058 - ETPRO MALWARE Win32.Kryptik.BJWG 3 (malware.rules)
2807059 - ETPRO MALWARE Win32.Kryptik.BJWG 4 (malware.rules)
2807060 - ETPRO MALWARE Win32.Kryptik.BJWG 5 (malware.rules)
2807061 - ETPRO MALWARE Win32/Rbot SSL checkin 1 (malware.rules)
2807062 - ETPRO MALWARE Win32/Rbot SSL checkin 2 (malware.rules)
2807063 - ETPRO MALWARE Win32/Rbot SSL checkin 4 (malware.rules)
2807064 - ETPRO MALWARE Win32/Rbot SSL checkin 5 (malware.rules)
2807065 - ETPRO MALWARE Win32/Rbot SSL checkin 6 (malware.rules)
2807066 - ETPRO MALWARE Win32/Rbot SSL checkin 7 (malware.rules)
2807067 - ETPRO MALWARE Win32/Rbot SSL checkin 8 (malware.rules)
2807068 - ETPRO MALWARE Win32/Rbot SSL checkin 9 (malware.rules)
2809711 - ETPRO MALWARE Backdoor.Win32.Androm.gezi SSL Cert (malware.rules)
2809924 - ETPRO MALWARE Win32/Spy.Shiz.NCO SSL Cert (malware.rules)
2809925 - ETPRO MALWARE Win32/Spy.Shiz.NCO SSL Cert (malware.rules)
2810080 - ETPRO MALWARE Win32/Teerac.A Ransomware SSL Cert (malware.rules)
2810082 - ETPRO MALWARE Win32/Teerac.A Ransomware SSL Cert (malware.rules)
2810164 - ETPRO MALWARE Win32/Tepoyx.A SSL Cert (malware.rules)
2810891 - ETPRO MALWARE Spy.Zbot.YW SSL Certificate (malware.rules)
2810894 - ETPRO ADWARE_PUP PUP.InstallMetrix.L SSL Certificate (adware_pup.rules)
2810988 - ETPRO MALWARE Win32/Spy.Shiz SSL Cert (malware.rules)
2811076 - ETPRO MALWARE Upatre SSL Cert (malware.rules)
2811249 - ETPRO MALWARE Naikon Domain in SNI (malware.rules)
2811536 - ETPRO ADWARE_PUP Possible PUP Win32/ExpressDownloader.E SSL Cert (adware_pup.rules)
2811876 - ETPRO MALWARE CryptoLocker SSL Cert (malware.rules)
2812522 - ETPRO MALWARE Ursnif SSL Cert (malware.rules)
2813089 - ETPRO MALWARE Qadars SSL Cert (malware.rules)
2814020 - ETPRO MALWARE Winlock/CryptoLocker2 SSL Cert (malware.rules)
2814026 - ETPRO MALWARE Unknown Powershell Backdoor SSL Cert Sept 21 2015 (malware.rules)
2814238 - ETPRO MALWARE Qadars SSL Cert (malware.rules)
2814584 - ETPRO MALWARE Upatre SSL Cert (malware.rules)
2814675 - ETPRO MALWARE Ursnif Injects SSL Cert (malware.rules)
2814722 - ETPRO MALWARE NewPOSThings SSL Cert (malware.rules)
2814800 - ETPRO PHISHING Observed SSL Cert in LCL Bank Phishing Nov 6 (phishing.rules)
2814863 - ETPRO MALWARE Ursnif Injects SSL Cert (malware.rules)
2814904 - ETPRO MALWARE PowerSploit SSL Cert (malware.rules)
2814948 - ETPRO EXPLOIT_KIT Possible EK Redir SSL Cert (exploit_kit.rules)
2815179 - ETPRO MALWARE Possible EK Redirector SSL Cert (malware.rules)
2815219 - ETPRO MALWARE Ursnif Injects SSL Cert (malware.rules)
2815234 - ETPRO MALWARE Gootkit Injects SSL Cert (malware.rules)
2815306 - ETPRO MALWARE Ursnif Injects SSL Cert (malware.rules)
2815317 - ETPRO MALWARE Gootkit Injects SSL Cert (malware.rules)
2815341 - ETPRO MALWARE Qadars SSL Cert (malware.rules)
2815379 - ETPRO MALWARE Upatre SSL Cert Dec 15 (malware.rules)
2815422 - ETPRO MALWARE Gootkit Injects SSL Cert (malware.rules)
2815456 - ETPRO MALWARE Possible BBSRAT SSL Certificate Detected (malware.rules)
2815457 - ETPRO MALWARE Possible BBSRAT SSL Certificate Detected (malware.rules)
2815504 - ETPRO MALWARE Possible EK Redirector SSL Cert (malware.rules)
2815505 - ETPRO MALWARE Possible EK Redirector SSL Cert (malware.rules)
2815506 - ETPRO MALWARE Possible EK Redirector SSL Cert (malware.rules)
2815507 - ETPRO MALWARE Possible EK Redirector SSL Cert (malware.rules)
2815703 - ETPRO MALWARE Maldoc Downloader SSL Cert Jan 08 (malware.rules)
2815798 - ETPRO EXPLOIT_KIT Possible EK Redir SSL Cert (exploit_kit.rules)
2815814 - ETPRO MALWARE Qadars Injects SSL Cert (malware.rules)
2815977 - ETPRO MALWARE Possible EK Redirector SSL Cert (malware.rules)
2816037 - ETPRO MALWARE Python/Kaazar SSL Cert (malware.rules)
2816052 - ETPRO MALWARE Possible Vawtrak Injects SSL Cert (malware.rules)
2816302 - ETPRO MALWARE Evil Redirector to EK SSL Cert (malware.rules)
2816303 - ETPRO MALWARE Evil Redirector to EK SSL Cert (malware.rules)
2816304 - ETPRO MALWARE Evil Redirector to EK SSL Cert (malware.rules)
2816406 - ETPRO MALWARE Win32/Tepoyx Banking Injects SSL Certificate (malware.rules)
2816695 - ETPRO MALWARE Possible BBSRAT SSL Certificate Detected (malware.rules)
2816943 - ETPRO MALWARE Possible Derusbi SSL Cert (malware.rules)
2819901 - ETPRO ADWARE_PUP Win32/Dartsmound SSL Certificate Detected (adware_pup.rules)
2819902 - ETPRO MALWARE Tinba Banker Injects Domain SSL Cert (malware.rules)
2819907 - ETPRO ADWARE_PUP Win32/Dartsmound SSL Certificate Detected 2 (adware_pup.rules)
2820010 - ETPRO MALWARE Observerd Malvertising Domain SSL Cert (malware.rules)
2820274 - ETPRO MALWARE Ixeshe SSL Cert (malware.rules)
2820431 - ETPRO MALWARE Redirector.Paco SSL Certificate Detected (searchly.org) (malware.rules)
2820791 - ETPRO MALWARE Ursnif Injects Domain in SNI (malware.rules)
2820792 - ETPRO MALWARE Ursnif Injects Domain in SNI (malware.rules)
2820793 - ETPRO MALWARE Ursnif Injects Domain in SNI (malware.rules)
2820794 - ETPRO MALWARE Ursnif Injects Domain in SNI (malware.rules)
2820978 - ETPRO MALWARE CryptXXX CnC Beacon 2 Response (malware.rules)
2821054 - ETPRO MALWARE Possible Gootkit CnC Domain in SNI (malware.rules)
2821055 - ETPRO MALWARE Possible Gootkit CnC Domain in SNI (malware.rules)
2821056 - ETPRO MALWARE Possible Gootkit CnC Domain in SNI (malware.rules)
2821057 - ETPRO MALWARE Possible Gootkit CnC Domain in SNI (malware.rules)
2821159 - ETPRO MALWARE Evil Redirector to EK SSL Cert (malware.rules)
2821161 - ETPRO MALWARE Malicious/Compromised SSL certificate detected (Terdot.A C2) (malware.rules)
2821317 - ETPRO MALWARE W32/VenusLocker Ransomware SSL Certificate Detected (malware.rules)
2821388 - ETPRO MALWARE Evil Redirector to EK SSL Cert Aug 1 2016 T1 (malware.rules)
2821527 - ETPRO MALWARE Pony CnC Domain in SSL Client Hello SNI (malware.rules)
2821528 - ETPRO MALWARE Pony CnC Domain in SSL Client Hello SNI (malware.rules)
2821529 - ETPRO MALWARE Pony CnC Domain in SSL Client Hello SNI (malware.rules)
2821530 - ETPRO MALWARE Pony CnC Domain in SSL Client Hello SNI (malware.rules)
2821531 - ETPRO MALWARE Pony CnC Domain in SSL Client Hello SNI (malware.rules)
2821568 - ETPRO MALWARE Possible Ursnif Injects Domain in SNI (malware.rules)
2821792 - ETPRO MALWARE Win32/Maptrepol.A SSL Certificate Detected (malware.rules)
2821803 - ETPRO MALWARE Possible Vawtrak Injects SSL Cert (malware.rules)
2822362 - ETPRO MALWARE Unknown PowerShell Fake Google SSL Cert (malware.rules)
2822390 - ETPRO MALWARE W32.Unknown CnC SSL Cert (malware.rules)
2822414 - ETPRO MALWARE Zloader Malicious SSL Cert Observed (malware.rules)
2822598 - ETPRO MALWARE Win32/CONFUCIUS_B SSL Cert (malware.rules)
2822781 - ETPRO MALWARE Observed PS Empire Downloader SSL Cert via MalDoc Oct 20 (malware.rules)
2822861 - ETPRO MALWARE JS/CardSkimming SSL Certificate Detected (malware.rules)
2823039 - ETPRO MALWARE RedTeam SSL Cert (malware.rules)
2823193 - ETPRO MALWARE Observed MalDoc Downloader SSL Cert Nov 09 (malware.rules)
2823243 - ETPRO MALWARE Observed Malicious Ransomware SSL Cert (WickedLocker) (malware.rules)
2823340 - ETPRO MALWARE Zloader CnC SSL Cert (malware.rules)
2824030 - ETPRO MALWARE Observed Malicious JS Downloader SSL Cert (malware.rules)
2824300 - ETPRO MALWARE MalDoc Downloader SSL Cert Jan 09 2017 (malware.rules)
2824462 - ETPRO MALWARE Madness DDOS SSL Cert (malware.rules)
2824682 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
2824806 - ETPRO MALWARE Unknown Backdoor SSL Cert (legitimate compromised site) (malware.rules)
2824931 - ETPRO MALWARE Observed Malicious JS Domain in SSL SNI (malware.rules)
2825459 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
2825561 - ETPRO MALWARE Possible Gozi ISFB/Dreambot DGA Domain in SNI (malware.rules)
2825567 - ETPRO MALWARE Possible Panda Banker DGA Lets Encrypt SSL Cert (malware.rules)
2825568 - ETPRO MALWARE Powershell Downloader Domain in SNI (malware.rules)
2825579 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
2826058 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
2826073 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
2826074 - ETPRO MALWARE ZLoader Malicious SSL Cert Observed (malware.rules)
2826207 - ETPRO MALWARE SMSDocu SSL Cert (malware.rules)
2826590 - ETPRO MALWARE Malicious JS Downloader Domain in SNI (malware.rules)
2826698 - ETPRO MALWARE Win32/Jeefo.B Domain in SNI (malware.rules)
2827010 - ETPRO MALWARE Win32/Vortex Ransomware Domain in SNI (malware.rules)
2827173 - ETPRO MALWARE Zyklon Malicious Domain in SNI Observed (malware.rules)
2827595 - ETPRO MALWARE Win32/Agent.SPU Malicious SSL Certificate Detected (malware.rules)
2827743 - ETPRO MALWARE Zloader Domain in SNI (storewideonline) (malware.rules)
2827818 - ETPRO MALWARE Fake Flash Update Watering Hole Attack Domain in SNI (malware.rules)
2828200 - ETPRO MALWARE Bladabindi Downloader Domain Observed in SNI (malware.rules)
2828269 - ETPRO MALWARE Malicious Domain CStrike C2 (blockbitcoin .com in TLS SNI) (malware.rules)
2828430 - ETPRO MALWARE Malicious Domain Panda Banker (tontrumuchtors .com in TLS SNI) (malware.rules)
2828513 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Domain Request in SNI (mobile_malware.rules)
2828546 - ETPRO MALWARE Observed Malicious Coinminer Downloader Domain in SNI (malware.rules)
2828663 - ETPRO MALWARE Gootkit Domain (sslsecure256 .com in SNI) (malware.rules)
2828664 - ETPRO MALWARE Gootkit Domain (ssl256cert .com in SNI) (malware.rules)
2829758 - ETPRO MALWARE Shifr/Shurl0cker Ransomware Onion Domain in SNI (u4hp32ms2u6s4x7q) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	291	November 22, 2023
Ruleset Update Summary - 2024/01/11 - v10505 Ruleset Updates	516	January 11, 2024
Ruleset Update Summary - 2023/05/03 - v10315 Ruleset Updates	303	May 3, 2023
Ruleset Update Summary - 2023/11/07 - v10460 Ruleset Updates	346	November 7, 2023
Ruleset Update Summary - 2024/02/08 - v10527 Ruleset Updates	302	February 8, 2024

Ruleset Update Summary - 2024/04/23 - v10581

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related Topics