Ruleset Update Summary - 2024/10/24 - v10727

rulesbot · October 24, 2024, 9:22pm

Summary:

11 new OPEN, 15 new PRO (11 + 4)

Added rules:

Open:

2057032 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (topwebsites3d .com) (exploit_kit.rules)
2057033 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (broworker10s .com) (exploit_kit.rules)
2057034 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (readytocheckline .com) (exploit_kit.rules)
2057035 - ET EXPLOIT_KIT Balada Domain in TLS SNI (topwebsites3d .com) (exploit_kit.rules)
2057036 - ET EXPLOIT_KIT Balada Domain in TLS SNI (broworker10s .com) (exploit_kit.rules)
2057037 - ET EXPLOIT_KIT Balada Domain in TLS SNI (readytocheckline .com) (exploit_kit.rules)
2057038 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (adullamglobal .com) (exploit_kit.rules)
2057039 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (adullamglobal .com) (exploit_kit.rules)
2057040 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cuansurga .cam) (exploit_kit.rules)
2057041 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cuansurga .cam) (exploit_kit.rules)
2057042 - ET HUNTING Fortinet FortiManager API DVM Add Device (hunting.rules)

Pro:

2858295 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) (malware.rules)
2858794 - ETPRO ATTACK_RESPONSE ReverseLoader Base64 Payload Inbound After HTTP Request With Minimal Headers (attack_response.rules)
2858795 - ETPRO MALWARE ReverseLoader Payload Request (GET) M2 (malware.rules)
2858796 - ETPRO MALWARE ReverseLoader Payload Request (GET) M1 (malware.rules)

Enabled and modified rules:

2054794 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (recordsbluemountain .com) (exploit_kit.rules)
2054795 - ET EXPLOIT_KIT Balada Domain in TLS SNI (recordsbluemountain .com) (exploit_kit.rules)

Disabled and modified rules:

2050556 - ET MALWARE SocGholish Domain in DNS Lookup (miner .eastestsite .com) (malware.rules)
2050557 - ET MALWARE SocGholish Domain in TLS SNI (miner .eastestsite .com) (malware.rules)
2053784 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (ryruhuu3 .xyz) (exploit_kit.rules)
2053785 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (ryruhuu3 .xyz) (exploit_kit.rules)
2055341 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (carnivalsale .com) (exploit_kit.rules)
2055342 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (boylegmfg .com) (exploit_kit.rules)
2055343 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (localdominationsystems .com) (exploit_kit.rules)
2055344 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (carnivalsale .com) (exploit_kit.rules)
2055345 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (boylegmfg .com) (exploit_kit.rules)
2055346 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (localdominationsystems .com) (exploit_kit.rules)
2055357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cafeespeciales .com) (exploit_kit.rules)
2055360 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cafeespeciales .com) (exploit_kit.rules)
2055371 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (iprotosample .com) (exploit_kit.rules)
2055372 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (iprotosample .com) (exploit_kit.rules)
2055383 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (expertcloud .xyz) (exploit_kit.rules)
2055384 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (expertcloud .xyz) (exploit_kit.rules)
2055396 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (queimaxofc .com) (exploit_kit.rules)
2055398 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (queimaxofc .com) (exploit_kit.rules)
2055405 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (codcraft .shop) (exploit_kit.rules)
2055406 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (codemingle .shop) (exploit_kit.rules)
2055407 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (datawiz .shop) (exploit_kit.rules)
2055408 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (deslgnpro .shop) (exploit_kit.rules)
2055409 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (happywave .shop) (exploit_kit.rules)
2055410 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckipath .shop) (exploit_kit.rules)
2055411 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (pixelsmith .shop) (exploit_kit.rules)
2055412 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (salesguru .online) (exploit_kit.rules)
2055413 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statlstic .shop) (exploit_kit.rules)
2055414 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statmaster .shop) (exploit_kit.rules)
2055415 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendset .website) (exploit_kit.rules)
2055416 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (vodog .shop) (exploit_kit.rules)
2055417 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artvislon .shop) (exploit_kit.rules)
2055418 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statistall .com) (exploit_kit.rules)
2055419 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (analytlx .shop) (exploit_kit.rules)
2055420 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (codcraft .shop) (exploit_kit.rules)
2055421 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (codemingle .shop) (exploit_kit.rules)
2055422 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (datawiz .shop) (exploit_kit.rules)
2055423 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (deslgnpro .shop) (exploit_kit.rules)
2055424 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (happywave .shop) (exploit_kit.rules)
2055425 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckipath .shop) (exploit_kit.rules)
2055426 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (pixelsmith .shop) (exploit_kit.rules)
2055427 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (salesguru .online) (exploit_kit.rules)
2055428 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statlstic .shop) (exploit_kit.rules)
2055429 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statmaster .shop) (exploit_kit.rules)
2055430 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendset .website) (exploit_kit.rules)
2055431 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (vodog .shop) (exploit_kit.rules)
2055432 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artvislon .shop) (exploit_kit.rules)
2055433 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statistall .com) (exploit_kit.rules)
2055434 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (analytlx .shop) (exploit_kit.rules)
2055435 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elmipardaz .com) (exploit_kit.rules)
2055436 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elmipardaz .com) (exploit_kit.rules)
2055437 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (skibidirizz .lol) (exploit_kit.rules)
2055438 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (skibidirizz .lol) (exploit_kit.rules)
2857688 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857690 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858640 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858641 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Removed rules:

2858295 - ETPRO HUNTING Reverse Base64 Encoded EXE Content-Type Mismatch (text/plain) (hunting.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/08/21 - v10671 Ruleset Updates	138	August 21, 2024
Ruleset Update Summary - 2024/10/30 - v10731 Ruleset Updates	192	October 30, 2024
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	180	July 15, 2024
Ruleset Update Summary - 2024/12/18 - v10810 Ruleset Updates	69	December 18, 2024
Ruleset Update Summary - 2024/10/21 - v10724 Ruleset Updates	104	October 21, 2024

Ruleset Update Summary - 2024/10/24 - v10727

Summary:

Added rules:

Open:

Pro:

Enabled and modified rules:

Disabled and modified rules:

Removed rules:

Related topics