Ruleset Update Summary - 2024/05/24 - v10603

rulesbot · May 24, 2024, 7:56pm

Summary:

5 new OPEN, 7 new PRO (5 + 2)

There will be no rule release on Monday, May 27th, 2024 on account of it being both a US and UK holiday.

2052881 - ET MALWARE Win32/Unknown Loader Related Activity M1 (POST) (malware.rules)
2052882 - ET MALWARE Win32/Unknown Loader Related Activity M2 (POST) (malware.rules)
2052883 - ET MALWARE Amadey CnC Domain in DNS Lookup (theclientisalwaysright .com) (malware.rules)
2052884 - ET MALWARE Observed Amadey Domain (theclientisalwaysright .com in TLS SNI) (malware.rules)
2052885 - ET EXPLOIT D-LINK Router DIR-645 / DIR-815 RCE (CVE-2014-100005) (exploit.rules)

2857030 - ETPRO MALWARE APT36/Transparent Tribe Related Domain in DNS Lookup (malware.rules)
2857031 - ETPRO MALWARE Observed APT36/Transparent Tribe Domain in TLS SNI (malware.rules)

2049142 - ET MALWARE SocGholish Domain in DNS Lookup (sermon .pastorbriantubbs .com) (malware.rules)
2049144 - ET MALWARE SocGholish Domain in TLS SNI (sermon .pastorbriantubbs .com) (malware.rules)
2049941 - ET MALWARE SocGholish Domain in DNS Lookup (retraining .allstardriving .org) (malware.rules)
2049942 - ET MALWARE SocGholish Domain in TLS SNI (retraining .allstardriving .org) (malware.rules)
2050071 - ET MALWARE SocGholish Domain in DNS Lookup (surprise .refillpantrysd .com) (malware.rules)
2050072 - ET MALWARE SocGholish Domain in TLS SNI (surprise .refillpantrysd .com) (malware.rules)
2051092 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (varinspector .com) (exploit_kit.rules)
2051094 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (varinspector .com) (exploit_kit.rules)
2051788 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .catching .fishingrealinvestments .com) (malware.rules)
2051789 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .catching .fishingrealinvestments .com) (malware.rules)
2051792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jsluna .com) (exploit_kit.rules)
2051793 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jsluna .com) (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	208	June 3, 2024
Ruleset Update Summary - 2023/11/07 - v10460 Ruleset Updates	378	November 7, 2023
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	345	November 22, 2023
Ruleset Update Summary - 2023/05/26 - v10333 Ruleset Updates	380	May 26, 2023
Ruleset Update Summary - 2023/05/03 - v10315 Ruleset Updates	353	May 3, 2023