Ruleset Update Summary - 2024/05/09 - v10593

Summary:

14 new OPEN, 14 new PRO (14 + 0)

There will be no rule release on Friday 10th May due to a Proofpoint holiday.


Added rules:

Open:

  • 2052523 - ET MALWARE AutoIt3.exe Downloaded via Powershell (malware.rules)
  • 2052524 - ET MALWARE AutoIt3 Script Downloaded via Powershell Shortly After AutoIt3.exe Download (malware.rules)
  • 2052525 - ET MALWARE DarkGate CnC Exfil via AutoIt Payload (malware.rules)
  • 2052526 - ET INFO Document Sharing Site Domain Observed in DNS Query (docsend .com) (info.rules)
  • 2052527 - ET INFO Document Sharing Site Domain Observed in TLS SNI (docsend .com) (info.rules)
  • 2052528 - ET PHISHING Microsoft Phishing Domain in DNS Lookup (iapparel .top) (phishing.rules)
  • 2052529 - ET PHISHING Observed Microsoft Phishing Domain (iapparel .top) in TLS SNI (phishing.rules)
  • 2052530 - ET PHISHING Possible Microsoft Phishing HTML Class Tag (phishing.rules)
  • 2052531 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (consultantinsurance .net) (exploit_kit.rules)
  • 2052532 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (skylinehigh .com) (exploit_kit.rules)
  • 2052533 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (y9f6z0q1w2 .xyz) (exploit_kit.rules)
  • 2052534 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (consultantinsurance .net) (exploit_kit.rules)
  • 2052535 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (skylinehigh .com) (exploit_kit.rules)
  • 2052536 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (y9f6z0q1w2 .xyz) (exploit_kit.rules)