Ruleset Update Summary - 2024/09/04 - v10681

Ruleset Updates
1

Summary:

14 new OPEN, 60 new PRO (14 + 46)

Thanks @cyfirma

Added rules:

Open:

  • 2055724 - ET MALWARE Angry Stealer Data Exfiltration Attempt (malware.rules)
  • 2055725 - ET INFO DYNAMIC_DNS Query to a * .jokertv .eu Domain (info.rules)
  • 2055726 - ET INFO DYNAMIC_DNS HTTP Request to a * .jokertv .eu Domain (info.rules)
  • 2055727 - ET MALWARE Suspected TA416 Domain in DNS Lookup (bssn-gov .id) (malware.rules)
  • 2055728 - ET MALWARE Observed Suspected TA416 Domain (bssn-gov .id) in TLS SNI (malware.rules)
  • 2055729 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statspots .com) (exploit_kit.rules)
  • 2055730 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (horlzonhub .com) (exploit_kit.rules)
  • 2055731 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statspots .com) (exploit_kit.rules)
  • 2055732 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (horlzonhub .com) (exploit_kit.rules)
  • 2055733 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kineticrockburgers .com) (exploit_kit.rules)
  • 2055734 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theonerealsolution .com) (exploit_kit.rules)
  • 2055735 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kineticrockburgers .com) (exploit_kit.rules)
  • 2055736 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theonerealsolution .com) (exploit_kit.rules)
  • 2055737 - ET MALWARE Host Profile Exfiltration via Discord API (sysinfo.txt) (malware.rules)

Pro:

  • 2858247 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858248 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858249 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858250 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858251 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858252 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858253 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858254 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858255 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858256 - ETPRO MALWARE Observed DNS Query to RomCom/UNK_CopperClucker Domain (malware.rules)
  • 2858257 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858258 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858259 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858260 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858261 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858262 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858263 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858264 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858265 - ETPRO MALWARE Observed RomCom/UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2858266 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858267 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858268 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2858269 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2858270 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858271 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858272 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2858273 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858274 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858275 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858276 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858277 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858278 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2858279 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2858280 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2858281 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2858282 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2858283 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2858284 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2858285 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858286 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2858287 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858288 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2858289 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2858290 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858291 - ETPRO MALWARE TA582 CnC Checkin (malware.rules)
  • 2858294 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Enabled and modified rules:

  • 2021938 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (malware.rules)