Ruleset Update Summary - 2024/02/09 - v10528

rulesbot · February 9, 2024, 9:47pm

Summary:

9 new OPEN, 11 new PRO (9 + 2)

Added rules:

Open:

2050778 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (flexibleagttypoceo .shop) (malware.rules)
2050779 - ET MALWARE Observed Lumma Stealer Related Domain (flexibleagttypoceo .shop in TLS SNI) (malware.rules)
2050780 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (exitassumebangpastcone .shop) (malware.rules)
2050781 - ET MALWARE Observed Lumma Stealer Related Domain (exitassumebangpastcone .shop in TLS SNI) (malware.rules)
2050782 - ET MALWARE Lumma Stealer Related Domain in DNS Lookup (vatleaflettrusteeooj .shop) (malware.rules)
2050783 - ET MALWARE Observed Lumma Stealer Related Domain (vatleaflettrusteeooj .shop in TLS SNI) (malware.rules)
2050784 - ET WEB_SPECIFIC_APPS Ivanti Connect Secure XXE Attempt (CVE-2024-22024) (web_specific_apps.rules)
2050785 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (ronreznick .com) (exploit_kit.rules)
2050786 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (ronreznick .com) (exploit_kit.rules)

Pro:

2856328 - ETPRO INFO Observed DNS Query to Commonly Abused Content Domain (info.rules)
2856329 - ETPRO INFO Observed Commonly Abused Content Domain in TLS SNI (info.rules)

Modified inactive rules:

2003648 - ET MALWARE Clicker.BC User Agent Detected (linkrunner) (malware.rules)
2003937 - ET MALWARE Bandook iwebho/BBB-phish trojan leaking user data (malware.rules)
2007686 - ET MALWARE E-Jihad 3.0 DDoS HTTP Activity OUTBOUND (malware.rules)
2007687 - ET MALWARE E-Jihad 3.0 DDoS HTTP Activity INBOUND (malware.rules)
2007911 - ET MALWARE Delf Download via HTTP (malware.rules)
2008195 - ET MALWARE Dropper mdodo.com Related Trojan (malware.rules)
2008196 - ET MALWARE Dropper 6dzone.com Related Trojan (malware.rules)
2008263 - ET MALWARE DNS Changer HTTP Post Checkin (malware.rules)
2008267 - ET MALWARE Banker.JU Related HTTP Post-infection Checkin (malware.rules)
2008283 - ET MALWARE Banload HTTP Checkin Detected (quem=) (malware.rules)
2009204 - ET MALWARE Crypt.CFI.Gen Checkin (malware.rules)
2009360 - ET MALWARE Bredolab Check In (malware.rules)
2009539 - ET MALWARE Downloader Infostealer - GET Checkin (malware.rules)
2009553 - ET MALWARE FAKE/ROGUE AV Encoded data= HTTP POST (malware.rules)
2009677 - ET WEB_SERVER Possible BASE Authentication Bypass Attempt (web_server.rules)
2013487 - ET EXPLOIT Likely Generic Java Exploit Attempt Request for Java to decimal host (exploit.rules)
2014200 - ET MALWARE Dapato/Cleaman Checkin (malware.rules)
2014357 - ET MALWARE W32/Kazy Checkin (malware.rules)
2014387 - ET MALWARE Generic Dropper User-Agent (XXXwww) (malware.rules)
2804665 - ETPRO MALWARE Backdoor.Win32.Hupigon.pdqt Checkin (malware.rules)
2804689 - ETPRO MALWARE Win32/Stoberox.A Checkin (malware.rules)

Disabled and modified rules:

2018004 - ET MOBILE_MALWARE Android/HeHe.Spy ReportMessageRequest CnC Beacon (mobile_malware.rules)
2018015 - ET MALWARE Limitless Logger Sending Data over SMTP (malware.rules)
2018017 - ET MALWARE Predator Logger Sending Data over SMTP (malware.rules)
2018018 - ET MALWARE Win32/Antilam.2_0 Sending Data over SMTP (malware.rules)
2018575 - ET MALWARE Possible Andromeda download with fake Zip header (1) (malware.rules)
2018576 - ET MALWARE Possible Andromeda download with fake Zip header (2) (malware.rules)
2807424 - ETPRO MALWARE Trojan-Dropper.Win32.Dorifel.hlu Checkin (malware.rules)
2807426 - ETPRO MALWARE Trojan.Win32.Badur.gboh Download (malware.rules)
2807467 - ETPRO MALWARE TrojanDownloader.Win32/Unruy.C checkin - SET 2 (malware.rules)
2807468 - ETPRO MALWARE TrojanDownloader Win32/Unruy.C Checkin 3 (malware.rules)
2807474 - ETPRO MALWARE Miniduke Checkin 2 (malware.rules)
2807476 - ETPRO MALWARE Win32/TrojanDownloader.Onkods.V Download (malware.rules)
2807482 - ETPRO MALWARE Win32/Startpage.JT Checkin (malware.rules)
2807501 - ETPRO MALWARE Win32/Spy.Banker.ZSX Download (malware.rules)
2807507 - ETPRO MALWARE Win32.Foreign.jowy 2 (malware.rules)
2807532 - ETPRO MALWARE W32/Banker.YNL!tr.spy sending info about infection via SMTP (malware.rules)
2826940 - ETPRO MALWARE AgentTesla Reporting Infection via FTP (malware.rules)
2826941 - ETPRO MALWARE AgentTesla Sending Screenshot via FTP (malware.rules)
2827070 - ETPRO ADWARE_PUP PUP/AdwareTesting24.B Checkin (adware_pup.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	173	March 25, 2024
Ruleset Update Summary - 2024/01/05 - v10500 Ruleset Updates	403	January 5, 2024
Ruleset Update Summary - 2024/02/05 - v10524 Ruleset Updates	327	February 5, 2024
Ruleset Update Summary - 2024/02/07 - v10526 Ruleset Updates	332	February 7, 2024
Ruleset Update Summary - 2024/04/01 - v10564 Ruleset Updates	150	April 1, 2024

Ruleset Update Summary - 2024/02/09 - v10528

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Related Topics