Ruleset Update Summary - 2024/05/01 - v10587

rulesbot · May 1, 2024, 9:14pm

Summary:

40 new OPEN, 44 new PRO (40 + 4)

Thanks boredhackerblog

Added rules:

Open:

2052319 - ET EXPLOIT Selenium Server Chrome 3.141.59 Remote Code Execution (exploit.rules)
2052320 - ET MALWARE TA402/Molerats Pierogi Variant Backdoor Activity (POST) (malware.rules)
2052321 - ET MALWARE Suspected TA401/AridViper APT BarbWire Backdoor Related Activity M1 (POST) (malware.rules)
2052322 - ET MALWARE Suspected TA401/AridViper APT BarbWire Backdoor Related Activity M2 (POST) (malware.rules)
2052323 - ET INFO DNS Query to Cloud Computing Domain (puter .com) (info.rules)
2052324 - ET INFO Observed Cloud Computing Domain (puter .com in TLS SNI) (info.rules)
2052325 - ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473) (web_specific_apps.rules)
2052326 - ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473) - Information Leak via show_sysinfo (web_specific_apps.rules)
2052327 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (wsj .wf) (exploit_kit.rules)
2052328 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (wsj .re) (exploit_kit.rules)
2052329 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (wsj .pm) (exploit_kit.rules)
2052330 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (wsj .wales) (exploit_kit.rules)
2052331 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (concur .pm) (exploit_kit.rules)
2052332 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (concur .re) (exploit_kit.rules)
2052333 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (concur .cfd) (exploit_kit.rules)
2052334 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (meet-go .click) (exploit_kit.rules)
2052335 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (blackrock .wf) (exploit_kit.rules)
2052336 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (blackrock .re) (exploit_kit.rules)
2052337 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (meet-go .org) (exploit_kit.rules)
2052338 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (meet-go .link) (exploit_kit.rules)
2052339 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (asana .tel) (exploit_kit.rules)
2052340 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (asana .wf) (exploit_kit.rules)
2052341 - ET EXPLOIT_KIT Malicious Google Ad Domain in DNS Lookup (asana .pm) (exploit_kit.rules)
2052342 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (wsj .wf) (exploit_kit.rules)
2052343 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (wsj .re) (exploit_kit.rules)
2052344 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (wsj .pm) (exploit_kit.rules)
2052345 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (wsj .wales) (exploit_kit.rules)
2052346 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (concur .pm) (exploit_kit.rules)
2052347 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (concur .re) (exploit_kit.rules)
2052348 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (concur .cfd) (exploit_kit.rules)
2052349 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (meet-go .click) (exploit_kit.rules)
2052350 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (blackrock .wf) (exploit_kit.rules)
2052351 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (blackrock .re) (exploit_kit.rules)
2052352 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (meet-go .org) (exploit_kit.rules)
2052353 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (meet-go .link) (exploit_kit.rules)
2052354 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (asana .tel) (exploit_kit.rules)
2052355 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (asana .wf) (exploit_kit.rules)
2052356 - ET EXPLOIT_KIT Malicious Google Ad Domain in TLS SNI (asana .pm) (exploit_kit.rules)
2052357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pdd888167 .top) (exploit_kit.rules)
2052358 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pdd888167 .top) (exploit_kit.rules)

Pro:

2856821 - ETPRO MALWARE Win32/UIDcl Stealer CnC Checkin (GET) (malware.rules)
2856822 - ETPRO MALWARE Win32/UIDcl Stealer CnC Response M1 (malware.rules)
2856823 - ETPRO MALWARE Win32/UIDcl Stealer CnC Response M2 (malware.rules)
2856824 - ETPRO MALWARE Win32/UIDcl Stealer CnC Response M3 (malware.rules)

Disabled and modified rules:

2017731 - ET EXPLOIT_KIT Possible Styx EK SilverLight Payload (exploit_kit.rules)
2022609 - ET MALWARE Panda Banker CnC (malware.rules)
2051877 - ET INFO Observed DNS Over HTTPS Domain (dns .spirio .fr in TLS SNI) (info.rules)
2815835 - ETPRO MALWARE Derusbi Variant CnC Beacon (malware.rules)
2819648 - ETPRO EXPLOIT_KIT SunDown/Xer Payload (URL Primer) (exploit_kit.rules)
2824975 - ETPRO MALWARE JS/Nemucod Retrieving Payload (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/10/16 - v10442 Ruleset Updates	348	October 16, 2023
Ruleset Update Summary - 2024/05/02 - v10588 Ruleset Updates	184	May 2, 2024
Ruleset Update Summary - 2023/10/23 - v10446 Ruleset Updates	462	October 23, 2023
Ruleset Update Summary - 2023/09/19 - v10420 Ruleset Updates	261	September 19, 2023
Ruleset Update Summary - 2024/04/29 - v10585 Ruleset Updates	236	April 29, 2024

Ruleset Update Summary - 2024/05/01 - v10587

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related Topics