Ruleset Update Summary - 2024/03/14 - v10552

rulesbot · March 14, 2024, 10:01pm

Summary:

23 new OPEN, 23 new PRO (23 + 0)

Thanks @tosscoinwitcher

Added rules:

Open:

2051643 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (asleepfulltytarrtw .shop) (malware.rules)
2051644 - ET MALWARE Observed Lumma Stealer Related Domain (asleepfulltytarrtw .shop in TLS SNI) (malware.rules)
2051645 - ET MALWARE DNS Query to DarkGate Domain (nextroundst .com) (malware.rules)
2051646 - ET MALWARE Observed DarkGate Domain (nextroundst .com in TLS SNI) (malware.rules)
2051647 - ET MALWARE DNS Query to DarkGate Domain (tjtmovers .com) (malware.rules)
2051648 - ET MALWARE DNS Query to DarkGate Domain (przvgke .biz) (malware.rules)
2051649 - ET MALWARE DNS Query to DarkGate Domain (knjghuig .biz) (malware.rules)
2051650 - ET MALWARE DNS Query to DarkGate Domain (kcyvxytog .biz) (malware.rules)
2051651 - ET MALWARE DNS Query to DarkGate Domain (eufxebus .biz) (malware.rules)
2051652 - ET MALWARE DNS Query to DarkGate Domain (napws .biz) (malware.rules)
2051653 - ET MALWARE DNS Query to DarkGate Domain (htwqzczce .biz) (malware.rules)
2051654 - ET MALWARE DNS Query to DarkGate Domain (cikivjto .biz) (malware.rules)
2051655 - ET MALWARE Observed DarkGate Domain (tjtmovers .com in TLS SNI) (malware.rules)
2051656 - ET MALWARE Observed DarkGate Domain (przvgke .biz in TLS SNI) (malware.rules)
2051657 - ET MALWARE Observed DarkGate Domain (knjghuig .biz in TLS SNI) (malware.rules)
2051658 - ET MALWARE Observed DarkGate Domain (kcyvxytog .biz in TLS SNI) (malware.rules)
2051659 - ET MALWARE Observed DarkGate Domain (eufxebus .biz in TLS SNI) (malware.rules)
2051660 - ET MALWARE Observed DarkGate Domain (napws .biz in TLS SNI) (malware.rules)
2051661 - ET MALWARE DarkGate CnC Activity (GET) M2 (malware.rules)
2051662 - ET MALWARE Observed DarkGate Domain (htwqzczce .biz in TLS SNI) (malware.rules)
2051663 - ET MALWARE Observed DarkGate Domain (cikivjto .biz in TLS SNI) (malware.rules)
2051664 - ET MALWARE DarkGate Payload Inbound (malware.rules)
2051665 - ET MALWARE NewBot Loader CnC Checkin (malware.rules)

Disabled and modified rules:

2047763 - ET MALWARE ZenRAT Tasking Command (malware.rules)
2047764 - ET MALWARE ZenRAT Tasking CnC Response M1 (malware.rules)
2047765 - ET MALWARE ZenRAT Tasking CnC Response M2 (malware.rules)
2050802 - ET MALWARE Observed MacOS RustDoor Related Domain (serviceicloud .com in TLS SNI) (malware.rules)
2050816 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bicyclesunhygenico .fun) (malware.rules)
2050817 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (reechoingkaolizationp .fun) (malware.rules)
2050818 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (antiuncontemporary .fun) (malware.rules)
2050819 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pielumchalotpostwo .fun) (malware.rules)
2050820 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (unexaminablespectrall .fun) (malware.rules)
2050821 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (muggierdragstemmio .fun) (malware.rules)
2050822 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fishboatnurrybeauti .fun) (malware.rules)
2050823 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mazumaponyanthus .fun) (malware.rules)
2050824 - ET MALWARE Observed Lumma Stealer Related Domain (bicyclesunhygenico .fun in TLS SNI) (malware.rules)
2050825 - ET MALWARE Observed Lumma Stealer Related Domain (reechoingkaolizationp .fun in TLS SNI) (malware.rules)
2050826 - ET MALWARE Observed Lumma Stealer Related Domain (antiuncontemporary .fun in TLS SNI) (malware.rules)
2050827 - ET MALWARE Observed Lumma Stealer Related Domain (pielumchalotpostwo .fun in TLS SNI) (malware.rules)
2050828 - ET MALWARE Observed Lumma Stealer Related Domain (unexaminablespectrall .fun in TLS SNI) (malware.rules)
2050829 - ET MALWARE Observed Lumma Stealer Related Domain (muggierdragstemmio .fun in TLS SNI) (malware.rules)
2050830 - ET MALWARE Observed Lumma Stealer Related Domain (fishboatnurrybeauti .fun in TLS SNI) (malware.rules)
2050831 - ET MALWARE Observed Lumma Stealer Related Domain (mazumaponyanthus .fun in TLS SNI) (malware.rules)
2050832 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bleednumberrottern .home) (malware.rules)
2050833 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (brakesummitfiightre .pics) (malware.rules)
2050834 - ET MALWARE Observed Lumma Stealer Related Domain (bleednumberrottern .home in TLS SNI) (malware.rules)
2050835 - ET MALWARE Observed Lumma Stealer Related Domain (brakesummitfiightre .pics in TLS SNI) (malware.rules)
2050836 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lawwormroleveinn .mom) (malware.rules)
2050837 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (baresoakopiniocowe .fun) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/09/15 - v10418 Ruleset Updates	280	September 15, 2023
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	405	March 11, 2024
Ruleset Update Summary - 2024/03/05 - v10545 Ruleset Updates	394	March 5, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	192	March 8, 2024
Ruleset Update Summary - 2024/02/16 - v10534 Ruleset Updates	209	February 16, 2024

Ruleset Update Summary - 2024/03/14 - v10552

Summary:

Added rules:

Open:

Disabled and modified rules:

Related Topics