Ruleset Update Summary - 2024/07/11 - v10643

Ruleset Updates
1

Summary:

21 new OPEN, 21 new PRO (21 + 0)

Thanks @ValidinLLC, @CyberRaiju

Added rules:

Open:

  • 2054432 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (daslkjfhi2 .xyz) (exploit_kit.rules)
  • 2054433 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (daslkjfhi2 .xyz) (exploit_kit.rules)
  • 2054434 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (luxurycaborental .com) (exploit_kit.rules)
  • 2054435 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (luxurycaborental .com) (exploit_kit.rules)
  • 2054436 - ET MALWARE DNS Query to Malvertising Domain (advnanced-ip-scanner .com) (malware.rules)
  • 2054437 - ET MALWARE DNS Query to Malvertising Domain (ciltrix .com) (malware.rules)
  • 2054438 - ET MALWARE DNS Query to Malvertising Domain (doxy .ws) (malware.rules)
  • 2054439 - ET MALWARE DNS Query to Malvertising Domain (atssassian .com) (malware.rules)
  • 2054440 - ET MALWARE DNS Query to Malvertising Domain (doxy .icu) (malware.rules)
  • 2054441 - ET MALWARE DNS Query to Malvertising Domain (advannced-ip-scanner .com) (malware.rules)
  • 2054442 - ET MALWARE DNS Query to Malvertising Domain (angryip .icu) (malware.rules)
  • 2054443 - ET MALWARE Observed Malvertising Domain (advnanced-ip-scanner .com in TLS SNI) (malware.rules)
  • 2054444 - ET MALWARE Observed Malvertising Domain (ciltrix .com in TLS SNI) (malware.rules)
  • 2054445 - ET MALWARE Observed Malvertising Domain (doxy .ws in TLS SNI) (malware.rules)
  • 2054446 - ET MALWARE Observed Malvertising Domain (atssassian .com in TLS SNI) (malware.rules)
  • 2054447 - ET MALWARE Observed Malvertising Domain (doxy .icu in TLS SNI) (malware.rules)
  • 2054448 - ET MALWARE Observed Malvertising Domain (advannced-ip-scanner .com in TLS SNI) (malware.rules)
  • 2054449 - ET MALWARE Observed Malvertising Domain (angryip .icu in TLS SNI) (malware.rules)
  • 2054450 - ET MALWARE DNS Query to Malvertising Domain (advanced-port-scanner .com) (malware.rules)
  • 2054451 - ET MALWARE Observed Malvertising Domain (advanced-port-scanner .com in TLS SNI) (malware.rules)
  • 2054452 - ET MALWARE Fake IP Scanner CnC Checkin (GET) (malware.rules)