Ruleset Update Summary - 2024/06/05 - v10610

rulesbot · June 5, 2024, 9:03pm

Summary:

37 new OPEN, 52 new PRO (37 + 15)

Thanks @jaydinbas, @James_inthe_box, @500mk500

Added rules:

Open:

2053236 - ET MALWARE DNS Query to MageCart Domain (ahedoob .shop) (malware.rules)
2053237 - ET MALWARE DNS Query to MageCart Domain (ctotech .store) (malware.rules)
2053238 - ET MALWARE DNS Query to MageCart Domain (drgibit .click) (malware.rules)
2053239 - ET MALWARE DNS Query to MageCart Domain (vidbent .shop) (malware.rules)
2053240 - ET MALWARE DNS Query to MageCart Domain (neznlink .store) (malware.rules)
2053241 - ET MALWARE DNS Query to MageCart Domain (sudtech .online) (malware.rules)
2053242 - ET MALWARE DNS Query to MageCart Domain (antelec .click) (malware.rules)
2053243 - ET MALWARE DNS Query to MageCart Domain (cvyatop .online) (malware.rules)
2053244 - ET MALWARE DNS Query to MageCart Domain (tutic .click) (malware.rules)
2053245 - ET MALWARE DNS Query to MageCart Domain (zarelec .quest) (malware.rules)
2053246 - ET MALWARE DNS Query to MageCart Domain (saponline .site) (malware.rules)
2053247 - ET MALWARE DNS Query to MageCart Domain (mistlink .online) (malware.rules)
2053248 - ET MALWARE DNS Query to MageCart Domain (reshnot .quest) (malware.rules)
2053249 - ET MALWARE DNS Query to MageCart Domain (zakit .quest) (malware.rules)
2053250 - ET MALWARE DNS Query to MageCart Domain (temninch .site) (malware.rules)
2053251 - ET MALWARE DNS Query to MageCart Domain (rijtech .shop) (malware.rules)
2053252 - ET MALWARE DNS Query to MageCart Domain (mokamob .site) (malware.rules)
2053253 - ET MALWARE Observed MageCart Domain (ctotech .store in TLS SNI) (malware.rules)
2053254 - ET MALWARE Observed MageCart Domain (drgibit .click in TLS SNI) (malware.rules)
2053255 - ET MALWARE Observed MageCart Domain (vidbent .shop in TLS SNI) (malware.rules)
2053256 - ET MALWARE Observed MageCart Domain (neznlink .store in TLS SNI) (malware.rules)
2053257 - ET MALWARE Observed MageCart Domain (sudtech .online in TLS SNI) (malware.rules)
2053258 - ET MALWARE Observed MageCart Domain (antelec .click in TLS SNI) (malware.rules)
2053259 - ET MALWARE Observed MageCart Domain (cvyatop .online in TLS SNI) (malware.rules)
2053260 - ET MALWARE Observed MageCart Domain (tutic .click in TLS SNI) (malware.rules)
2053261 - ET MALWARE Observed MageCart Domain (zarelec .quest in TLS SNI) (malware.rules)
2053262 - ET MALWARE Observed MageCart Domain (saponline .site in TLS SNI) (malware.rules)
2053263 - ET MALWARE Observed MageCart Domain (mistlink .online in TLS SNI) (malware.rules)
2053264 - ET MALWARE Observed MageCart Domain (reshnot .quest in TLS SNI) (malware.rules)
2053265 - ET MALWARE Observed MageCart Domain (zakit .quest in TLS SNI) (malware.rules)
2053266 - ET MALWARE Observed MageCart Domain (temninch .site in TLS SNI) (malware.rules)
2053267 - ET MALWARE Observed MageCart Domain (rijtech .shop in TLS SNI) (malware.rules)
2053268 - ET MALWARE Observed MageCart Domain (mokamob .site in TLS SNI) (malware.rules)
2053269 - ET MALWARE Spyder Loader CnC Checkin (malware.rules)
2053270 - ET MALWARE Spyder Loader CnC Domain in DNS Lookup (firebaseupdater .com) (malware.rules)
2053271 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (rdntocdns .com) (exploit_kit.rules)
2053272 - ET EXPLOIT_KIT Balada Domain in TLS SNI (rdntocdns .com) (exploit_kit.rules)

Pro:

2857136 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound to Balada (exploit_kit.rules)
2857137 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2857138 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2857139 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857140 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2857141 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2857142 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2857143 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2857144 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2857145 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2857146 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2857147 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2857148 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2857149 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2857150 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/05/07 - v10591 Ruleset Updates	224	May 7, 2024
Ruleset Update Summary - 2024/02/22 - v10538 Ruleset Updates	465	February 22, 2024
Ruleset Update Summary - 2023/07/25 - v10379 Ruleset Updates	288	July 25, 2023
Ruleset Update Summary - 2024/03/29 - v10563 Ruleset Updates	202	March 29, 2024
Ruleset Update Summary - 2023/05/15 - v10323 Ruleset Updates	348	May 15, 2023

Ruleset Update Summary - 2024/06/05 - v10610

Summary:

Added rules:

Open:

Pro:

Related topics