Ruleset Update Summary - 2023/12/01 - v10477

rulesbot · December 1, 2023, 10:02pm

Summary:

26 new OPEN, 26 new PRO (26 + 0)

Thanks @Unit42_Intel

Added rules:

Open:

2049416 - ET MALWARE Suspected ToddyCat APT Curlu Related Activity M1 (malware.rules)
2049417 - ET MALWARE Suspected ToddyCat APT Curlu Related Activity M2 (malware.rules)
2049418 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tirechinecarpett .pw) (malware.rules)
2049419 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (hemispheredonkkl .pw) (malware.rules)
2049420 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (musclefarelongea .pw) (malware.rules)
2049421 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ownerbuffersuperw .pw) (malware.rules)
2049422 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (freckletropsao .pw) (malware.rules)
2049423 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fanlumpactiras .pw) (malware.rules)
2049424 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (medicinebuckerrysa .pw) (malware.rules)
2049425 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (helpfulsteepyi .pw) (malware.rules)
2049426 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (definefolkeloi .pw) (malware.rules)
2049427 - ET PHISHING Suspected Evri Phish Landing Page 2023-12-01 (phishing.rules)
2049428 - ET MALWARE PS1/Lumma Stealer C2 Downloader (GET) (malware.rules)
2049429 - ET MALWARE DNS Query to Lumma Stealer Domain (2311forget .online) (malware.rules)
2049430 - ET MALWARE DNS Query to Lumma Stealer Domain (hijackson .org) (malware.rules)
2049431 - ET MALWARE Observed Lumma Stealer Domain in TLS SNI (2311forget .online) (malware.rules)
2049432 - ET MALWARE Observed Lumma Stealer Domain in TLS SNI (hijackson .org) (malware.rules)
2049433 - ET MALWARE Darkgate Stealer CnC Checkin (POST) M2 (malware.rules)
2049434 - ET MALWARE DNS Query to Darkgate Domain (saintelzearlava .com) (malware.rules)
2049435 - ET MALWARE DNS Query to Darkgate Domain (trans1ategooglecom .com) (malware.rules)
2049436 - ET MALWARE Observed Darkgate Domain (saintelzearlava .com in TLS SNI) (malware.rules)
2049437 - ET MALWARE Observed Darkgate Domain (trans1ategooglecom .com in TLS SNI) (malware.rules)
2049438 - ET HUNTING Successful PROPFIND Response for Application Media Type (hunting.rules)
2049439 - ET HUNTING WebDAV Retrieving .zip containing .exe (hunting.rules)
2049440 - ET HUNTING WebDAV Retrieving .zip (hunting.rules)
2049441 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/05 - v10545 Ruleset Updates	377	March 5, 2024
Ruleset Update Summary - 2024/02/14 - v10532 Ruleset Updates	207	February 14, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	344	February 20, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	366	March 11, 2024
Ruleset Update Summary - 2024/01/10 - v10503 Ruleset Updates	277	January 10, 2024

Ruleset Update Summary - 2023/12/01 - v10477

Summary:

Added rules:

Open:

Related Topics