Ruleset Update Summary - 2024/02/05 - v10524

rulesbot · February 5, 2024, 9:47pm

Summary:

25 new OPEN, 26 new PRO (25 + 1)

Thanks @Unit42_Intel

Added rules:

Open:

2050701 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (feturepoudbicchteo .shop) (malware.rules)
2050702 - ET MALWARE Observed Lumma Stealer Related Domain (feturepoudbicchteo .shop in TLS SNI) (malware.rules)
2050703 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (pavementpreferencewjiao .site) (malware.rules)
2050704 - ET MALWARE Observed Lumma Stealer Related Domain (pavementpreferencewjiao .site in TLS SNI) (malware.rules)
2050705 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (despairphtsograpgp .shop) (malware.rules)
2050706 - ET MALWARE Observed Lumma Stealer Related Domain (despairphtsograpgp .shop in TLS SNI) (malware.rules)
2050707 - ET INFO AnyDesk Revoked Code Signing Certificate Observed (info.rules)
2050708 - ET MALWARE Mispadu Stealer CnC Checkin M1 (malware.rules)
2050709 - ET MALWARE Mispadu Stealer CnC Checkin M2 (malware.rules)
2050710 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mysticselect .com) (exploit_kit.rules)
2050711 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (oemmasters .com) (exploit_kit.rules)
2050712 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mysticselect .com) (exploit_kit.rules)
2050713 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (oemmasters .com) (exploit_kit.rules)
2050714 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (webdatacache .com) (exploit_kit.rules)
2050715 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (share .clickstat360 .com) (exploit_kit.rules)
2050716 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (webdatacache .com) (exploit_kit.rules)
2050717 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (share .clickstat360 .com) (exploit_kit.rules)
2050718 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (tnoodlezy .com) (exploit_kit.rules)
2050719 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (gspiceyl .com) (exploit_kit.rules)
2050720 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (snackfunp .com) (exploit_kit.rules)
2050721 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (tnoodlezy .com) (exploit_kit.rules)
2050722 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (gspiceyl .com) (exploit_kit.rules)
2050723 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (snackfunp .com) (exploit_kit.rules)
2050724 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .our .openarmscv .org) (malware.rules)
2050725 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .our .openarmscv .org) (malware.rules)

Pro:

2856288 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Modified inactive rules:

2001907 - ET POLICY eBay Placing Item for sale (policy.rules)
2007639 - ET POLICY FOX,ABC On-demand UA (policy.rules)
2009896 - ET MALWARE Win32/Winwebsec User-Agent Detected (malware.rules)
2010823 - ET MALWARE Torpig Related Fake User-Agent (Apache (compatible…)) (malware.rules)
2011752 - ET GAMES TrackMania Request Connect (games.rules)
2050599 - ET MALWARE [ANY.RUN] ToneShell FakeTLS Response (APT Mustang Panda / Earth Preta) M1 (malware.rules)

Disabled and modified rules:

2049100 - ET INFO Observed DNS Over HTTPS Domain (adg .tshost .no in TLS SNI) (info.rules)
2050678 - ET MALWARE Suspected TA451 Related FalseFont Backdoor Response (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	930	March 11, 2024
Ruleset Update Summary - 2024/07/26 - v10654 Ruleset Updates	113	July 26, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	335	January 25, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	237	March 8, 2024
Ruleset Update Summary - 2024/08/26 - v10674 Ruleset Updates	127	August 26, 2024

Ruleset Update Summary - 2024/02/05 - v10524

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Related Topics