Ruleset Update Summary - 2024/03/15 - v10553

Ruleset Updates
1

Summary:

3 new OPEN, 6 new PRO (3 + 3)

Added rules:

Open:

  • 2051666 - ET EXPLOIT Viessmann Vitogate 300 Command Injection Attempt (CVE-2023-5702) (exploit.rules)
  • 2051667 - ET WEB_SPECIFIC_APPS Ruijie Network Switches Unauthenticated Command Execution (web_specific_apps.rules)
  • 2051668 - ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333) (web_specific_apps.rules)

Pro:

  • 2856490 - ETPRO INFO Mocky GET Request (info.rules)
  • 2856491 - ETPRO INFO Successful Redirect from Mocky M1 (info.rules)
  • 2856492 - ETPRO INFO Successful Redirect from Mocky M2 (info.rules)

Modified inactive rules:

  • 2801346 - ETPRO EXPLOIT HP OpenView Performance Insight Server Backdoor Account Code Execution (exploit.rules)
  • 2808854 - ETPRO MALWARE TROJANCLICKER.MSIL/EZBRO.A Checkin (malware.rules)

Disabled and modified rules:

  • 2016450 - ET MALWARE Backdoor.Win32/Likseput.A Checkin (malware.rules)
  • 2018793 - ET MALWARE EUPUDS.A Requests for Boleto replacement (malware.rules)
  • 2050841 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (developmentalveiop .home) (malware.rules)
  • 2050842 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (hunterstrawmersp .home) (malware.rules)
  • 2050843 - ET MALWARE Observed Lumma Stealer Related Domain (lawwormroleveinn .mom in TLS SNI) (malware.rules)
  • 2050844 - ET MALWARE Observed Lumma Stealer Related Domain (baresoakopiniocowe .fun in TLS SNI) (malware.rules)
  • 2050845 - ET MALWARE Observed Lumma Stealer Related Domain (baketransparentadw .pics in TLS SNI) (malware.rules)
  • 2050846 - ET MALWARE Observed Lumma Stealer Related Domain (legislationdictater .mom in TLS SNI) (malware.rules)
  • 2050847 - ET MALWARE Observed Lumma Stealer Related Domain (mercyaloofprincipleo .pics in TLS SNI) (malware.rules)
  • 2050848 - ET MALWARE Observed Lumma Stealer Related Domain (developmentalveiop .home in TLS SNI) (malware.rules)
  • 2050849 - ET MALWARE Observed Lumma Stealer Related Domain (hunterstrawmersp .home in TLS SNI) (malware.rules)
  • 2050850 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ironshottallinko .funu) (malware.rules)
  • 2050851 - ET MALWARE Observed Lumma Stealer Related Domain (ironshottallinko .funu in TLS SNI) (malware.rules)
  • 2050852 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lawwormroleveinn .momu) (malware.rules)
  • 2050853 - ET MALWARE Observed Lumma Stealer Related Domain (lawwormroleveinn .momu in TLS SNI) (malware.rules)
  • 2050854 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (scshemevalleywelferw .site) (malware.rules)
  • 2050855 - ET MALWARE Observed Lumma Stealer Related Domain (scshemevalleywelferw .site in TLS SNI) (malware.rules)
  • 2050868 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fossillandscapefewkew .site) (malware.rules)
  • 2050869 - ET MALWARE Observed Lumma Stealer Related Domain (fossillandscapefewkew .site in TLS SNI) (malware.rules)
  • 2050870 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (townsfolkhiwoeko .fun) (malware.rules)
  • 2050871 - ET MALWARE Observed Lumma Stealer Related Domain (townsfolkhiwoeko .fun in TLS SNI) (malware.rules)
  • 2050872 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (colonmoonmushroo .mom) (malware.rules)
  • 2050873 - ET MALWARE Observed Lumma Stealer Related Domain (colonmoonmushroo .mom in TLS SNI) (malware.rules)
  • 2804408 - ETPRO MALWARE Mal/Simda-C Install (malware.rules)
  • 2808485 - ETPRO ADWARE_PUP Win32/AdWare.ICLoader.A Checkin (adware_pup.rules)