Ruleset Update Summary - 2024/05/09 - v10593

rulesbot · May 9, 2024, 8:39pm

Summary:

14 new OPEN, 14 new PRO (14 + 0)

There will be no rule release on Friday 10th May due to a Proofpoint holiday.

2052523 - ET MALWARE AutoIt3.exe Downloaded via Powershell (malware.rules)
2052524 - ET MALWARE AutoIt3 Script Downloaded via Powershell Shortly After AutoIt3.exe Download (malware.rules)
2052525 - ET MALWARE DarkGate CnC Exfil via AutoIt Payload (malware.rules)
2052526 - ET INFO Document Sharing Site Domain Observed in DNS Query (docsend .com) (info.rules)
2052527 - ET INFO Document Sharing Site Domain Observed in TLS SNI (docsend .com) (info.rules)
2052528 - ET PHISHING Microsoft Phishing Domain in DNS Lookup (iapparel .top) (phishing.rules)
2052529 - ET PHISHING Observed Microsoft Phishing Domain (iapparel .top) in TLS SNI (phishing.rules)
2052530 - ET PHISHING Possible Microsoft Phishing HTML Class Tag (phishing.rules)
2052531 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (consultantinsurance .net) (exploit_kit.rules)
2052532 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (skylinehigh .com) (exploit_kit.rules)
2052533 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (y9f6z0q1w2 .xyz) (exploit_kit.rules)
2052534 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (consultantinsurance .net) (exploit_kit.rules)
2052535 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (skylinehigh .com) (exploit_kit.rules)
2052536 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (y9f6z0q1w2 .xyz) (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/08/14 - v10666 Ruleset Updates	61	August 14, 2024
Ruleset Update Summary - 2024/08/13 - v10665 Ruleset Updates	79	August 13, 2024
Ruleset Update Summary - 2025/04/16 - v10907 Ruleset Updates	50	April 16, 2025
Ruleset Update Summary - 2024/12/12 - v10800 Ruleset Updates	103	December 12, 2024
Ruleset Update Summary - 2023/09/20 - v10421 Ruleset Updates	311	September 20, 2023