Ruleset Update Summary - 2023/12/01 - v10477

Summary:

26 new OPEN, 26 new PRO (26 + 0)

Thanks @Unit42_Intel


Added rules:

Open:

  • 2049416 - ET MALWARE Suspected ToddyCat APT Curlu Related Activity M1 (malware.rules)
  • 2049417 - ET MALWARE Suspected ToddyCat APT Curlu Related Activity M2 (malware.rules)
  • 2049418 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tirechinecarpett .pw) (malware.rules)
  • 2049419 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (hemispheredonkkl .pw) (malware.rules)
  • 2049420 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (musclefarelongea .pw) (malware.rules)
  • 2049421 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ownerbuffersuperw .pw) (malware.rules)
  • 2049422 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (freckletropsao .pw) (malware.rules)
  • 2049423 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fanlumpactiras .pw) (malware.rules)
  • 2049424 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (medicinebuckerrysa .pw) (malware.rules)
  • 2049425 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (helpfulsteepyi .pw) (malware.rules)
  • 2049426 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (definefolkeloi .pw) (malware.rules)
  • 2049427 - ET PHISHING Suspected Evri Phish Landing Page 2023-12-01 (phishing.rules)
  • 2049428 - ET MALWARE PS1/Lumma Stealer C2 Downloader (GET) (malware.rules)
  • 2049429 - ET MALWARE DNS Query to Lumma Stealer Domain (2311forget .online) (malware.rules)
  • 2049430 - ET MALWARE DNS Query to Lumma Stealer Domain (hijackson .org) (malware.rules)
  • 2049431 - ET MALWARE Observed Lumma Stealer Domain in TLS SNI (2311forget .online) (malware.rules)
  • 2049432 - ET MALWARE Observed Lumma Stealer Domain in TLS SNI (hijackson .org) (malware.rules)
  • 2049433 - ET MALWARE Darkgate Stealer CnC Checkin (POST) M2 (malware.rules)
  • 2049434 - ET MALWARE DNS Query to Darkgate Domain (saintelzearlava .com) (malware.rules)
  • 2049435 - ET MALWARE DNS Query to Darkgate Domain (trans1ategooglecom .com) (malware.rules)
  • 2049436 - ET MALWARE Observed Darkgate Domain (saintelzearlava .com in TLS SNI) (malware.rules)
  • 2049437 - ET MALWARE Observed Darkgate Domain (trans1ategooglecom .com in TLS SNI) (malware.rules)
  • 2049438 - ET HUNTING Successful PROPFIND Response for Application Media Type (hunting.rules)
  • 2049439 - ET HUNTING WebDAV Retrieving .zip containing .exe (hunting.rules)
  • 2049440 - ET HUNTING WebDAV Retrieving .zip (hunting.rules)
  • 2049441 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt (malware.rules)