Ruleset Update Summary - 2024/08/13 - v10665

rulesbot · August 13, 2024, 8:30pm

Summary:

18 new OPEN, 37 new PRO (18 + 19)

Thanks @Huntio

Added rules:

Open:

2055246 - ET PHISHING TA453 Domain in DNS Lookup (d75 .site) (phishing.rules)
2055247 - ET PHISHING TA453 Domain in TLS SNI (d75 .site) (phishing.rules)
2055248 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bigdownload .xyz) (exploit_kit.rules)
2055249 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bigdownload .xyz) (exploit_kit.rules)
2055250 - ET MALWARE Oyster Backdoor Domain in DNS Lookup (supfoundrysettlers .us) (malware.rules)
2055251 - ET MALWARE Oyster Backdoor Domain in TLS SNI (supfoundrysettlers .us) (malware.rules)
2055252 - ET MALWARE Oyster Backdoor Domain in DNS Lookup (wherehomebe .com) (malware.rules)
2055253 - ET MALWARE Oyster Backdoor Domain in TLS SNI (wherehomebe .com) (malware.rules)
2055254 - ET MALWARE Oyster Backdoor Domain in DNS Lookup (retdirectyourman .eu) (malware.rules)
2055255 - ET MALWARE Oyster Backdoor Domain in DNS Lookup (codeforprofessionalusers .com) (malware.rules)
2055256 - ET MALWARE Oyster Backdoor Domain in DNS Lookup (postmastersoriginals .com) (malware.rules)
2055257 - ET MALWARE Oyster Backdoor Domain in DNS Lookup (firstcountryours .eu) (malware.rules)
2055258 - ET MALWARE Oyster Backdoor Domain in DNS Lookup (dotnetisforchildren .com) (malware.rules)
2055259 - ET MALWARE Oyster Backdoor Domain in TLS SNI (retdirectyourman .eu) (malware.rules)
2055260 - ET MALWARE Oyster Backdoor Domain in TLS SNI (codeforprofessionalusers .com) (malware.rules)
2055261 - ET MALWARE Oyster Backdoor Domain in TLS SNI (postmastersoriginals .com) (malware.rules)
2055262 - ET MALWARE Oyster Backdoor Domain in TLS SNI (firstcountryours .eu) (malware.rules)
2055263 - ET MALWARE Oyster Backdoor Domain in TLS SNI (dotnetisforchildren .com) (malware.rules)

Pro:

2857901 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2857902 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857903 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2857904 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2857905 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2857906 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2857907 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2857908 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2857909 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857910 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857911 - ETPRO PHISHING TA425 Domain in DNS Lookup (phishing.rules)
2857912 - ETPRO PHISHING TA425 Domain in DNS Lookup (phishing.rules)
2857913 - ETPRO PHISHING TA425 Domain in DNS Lookup (phishing.rules)
2857914 - ETPRO PHISHING TA425 Domain in DNS Lookup (phishing.rules)
2857915 - ETPRO PHISHING TA425 Domain in TLS SNI (phishing.rules)
2857916 - ETPRO PHISHING TA425 Domain in TLS SNI (phishing.rules)
2857917 - ETPRO PHISHING TA425 Domain in TLS SNI (phishing.rules)
2857918 - ETPRO PHISHING TA425 Domain in TLS SNI (phishing.rules)
2857919 - ETPRO MALWARE Oyster Backdoor CnC Checkin (malware.rules)

Removed rules:

2052445 - ET PHISHING TA453 Domain in DNS Lookup (phishing.rules)
2052446 - ET PHISHING TA453 Domain in TLS SNI (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/02/23 - v10539 Ruleset Updates	240	February 23, 2024
Ruleset Update Summary - 2023/08/29 - v10405 Ruleset Updates	271	August 29, 2023
Ruleset Update Summary - 2024/02/07 - v10526 Ruleset Updates	479	February 7, 2024
Ruleset Update Summary - 2023/06/20 - v10354 Ruleset Updates	245	June 20, 2023
Ruleset Update Summary - 2023/09/12 - v10415 Ruleset Updates	285	September 12, 2023

Ruleset Update Summary - 2024/08/13 - v10665

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related topics