Ruleset Update Summary - 2024/12/02 - v10780

Summary:

0 new OPEN, 0 new PRO (0 + 0)


Modified inactive rules:

  • 2035618 - ET PHISHING Generic Phishing Domain in DNS Lookup (info-getting-eu. com) (phishing.rules)

Disabled and modified rules:

  • 2026108 - ET EXPLOIT NUUO OS Command Injection M2 (exploit.rules)
  • 2034443 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M2 (malware.rules)
  • 2034444 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M3 (malware.rules)
  • 2034445 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M4 (malware.rules)
  • 2034447 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M6 (malware.rules)
  • 2034448 - ET MALWARE Win32/Trojan.Nymeria CnC Activity (GET) M7 (malware.rules)
  • 2034970 - ET EXPLOIT Sonicwall Unauthenticated Stack-Based Buffer Overflow (CVE-2021-20038) (exploit.rules)
  • 2035041 - ET MALWARE Win32/Variant.Zusy.402698 Checkin (malware.rules)
  • 2035097 - ET ADWARE_PUP Win32/GameHack.ADW CnC Activity (adware_pup.rules)
  • 2035188 - ET MALWARE Win32/Spy.Socelars.S CnC Activity M4 (GET) (malware.rules)
  • 2035368 - ET MALWARE MSIL/TrojanDownloader.Agent.JVN CnC Checkin (malware.rules)
  • 2035460 - ET MALWARE MSIL/TrojanDownloader.Agent.KUO CnC Activity M2 (malware.rules)
  • 2035696 - ET MALWARE Win32/WindowsDefender Bypass Download Request (malware.rules)
  • 2035729 - ET MALWARE Win32/POWERPLANT CnC Exfil (Query) (malware.rules)
  • 2035730 - ET MALWARE Win32/POWERPLANT CnC Exfil (INIT) (malware.rules)
  • 2035735 - ET MALWARE Win32/LOADOUT CnC Activity (malware.rules)
  • 2035932 - ET USER_AGENTS Observed Malicious User-Agent (FastInvoice) (user_agents.rules)
  • 2036317 - ET MALWARE Zingo/GinzoStealer Data Command List Fetch (malware.rules)
  • 2036681 - ET MALWARE Downloader/Win.MalXll.R466354 Payload Request (malware.rules)
  • 2036824 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2036825 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2036876 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2036877 - ET WEB_CLIENT [TW] WEBDAV UA (web_client.rules)
  • 2036878 - ET WEB_CLIENT [TW] CAB From Possible WebDAV Share Possible DiagCab Abuse Attempt (web_client.rules)
  • 2036879 - ET WEB_CLIENT [TW] CAB From Possible WebDAV Share Possible DiagCab Abuse Attempt (web_client.rules)
  • 2036881 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2036983 - ET MALWARE MalDoc Retrieving Qbot Payload 2022-06-14 (malware.rules)
  • 2036999 - ET MALWARE Maldoc Retrieving Payload 2022-06-15 (malware.rules)
  • 2037137 - ET USER_AGENTS Suspicious User-Agent (Windows Explorer) (user_agents.rules)
  • 2037746 - ET MALWARE MSIL/PSW.Discord.AIY CnC Exfil (malware.rules)
  • 2037747 - ET USER_AGENTS Suspicious User-Agent (kath) (user_agents.rules)
  • 2037766 - ET MALWARE Win32/H0lyGh0st Ransomware CnC Activity (GET Public Key) (malware.rules)
  • 2037767 - ET MALWARE Win32/H0lyGh0st Ransomware Exfil Activity (POST) (malware.rules)
  • 2037768 - ET MALWARE Win32/H0lyGh0st Ransomware CnC Response (malware.rules)
  • 2037774 - ET MALWARE Win32/H0lyGh0st CnC Activity (malware.rules)
  • 2037797 - ET MALWARE APT29/CloakedUrsa Google Drive Authentication (POST) (malware.rules)
  • 2037829 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2037830 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2037831 - ET MALWARE Cobalt Strike Activity (GET) (malware.rules)
  • 2037848 - ET PHISHING [TW] EvilProxy AiTM Set-Cookie (phishing.rules)
  • 2037850 - ET PHISHING [TW] EvilProxy AiTM Cookie Value M1 (phishing.rules)
  • 2037864 - ET PHISHING [TW] Robin Banks HTTP HOST M1 (phishing.rules)
  • 2037865 - ET PHISHING [TW] Robin Banks HTTP HOST M2 (phishing.rules)
  • 2037908 - ET MALWARE Possible T-RAT Encrypted Zip Request M2 (malware.rules)
  • 2849831 - ETPRO PHISHING Successful Facebook Phish 2021-09-01 (phishing.rules)
  • 2850865 - ETPRO MALWARE VBS/CageyChameleon CnC Beacon (malware.rules)
  • 2850891 - ETPRO HUNTING Suspicious Reversed String Inbound (mscoree.dll) (hunting.rules)
  • 2851131 - ETPRO MALWARE FinderBot Checkin/Requesting Payload M2 (malware.rules)
  • 2851205 - ETPRO MALWARE Win32/LokiBot Payload Download Request M1 (malware.rules)
  • 2851217 - ETPRO MALWARE Win32/PennyWise Stealer Exfil Via Telegram (malware.rules)
  • 2851232 - ETPRO MALWARE Browser Data Exfil Via Telegram (malware.rules)
  • 2851233 - ETPRO MALWARE YouTube Profile Exfil Via Telegram (malware.rules)
  • 2851234 - ETPRO MALWARE Crypto Wallet Exfil Via Telegram (malware.rules)
  • 2851289 - ETPRO MALWARE MSIL/TrojanDropper.Agent.FKR CnC Exfil (malware.rules)
  • 2851337 - ETPRO MALWARE User32.dll Download via Powershell (malware.rules)
  • 2851531 - ETPRO MALWARE MS Office Macro Qbot Download URI Apr 26 2022 (malware.rules)
  • 2851535 - ETPRO MALWARE Win32/Ursnif CnC Payload Request (malware.rules)
  • 2851550 - ETPRO MALWARE Win32/MetaStealer Fake Avast AV Update (GET) (malware.rules)
  • 2851572 - ETPRO MALWARE MalDoc Retrieving Qbot Payload 2022-05-03 (malware.rules)
  • 2851638 - ETPRO MALWARE PoshC2 CnC Response (200) M1 (malware.rules)
  • 2851639 - ETPRO MALWARE PoshC2 CnC Response (200) M2 (malware.rules)
  • 2851640 - ETPRO MALWARE PoshC2 CnC Response (200) M3 (malware.rules)
  • 2851641 - ETPRO MALWARE PoshC2 CnC Response (200) M4 (malware.rules)
  • 2851711 - ETPRO MALWARE Win32/Kryptik.HPRB Payload Request (GET) (malware.rules)
  • 2851728 - ETPRO ATTACK_RESPONSE Invoke-Obfuscation Concatenate String (DownloadString) (attack_response.rules)
  • 2851734 - ETPRO ATTACK_RESPONSE PowerShell Uint16 Encoding Obfuscation Inbound (attack_response.rules)
  • 2851735 - ETPRO MALWARE Njrat Payload Request (PE.txt) (malware.rules)
  • 2851839 - ETPRO MALWARE Possible MalDoc Retrieving Payload (2022-06-28) (malware.rules)
  • 2851847 - ETPRO MALWARE Unknown MalDoc CnC Activity (2022-06-29) (malware.rules)
  • 2851879 - ETPRO MALWARE LNK/TrojanDownloader.Agent.AS CnC Activity M1 (malware.rules)
  • 2851880 - ETPRO MALWARE LNK/TrojanDownloader.Agent.AS CnC Activity M2 (malware.rules)
  • 2851881 - ETPRO MALWARE LNK/TrojanDownloader.Agent.ASS CnC Activity M3 (malware.rules)
  • 2851929 - ETPRO MALWARE Unknown.BatScript CnC Activity M1 (malware.rules)
  • 2851930 - ETPRO MALWARE Unknown.BatScript Host Profile Exfil (malware.rules)
  • 2851931 - ETPRO MALWARE Unknown.BatScript CnC Activity M2 (malware.rules)
  • 2851932 - ETPRO MALWARE MSIL/Kryptik.AFSX CnC Checkin (malware.rules)
  • 2851979 - ETPRO MALWARE VBA/TrojanDownloader.Agent.SME CnC Activity (malware.rules)
  • 2852063 - ETPRO MALWARE Win32/Trojan-Dropper.MSIL.Sysn.gen CnC Exfil (malware.rules)