Ruleset Update Summary - 2024/11/27 - v10756

rulesbot · November 27, 2024, 10:17pm

Summary:

1 new OPEN, 1 new PRO (1 + 0)

Added rules:

Open:

2054751 - ET INFO DYNAMIC_DNS Query to a * .bal-tazaar .be Domain (info.rules)

Modified inactive rules:

2014500 - ET INFO DYNAMIC_DNS Query to a *.flnet.org Domain (info.rules)
2023536 - ET MALWARE Observed Malicious SSL Cert (FlokiBot CnC) (malware.rules)
2024246 - ET MALWARE Observed Malicious SSL cert (pyteHole Ransomware) (malware.rules)
2024433 - ET MALWARE Observed Malicious SSL Cert (HiddenTear Variant CnC) (malware.rules)
2024757 - ET MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2024902 - ET MALWARE Observed Malicious SSL Cert (Snatch CnC) (malware.rules)
2024903 - ET MALWARE Observed Malicious SSL Cert (Snatch CnC) (malware.rules)
2026644 - ET MALWARE Observed Malicious SSL Cert (BrushaLoader Domain) (malware.rules)
2026659 - ET MALWARE Observed Malicious SSL Cert (BrushaLoader Domain) (malware.rules)
2026899 - ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC) (malware.rules)
2027222 - ET MALWARE Observed Malicious SSL Cert (Unattributed CnC) (malware.rules)
2027223 - ET MALWARE Observed Malicious SSL Cert (Unattributed CnC) (malware.rules)
2027414 - ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC) 2019-05-30 (malware.rules)
2029200 - ET MALWARE Observed Malicious SSL Cert (jssLoader CnC) (malware.rules)
2029245 - ET MALWARE Observed Malicious SSL Cert (ServHelper CnC) (malware.rules)
2029295 - ET MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2029296 - ET MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2030614 - ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc DL 2020-07-30) (malware.rules)
2035607 - ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server) (malware.rules)
2036832 - ET MALWARE Observed Malicious SSL Cert (Darkme CnC) (malware.rules)
2036833 - ET MALWARE Observed Malicious SSL Cert (Darkme CnC) (malware.rules)
2036834 - ET MALWARE Observed Malicious SSL Cert (Darkme CnC) (malware.rules)
2039688 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039689 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039690 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039691 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039692 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039693 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039694 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039695 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039696 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039697 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039698 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039699 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039700 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039701 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039702 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039703 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039704 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039705 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039706 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039707 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039708 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039709 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039710 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039711 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039712 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039713 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2039714 - ET MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2047656 - ET INFO DYNAMIC_DNS Query to a *.appia .com .au Domain (info.rules)
2048311 - ET MALWARE Observed Malicious SSL Cert (Cobalt Strike) (malware.rules)
2053723 - ET INFO DYNAMIC_DNS Query to a *.dyndns-at-home .com Domain (info.rules)
2054940 - ET INFO DYNAMIC_DNS Query to a * .avtosnoj .si Domain (info.rules)
2804176 - ETPRO INFO DYNAMIC_DNS Query to a *.ddns .mobi Domain (info.rules)
2804336 - ETPRO INFO DYNAMIC_DNS Query to a *.1dumb.com Domain (info.rules)
2804338 - ETPRO INFO DYNAMIC_DNS Query to a *.25u.com Domain (info.rules)
2821613 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda Banker) (malware.rules)
2821624 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda Injects) (malware.rules)
2821625 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda Injects) (malware.rules)
2822035 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2822233 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda) (malware.rules)
2822585 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda) (malware.rules)
2822694 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda) (malware.rules)
2822969 - ETPRO MALWARE Observed Malicious SSL Cert (Shifu CnC) (malware.rules)
2823286 - ETPRO MALWARE Observed Malicious SSL Cert (Gootkit CnC) (malware.rules)
2823327 - ETPRO MALWARE Observed Malicious SSL Cert (Gootkit CnC) (malware.rules)
2823397 - ETPRO MALWARE Observed Malicious SSL Cert (FlokiBot CnC) (malware.rules)
2823556 - ETPRO MALWARE Observed Malicious SSL Cert (FlokiBot CnC) (malware.rules)
2823623 - ETPRO MALWARE Observed Malicious SSL Cert (Vawtrak CnC) (malware.rules)
2823657 - ETPRO MALWARE Observed Malicious SSL Cert (JS/Ostap Downloader) (malware.rules)
2823673 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2823703 - ETPRO MALWARE Observed Malicious SSL Cert (FlokiBot CnC) (malware.rules)
2823704 - ETPRO MALWARE Observed Malicious SSL Cert (FlokiBot CnC) (malware.rules)
2823705 - ETPRO MALWARE Observed Malicious SSL Cert (FlokiBot CnC) (malware.rules)
2824448 - ETPRO MALWARE Observed Malicious SSL Cert (Gootkit) (malware.rules)
2824546 - ETPRO MALWARE Observed Malicious SSL Cert (Gootkit) (malware.rules)
2824690 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2825000 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2825386 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Variant) (malware.rules)
2825507 - ETPRO MALWARE Observed Malicious SSL Cert (Gozi ISFB/Dreambot) (malware.rules)
2825559 - ETPRO MALWARE Observed Malicious SSL Cert (Gozi ISFB/Dreambot) (malware.rules)
2826437 - ETPRO MALWARE Observed Malicious SSL Cert (Orcus RAT) (malware.rules)
2827244 - ETPRO MALWARE Observed Malicious SSL Cert (URLZone CnC) (malware.rules)
2827262 - ETPRO MALWARE Observed Malicious SSL Cert (Evil CoinMiner) (malware.rules)
2827395 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2827464 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2827746 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2827764 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2827991 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2828191 - ETPRO MALWARE Observed Malicious SSL Cert (Fake O356 Installer) (malware.rules)
2828332 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2828551 - ETPRO MALWARE Observed Malicious SSL Cert (Spymaster Keylogger Domain) (malware.rules)
2828585 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda CnC) (malware.rules)
2828665 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc HTA Download) (malware.rules)
2828781 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda) (malware.rules)
2828862 - ETPRO MALWARE Observed Malicious SSL Cert (Minergate Module DL) (malware.rules)
2828961 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2829075 - ETPRO MALWARE Observed Malicious SSL Cert (URLZone CnC) (malware.rules)
2829076 - ETPRO MALWARE Observed Malicious SSL Cert (Bateleur CnC) (malware.rules)
2829109 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2829228 - ETPRO MALWARE Observed Malicious SSL Cert (Dridex CnC) (malware.rules)
2829252 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda CnC) (malware.rules)
2829290 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2830327 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL 2018-04-10 2) (malware.rules)
2831053 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL 2018-05-29 2) (malware.rules)
2832214 - ETPRO MALWARE Observed Malicious SSL Cert (Zeus Panda CnC) (malware.rules)
2833190 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL 2018-10-18 2) (malware.rules)
2833520 - ETPRO MALWARE Observed Malicious SSL Cert (SocGholish Redirect) (malware.rules)
2833522 - ETPRO MALWARE Observed Malicious SSL Cert (ServHelper RAT CnC) (malware.rules)
2833861 - ETPRO MALWARE Observed Malicious SSL Cert (APT 34 CnC Domain) (malware.rules)
2833864 - ETPRO MALWARE Observed Malicious SSL Cert (BrushaLoader CnC) (malware.rules)
2833881 - ETPRO MALWARE Observed Malicious SSL Cert (ServHelper CnC) (malware.rules)
2833977 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2834074 - ETPRO MALWARE Observed Malicious SSL Cert (ServHelper CnC) (malware.rules)
2834172 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-01-02) (malware.rules)
2835199 - ETPRO MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC) (malware.rules)
2835695 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2835824 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2835917 - ETPRO MALWARE Observed Malicious SSL Cert (CoreDn Activity) (malware.rules)
2837006 - ETPRO MALWARE Observed Malicious SSL Cert (APT33 CnC) (malware.rules)
2837135 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2838194 - ETPRO MALWARE Observed Malicious SSL Cert (PsiXBot CnC) (malware.rules)
2838324 - ETPRO MALWARE Observed Malicious SSL Cert (DonotGroup CnC) (malware.rules)
2838428 - ETPRO MALWARE Observed Malicious SSL Cert (Inception Group CnC) (malware.rules)
2838429 - ETPRO MALWARE Observed Malicious SSL Cert (Inception Group CnC) (malware.rules)
2839083 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2839085 - ETPRO MALWARE Observed Malicious SSL Cert (SONE CnC) (malware.rules)
2839086 - ETPRO MALWARE Observed Malicious SSL Cert (CobInt CnC) (malware.rules)
2839796 - ETPRO MALWARE Observed Malicious SSL Cert (GRIFFON CnC) (malware.rules)
2839970 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2840046 - ETPRO MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
2840080 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2840114 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2840141 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) 2019-12-27 (malware.rules)
2840227 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) 2020-01-02 (malware.rules)
2840228 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) 2020-01-02 (malware.rules)
2840229 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) 2020-01-02 (malware.rules)
2840328 - ETPRO MALWARE Observed Malicious SSL Cert (Gozi CnC) (malware.rules)
2840357 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2840389 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2840390 - ETPRO MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
2840417 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) 2020-01-13 (malware.rules)
2840478 - ETPRO MALWARE Observed Malicious SSL Cert (Get2 CnC) (malware.rules)
2840506 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2840507 - ETPRO MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
2840508 - ETPRO MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
2840547 - ETPRO MALWARE Observed Malicious SSL Cert (Ursnif CnC) (malware.rules)
2840548 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) 2020-01-21 (malware.rules)
2840618 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2840740 - ETPRO MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
2840778 - ETPRO MALWARE Observed Malicious SSL Cert (DonotGroup CnC) (malware.rules)
2840781 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2840868 - ETPRO MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
2840869 - ETPRO MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
2841439 - ETPRO MALWARE Observed Malicious SSL Cert (IcedID CnC) (malware.rules)
2842302 - ETPRO MALWARE Observed Malicious SSL Cert (Strongpity CnC) (malware.rules)
2842774 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2843255 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2843260 - ETPRO MALWARE Observed Malicious SSL Cert (AZORult CnC) (malware.rules)
2845610 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2846761 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2847146 - ETPRO MALWARE Observed Malicious SSL Cert (OrcusRAT) (malware.rules)
2847151 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2847396 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2848048 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2848460 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2849067 - ETPRO MALWARE Observed Malicious SSL Cert (DCRAT Variant) (malware.rules)
2849254 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2849718 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2849840 - ETPRO MALWARE Observed Malicious SSL Cert (AsyncRAT) (malware.rules)
2850007 - ETPRO MALWARE Observed Malicious SSL Cert (Acme Co) (malware.rules)
2850279 - ETPRO MALWARE Observed Malicious SSL Cert (BazaLoader CnC) (malware.rules)
2850280 - ETPRO MALWARE Observed Malicious SSL Cert (BazaLoader CnC) (malware.rules)
2850552 - ETPRO MALWARE Observed Malicious SSL Cert (TeerD1) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/05/24 - v10603 Ruleset Updates	234	May 24, 2024
Ruleset Update Summary - 2024/07/22 - v10650 Ruleset Updates	76	July 22, 2024
Ruleset Update Summary - 2023/07/25 - v10379 Ruleset Updates	288	July 25, 2023
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	228	June 3, 2024
Ruleset Update Summary - 2023/09/05 - v10410 Ruleset Updates	286	September 5, 2023

Ruleset Update Summary - 2024/11/27 - v10756

Summary:

Added rules:

Open:

Modified inactive rules:

Related topics