Ruleset Update Summary - 2024/05/23 - v10602

rulesbot · May 23, 2024, 8:52pm

Summary:

37 new OPEN, 37 new PRO (37 + 0)

Thanks @karol_paciorek

There will be no rule release on Monday, May 27th, 2024 on account of it being both a US and UK holiday.

Added rules:

Open:

2052844 - ET MALWARE DNS Query to pcTattletale Spyware Domain (pctattletale .com) (malware.rules)
2052845 - ET MALWARE Observed pcTattletale Spyware Domain (pctattletale .com in TLS SNI) (malware.rules)
2052846 - ET MALWARE DNS Query to pcTattletale Spyware Domain (pctattletalev2 .s3 .amazonaws .com) (malware.rules)
2052847 - ET MALWARE Observed Observed pcTattletale Spyware Domain (pctattletalev2 .s3 .amazonaws .com in TLS SNI) (malware.rules)
2052848 - ET MALWARE pcTattletale Software Installer Request (GET) (malware.rules)
2052849 - ET MALWARE DNS Query to Remcos Related Domain (meetre1ms .freeddns .org) (malware.rules)
2052850 - ET MALWARE DNS Query to Remcos Related Domain (promote-diff-string-clerk .trycloudflare .com) (malware.rules)
2052851 - ET MALWARE DNS Query to Remcos Related Domain (bbhmeetre1ms .freeddns .org) (malware.rules)
2052852 - ET MALWARE DNS Query to Remcos Related Domain (mysweeterbk .ddns .net) (malware.rules)
2052853 - ET MALWARE DNS Query to Remcos Related Domain (myumysmeetr .ddns .net) (malware.rules)
2052854 - ET MALWARE Observed Remcos Related Domain (meetre1ms .freeddns .org in TLS SNI) (malware.rules)
2052855 - ET MALWARE Observed Remcos Related Domain (mysweeterbk .ddns .net in TLS SNI) (malware.rules)
2052856 - ET MALWARE Observed Remcos Related Domain (promote-diff-string-clerk .trycloudflare .com in TLS SNI) (malware.rules)
2052857 - ET MALWARE Observed Remcos Related Domain (myumysmeetr .ddns .net in TLS SNI) (malware.rules)
2052858 - ET MALWARE Observed Remcos Related Domain (bbhmeetre1ms .freeddns .org in TLS SNI) (malware.rules)
2052859 - ET MALWARE ClearFake CnC Domain in DNS Lookup (cdnforfiles .xyz) (malware.rules)
2052860 - ET MALWARE ClearFake CnC Domain in DNS Lookup (baqebei1 .online) (malware.rules)
2052861 - ET MALWARE ClearFake CnC Domain in DNS Lookup (changelink .site) (malware.rules)
2052862 - ET MALWARE Observed ClearFake Domain (cdnforfiles .xyz in TLS SNI) (malware.rules)
2052863 - ET MALWARE Observed ClearFake Domain (baqebei1 .online in TLS SNI) (malware.rules)
2052864 - ET MALWARE Observed ClearFake Domain (changelink .site in TLS SNI) (malware.rules)
2052865 - ET MALWARE Dora RAT CnC Domain in DNS Lookup (kmobile .bestunif .com) (malware.rules)
2052866 - ET MALWARE Observed Dora RAT Domain (kmobile .bestunif .com) in TLS SNI (malware.rules)
2052867 - ET MALWARE UAC-0006 Related Domain in DNS Lookup (picwalldoor .ru) (malware.rules)
2052868 - ET MALWARE UAC-0006 Related Domain in DNS Lookup (sephoraofficetz .ru) (malware.rules)
2052869 - ET MALWARE UAC-0006 Related Domain in DNS Lookup (ccbaminumpot .ru (sinkholed)) (malware.rules)
2052870 - ET MALWARE UAC-0006 Related Domain in DNS Lookup (rafraystore .ru) (malware.rules)
2052871 - ET MALWARE UAC-0006 Related Domain in DNS Lookup (agentsuperpupervinil .ru) (malware.rules)
2052872 - ET MALWARE UAC-0006 Related Domain in DNS Lookup (vivianstyler .ru) (malware.rules)
2052873 - ET MALWARE UAC-0006 Related Domain in DNS Lookup (monopoliafromyou .ru) (malware.rules)
2052874 - ET MALWARE UAC-0006 Related Domain in DNS Lookup (vikompalion .ru (sinkholed)) (malware.rules)
2052875 - ET MALWARE Unknown RAT CnC Checkin (malware.rules)
2052876 - ET MALWARE Unknown RAT CnC Checkin (malware.rules)
2052877 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (georgiaprivateinvestigations .com) (exploit_kit.rules)
2052878 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (georgiaprivateinvestigations .com) (exploit_kit.rules)
2052879 - ET MALWARE SocGholish Domain in DNS Lookup (africa .thesmalladventureguide .com) (malware.rules)
2052880 - ET MALWARE SocGholish Domain in TLS SNI (africa .thesmalladventureguide .com) (malware.rules)

Disabled and modified rules:

2050104 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (scorelineupdate .com) (exploit_kit.rules)
2050105 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (phinetik .com) (exploit_kit.rules)
2051769 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (keamcanyoncafe .com) (exploit_kit.rules)
2051770 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (keamcanyoncafe .com) (exploit_kit.rules)
2856912 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/05/24 - v10603 Ruleset Updates	231	May 24, 2024
Ruleset Update Summary - 2024/05/06 - v10590 Ruleset Updates	321	May 6, 2024
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	349	November 22, 2023
Ruleset Update Summary - 2023/09/25 - v10424 Ruleset Updates	278	September 25, 2023
Ruleset Update Summary - 2024/02/26 - v10540 Ruleset Updates	297	February 26, 2024

Ruleset Update Summary - 2024/05/23 - v10602

Summary:

Added rules:

Open:

Disabled and modified rules:

Related topics