Ruleset Update Summary - 2024/01/23 - v10512

rulesbot · January 23, 2024, 9:58pm

Summary:

36 new OPEN, 47 new PRO (36 + 11)

Thanks @Gi7w0rm

Added rules:

Open:

2050340 - ET EXPLOIT Atlassian Confluence RCE Attempt Observed (CVE-2023-22527) (exploit.rules)
2050341 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (demonstratorleasheropw .site) (malware.rules)
2050342 - ET MALWARE Observed Lumma Stealer Related Domain (demonstratorleasheropw .site in TLS SNI) (malware.rules)
2050343 - ET INFO Observed DNS Over HTTPS Domain (adguard-home .server-on .net in TLS SNI) (info.rules)
2050344 - ET INFO Observed DNS Over HTTPS Domain (dns .jundev .org in TLS SNI) (info.rules)
2050345 - ET INFO Observed DNS Over HTTPS Domain (dns .skrzypiec .pl in TLS SNI) (info.rules)
2050346 - ET INFO Observed DNS Over HTTPS Domain (dns .schlagheck .berlin in TLS SNI) (info.rules)
2050347 - ET INFO Observed DNS Over HTTPS Domain (dns .retakecs .com in TLS SNI) (info.rules)
2050348 - ET INFO Observed DNS Over HTTPS Domain (privatnas .servebeer .com in TLS SNI) (info.rules)
2050349 - ET INFO Observed DNS Over HTTPS Domain (h .gjrick .tw in TLS SNI) (info.rules)
2050350 - ET INFO Observed DNS Over HTTPS Domain (dns2 .saferbfc .org in TLS SNI) (info.rules)
2050351 - ET INFO Observed DNS Over HTTPS Domain (dns .korzhyk .pp .ua in TLS SNI) (info.rules)
2050352 - ET INFO Observed DNS Over HTTPS Domain (adguardo .jimtay .uk in TLS SNI) (info.rules)
2050353 - ET INFO Observed DNS Over HTTPS Domain (dns .scarx .net in TLS SNI) (info.rules)
2050354 - ET INFO Observed DNS Over HTTPS Domain (adguard .rennes .despagne .net in TLS SNI) (info.rules)
2050355 - ET INFO Observed DNS Over HTTPS Domain (dns1 .klcd .eu in TLS SNI) (info.rules)
2050356 - ET INFO Observed DNS Over HTTPS Domain (ad .justincounts .com in TLS SNI) (info.rules)
2050357 - ET INFO Observed DNS Over HTTPS Domain (dns2 .klcd .eu in TLS SNI) (info.rules)
2050358 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .colors .usajicgu .com) (malware.rules)
2050359 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .colors .usajicgu .com) (malware.rules)
2050360 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (bonustop-price .life) (exploit_kit.rules)
2050361 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (allprizeshub .life) (exploit_kit.rules)
2050362 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (greatbonushere .top) (exploit_kit.rules)
2050363 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (prizes-topwin .life) (exploit_kit.rules)
2050364 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (womanflirting .life) (exploit_kit.rules)
2050365 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (a .crystalcraft .top) (exploit_kit.rules)
2050366 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (logsmetrics .com) (exploit_kit.rules)
2050367 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (webdatatrace .com) (exploit_kit.rules)
2050368 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (bonustop-price .life) (exploit_kit.rules)
2050369 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (allprizeshub .life) (exploit_kit.rules)
2050370 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (greatbonushere .top) (exploit_kit.rules)
2050371 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (prizes-topwin .life) (exploit_kit.rules)
2050372 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (womanflirting .life) (exploit_kit.rules)
2050373 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (a .crystalcraft .top) (exploit_kit.rules)
2050374 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (logsmetrics .com) (exploit_kit.rules)
2050375 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (webdatatrace .com) (exploit_kit.rules)

Pro:

2856225 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
2856226 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
2856227 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
2856228 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
2856229 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
2856230 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
2856231 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
2856232 - ETPRO MALWARE Win32/zgRAT Checkin (malware.rules)
2856233 - ETPRO MALWARE Win32/Unknown Loader Related Activity (GET) (malware.rules)
2856234 - ETPRO MALWARE Win32/Phemedrone Stealer Sending System Information M2 (POST) (malware.rules)
2856235 - ETPRO MALWARE Win32/Phemedrone Stealer Sending System Information M3 (POST) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/04/30 - v10586 Ruleset Updates	134	April 30, 2024
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	253	March 25, 2024
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	208	June 3, 2024
Ruleset Update Summary - 2023/10/10 - v10436 Ruleset Updates	345	October 10, 2023
Ruleset Update Summary - 2024/01/12 - v10506 Ruleset Updates	401	January 12, 2024

Ruleset Update Summary - 2024/01/23 - v10512

Summary:

Added rules:

Open:

Pro:

Related Topics