Ruleset Update Summary - 2024/01/18 - v10509

rulesbot · January 18, 2024, 10:08pm

Summary:

90 new OPEN, 93 new PRO (90 + 3)

Added rules:

Open:

2050139 - ET INFO DYNAMIC_DNS Query to a *.fluxus .org Domain (info.rules)
2050140 - ET INFO DYNAMIC_DNS HTTP Request to a *.fluxus .org Domain (info.rules)
2050141 - ET INFO DYNAMIC_DNS Query to a *.jerkface .net Domain (info.rules)
2050142 - ET INFO DYNAMIC_DNS HTTP Request to a *.jerkface .net Domain (info.rules)
2050143 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (groannysoapblockedstiw .site) (malware.rules)
2050144 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (worrystitchsounddywuwp .site) (malware.rules)
2050145 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (weedpairfolkloredheryw .site) (malware.rules)
2050146 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (copyrightspareddcitwew .site) (malware.rules)
2050147 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (qualifiedbehaviorrykej .site) (malware.rules)
2050148 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (combinethemepiggerygoj .site) (malware.rules)
2050149 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lendremindcenterpassew .site) (malware.rules)
2050150 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (expenditureddisumilarwo .site) (malware.rules)
2050151 - ET MALWARE Observed Lumma Stealer Related Domain (groannysoapblockedstiw .site in TLS SNI) (malware.rules)
2050152 - ET MALWARE Observed Lumma Stealer Related Domain (worrystitchsounddywuwp .site in TLS SNI) (malware.rules)
2050153 - ET MALWARE Observed Lumma Stealer Related Domain (paperambiguonusphoterew .site in TLS SNI) (malware.rules)
2050154 - ET MALWARE Observed Lumma Stealer Related Domain (weedpairfolkloredheryw .site in TLS SNI) (malware.rules)
2050155 - ET MALWARE Observed Lumma Stealer Related Domain (copyrightspareddcitwew .site in TLS SNI) (malware.rules)
2050156 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (paperambiguonusphoterew .site) (malware.rules)
2050157 - ET MALWARE Observed Lumma Stealer Related Domain (expenditureddisumilarwo .site in TLS SNI) (malware.rules)
2050158 - ET MALWARE Observed Lumma Stealer Related Domain (combinethemepiggerygoj .site in TLS SNI) (malware.rules)
2050159 - ET MALWARE Observed Lumma Stealer Related Domain (qualifiedbehaviorrykej .site in TLS SNI) (malware.rules)
2050160 - ET MALWARE Observed Lumma Stealer Related Domain (lendremindcenterpassew .site in TLS SNI) (malware.rules)
2050161 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (accouncementdivecane .site) (malware.rules)
2050162 - ET MALWARE Observed Lumma Stealer Related Domain (accouncementdivecane .site in TLS SNI) (malware.rules)
2050163 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fleetconsciousnessjuiw .site) (malware.rules)
2050164 - ET MALWARE Observed Lumma Stealer Related Domain (fleetconsciousnessjuiw .site in TLS SNI) (malware.rules)
2050165 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (carpetcupboardtejjerew .site) (malware.rules)
2050166 - ET MALWARE Observed Lumma Stealer Related Domain (carpetcupboardtejjerew .site in TLS SNI) (malware.rules)
2050167 - ET INFO Observed DNS Over HTTPS Domain (fwgw .orangepipc .mywire .org in TLS SNI) (info.rules)
2050168 - ET INFO Observed DNS Over HTTPS Domain (dns .ours .luxe in TLS SNI) (info.rules)
2050169 - ET INFO Observed DNS Over HTTPS Domain (dns .mestdag .fr in TLS SNI) (info.rules)
2050170 - ET INFO Observed DNS Over HTTPS Domain (dns2 .nhgnet .de in TLS SNI) (info.rules)
2050171 - ET INFO Observed DNS Over HTTPS Domain (dns-privacy .puregeni .us in TLS SNI) (info.rules)
2050172 - ET INFO Observed DNS Over HTTPS Domain (secure-dns .pleumkungz .com in TLS SNI) (info.rules)
2050173 - ET INFO Observed DNS Over HTTPS Domain (inde .ragnvindr .org in TLS SNI) (info.rules)
2050174 - ET INFO Observed DNS Over HTTPS Domain (dns .pragmasec .nl in TLS SNI) (info.rules)
2050175 - ET INFO Observed DNS Over HTTPS Domain (dns .narl .app in TLS SNI) (info.rules)
2050176 - ET INFO Observed DNS Over HTTPS Domain (addns1 .m-it .ro in TLS SNI) (info.rules)
2050177 - ET INFO Observed DNS Over HTTPS Domain (lv .long-nguyen .info in TLS SNI) (info.rules)
2050178 - ET INFO Observed DNS Over HTTPS Domain (nilanjan .me in TLS SNI) (info.rules)
2050179 - ET INFO Observed DNS Over HTTPS Domain (adguard .oms-ctr .ru in TLS SNI) (info.rules)
2050180 - ET INFO Observed DNS Over HTTPS Domain (doh .niyaru .online in TLS SNI) (info.rules)
2050181 - ET INFO Observed DNS Over HTTPS Domain (dns .netraptor .com .au in TLS SNI) (info.rules)
2050182 - ET INFO Observed DNS Over HTTPS Domain (doh .mn-bonn .de in TLS SNI) (info.rules)
2050183 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (beatifulllhistory .com) (exploit_kit.rules)
2050184 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (bestselllerservice .com) (exploit_kit.rules)
2050185 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (clickandanalytics .com) (exploit_kit.rules)
2050186 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (compage .listwithstats .com) (exploit_kit.rules)
2050187 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (dataofpages .com) (exploit_kit.rules)
2050188 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (decentralappps .com) (exploit_kit.rules)
2050189 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (getmygateway .com) (exploit_kit.rules)
2050190 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (getsmallcount .com) (exploit_kit.rules)
2050191 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (greenfastline .com) (exploit_kit.rules)
2050192 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (gybritanalytsesystem .com) (exploit_kit.rules)
2050193 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (lineferaline .com) (exploit_kit.rules)
2050194 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (linestoget .com) (exploit_kit.rules)
2050195 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (playerofsunshine .com) (exploit_kit.rules)
2050196 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (promsmotion .com) (exploit_kit.rules)
2050197 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (selectchoise .com) (exploit_kit.rules)
2050198 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (selectofmychoices .com) (exploit_kit.rules)
2050199 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (specialnewspaper .com) (exploit_kit.rules)
2050200 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (specialtaskevents .com) (exploit_kit.rules)
2050201 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (startperfectsolutions .com) (exploit_kit.rules)
2050202 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (statisticplatform .com) (exploit_kit.rules)
2050203 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (statisticscripts .com) (exploit_kit.rules)
2050204 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (statisticsplatform .com) (exploit_kit.rules)
2050205 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (stratosbody .com) (exploit_kit.rules)
2050206 - ET EXPLOIT_KIT Balada Domain in TLS SNI (beatifulllhistory .com) (exploit_kit.rules)
2050207 - ET EXPLOIT_KIT Balada Domain in TLS SNI (bestselllerservice .com) (exploit_kit.rules)
2050208 - ET EXPLOIT_KIT Balada Domain in TLS SNI (clickandanalytics .com) (exploit_kit.rules)
2050209 - ET EXPLOIT_KIT Balada Domain in TLS SNI (compage .listwithstats .com) (exploit_kit.rules)
2050210 - ET EXPLOIT_KIT Balada Domain in TLS SNI (dataofpages .com) (exploit_kit.rules)
2050211 - ET EXPLOIT_KIT Balada Domain in TLS SNI (decentralappps .com) (exploit_kit.rules)
2050212 - ET EXPLOIT_KIT Balada Domain in TLS SNI (getmygateway .com) (exploit_kit.rules)
2050213 - ET EXPLOIT_KIT Balada Domain in TLS SNI (getsmallcount .com) (exploit_kit.rules)
2050214 - ET EXPLOIT_KIT Balada Domain in TLS SNI (greenfastline .com) (exploit_kit.rules)
2050215 - ET EXPLOIT_KIT Balada Domain in TLS SNI (gybritanalytsesystem .com) (exploit_kit.rules)
2050216 - ET EXPLOIT_KIT Balada Domain in TLS SNI (lineferaline .com) (exploit_kit.rules)
2050217 - ET EXPLOIT_KIT Balada Domain in TLS SNI (linestoget .com) (exploit_kit.rules)
2050218 - ET EXPLOIT_KIT Balada Domain in TLS SNI (playerofsunshine .com) (exploit_kit.rules)
2050219 - ET EXPLOIT_KIT Balada Domain in TLS SNI (promsmotion .com) (exploit_kit.rules)
2050220 - ET EXPLOIT_KIT Balada Domain in TLS SNI (selectchoise .com) (exploit_kit.rules)
2050221 - ET EXPLOIT_KIT Balada Domain in TLS SNI (selectofmychoices .com) (exploit_kit.rules)
2050222 - ET EXPLOIT_KIT Balada Domain in TLS SNI (specialnewspaper .com) (exploit_kit.rules)
2050223 - ET EXPLOIT_KIT Balada Domain in TLS SNI (specialtaskevents .com) (exploit_kit.rules)
2050224 - ET EXPLOIT_KIT Balada Domain in TLS SNI (startperfectsolutions .com) (exploit_kit.rules)
2050225 - ET EXPLOIT_KIT Balada Domain in TLS SNI (statisticplatform .com) (exploit_kit.rules)
2050226 - ET EXPLOIT_KIT Balada Domain in TLS SNI (statisticscripts .com) (exploit_kit.rules)
2050227 - ET EXPLOIT_KIT Balada Domain in TLS SNI (statisticsplatform .com) (exploit_kit.rules)
2050228 - ET EXPLOIT_KIT Balada Domain in TLS SNI (stratosbody .com) (exploit_kit.rules)

Pro:

2856177 - ETPRO MALWARE Win32/SSLoad Registration Activity (POST) (malware.rules)
2856178 - ETPRO MALWARE Win32/SSLoad Activity (POST) (malware.rules)
2856180 - ETPRO MALWARE Win32/Remcos Loader Requesting Payload (malware.rules)

Disabled and modified rules:

2014422 - ET ACTIVEX 2X Client for RDP ClientSystem Class ActiveX Control InstallClient Download and Execute (activex.rules)
2049141 - ET MALWARE SocGholish Domain in DNS Lookup (modification .grebcocontractors .com) (malware.rules)
2049143 - ET MALWARE SocGholish Domain in TLS SNI (modification .grebcocontractors .com) (malware.rules)
2049215 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (risenpeaches .org) (exploit_kit.rules)
2049216 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (risenpeaches .org) (exploit_kit.rules)
2049914 - ET MALWARE Gamaredon APT Related Maldoc Activity (GET) (malware.rules)
2804765 - ETPRO MALWARE Dirt Jumper/Russkill v5 Checkin (malware.rules)
2804967 - ETPRO MALWARE Win32/Bancos.AEW Checkin (malware.rules)
2805068 - ETPRO MALWARE Backdoor.Win32.Poison Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/05/20 - v10599 Ruleset Updates	147	May 20, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	463	February 20, 2024
Ruleset Update Summary - 2024/02/14 - v10532 Ruleset Updates	288	February 14, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	910	March 11, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	330	January 25, 2024

Ruleset Update Summary - 2024/01/18 - v10509

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related Topics