Ruleset Update Summary - 2024/05/14 - v10595

rulesbot · May 14, 2024, 9:52pm

Summary:

31 new OPEN, 31 new PRO (31 + 0)

Thanks @RecordedFuture, @kevross33

Added rules:

Open:

2052580 - ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com) (info.rules)
2052581 - ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI) (info.rules)
2052582 - ET MALWARE DNS Query to AMOS Related Domain (iina-app .lat) (malware.rules)
2052583 - ET MALWARE DNS Query to AMOS Related Domain (lightpillar .lat) (malware.rules)
2052584 - ET MALWARE DNS Query to AMOS Related Domain (setapp .ink) (malware.rules)
2052585 - ET MALWARE DNS Query to AMOS Related Domain (cleanshot .ink) (malware.rules)
2052586 - ET MALWARE DNS Query to AMOS Related Domain (figma .lat) (malware.rules)
2052587 - ET MALWARE DNS Query to AMOS Related Domain (aptonic .xyz) (malware.rules)
2052588 - ET MALWARE DNS Query to AMOS Related Domain (sipapp .lat) (malware.rules)
2052589 - ET MALWARE DNS Query to AMOS Related Domain (password-app .pro) (malware.rules)
2052590 - ET MALWARE DNS Query to AMOS Related Domain (macbartender .lat) (malware.rules)
2052591 - ET MALWARE DNS Query to AMOS Related Domain (pixelmator .us) (malware.rules)
2052592 - ET MALWARE DNS Query to AMOS Related Domain (skylum .store) (malware.rules)
2052593 - ET MALWARE DNS Query to AMOS Related Domain (rize .lat) (malware.rules)
2052594 - ET MALWARE DNS Query to DarkComet RAT Domain (servicescraft .buzz) (malware.rules)
2052595 - ET MALWARE DNS Query to DarkComet RAT Domain (ultradelux .buzz) (malware.rules)
2052596 - ET MALWARE DNS Query to DarkComet RAT Domain (dekabristiney .fvds .ru) (malware.rules)
2052597 - ET MALWARE DNS Query to DarkComet RAT Domain (patrikbob100 .fvds .ru) (malware.rules)
2052598 - ET MALWARE Observed DarkComet RAT Domain (ultradelux .buzz in TLS SNI) (malware.rules)
2052599 - ET MALWARE Observed DarkComet RAT Domain (servicescraft .buzz in TLS SNI) (malware.rules)
2052600 - ET MALWARE Observed DarkComet RAT Domain (dekabristiney .fvds .ru in TLS SNI) (malware.rules)
2052601 - ET MALWARE Observed DarkComet RAT Domain (patrikbob100 .fvds .ru in TLS SNI) (malware.rules)
2052602 - ET MALWARE AMOS CnC Exfiltration - /joinsystem (POST) (malware.rules)
2052603 - ET MALWARE AMOS CnC Exfiltration - /sendlog (POST) (malware.rules)
2052604 - ET MALWARE AMOS CnC Exfiltration - /p2p (POST) M1 (malware.rules)
2052605 - ET MALWARE AMOS CnC Exfiltration - /p2p (POST) M2 (malware.rules)
2052606 - ET MALWARE Observed CopyFix Fake Update iframe Injection Attempt (malware.rules)
2052607 - ET MALWARE CopyFix Fake Update Related Domain in DNS Lookup (pley .es) (malware.rules)
2052608 - ET MALWARE CopyFix Fake Update Related Domain in TLS SNI (pley .es) (malware.rules)
2052609 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (advancedapiintegrations .com) (exploit_kit.rules)
2052610 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (advancedapiintegrations .com) (exploit_kit.rules)

Disabled and modified rules:

2856618 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2856659 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2856660 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2856661 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2856771 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2856818 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/07/22 - v10650 Ruleset Updates	71	July 22, 2024
Ruleset Update Summary - 2023/04/27 - v10309 Ruleset Updates	286	April 27, 2023
Ruleset Update Summary - 2024/07/16 - v10646 Ruleset Updates	77	July 16, 2024
Ruleset Update Summary - 2023/09/05 - v10410 Ruleset Updates	273	September 5, 2023
Ruleset Update Summary - 2023/04/14 - v10298 Ruleset Updates	352	April 14, 2023

Ruleset Update Summary - 2024/05/14 - v10595

Summary:

Added rules:

Open:

Disabled and modified rules:

Related Topics