Ruleset Update Summary - 2024/03/21 - v10557

rulesbot · March 21, 2024, 8:35pm

Summary:

1 new OPEN, 5 new PRO (1 + 4)

Added rules:

Open:

2051761 - ET MALWARE Possible HijackLoader Second Stage PNG Retrieval (malware.rules)

Pro:

2856508 - ETPRO MALWARE Qbot Related Domain in DNS Lookup (malware.rules)
2856509 - ETPRO MALWARE Observed Qbot Related Domain in TLS SNI (malware.rules)
2856510 - ETPRO MALWARE QBot Related Activity (POST) M10 (malware.rules)
2856511 - ETPRO MALWARE Win32/CopperShrimp Stealer Related Activity (POST) (malware.rules)

Modified inactive rules:

2803494 - ETPRO MALWARE Common Downloader POST Header Pattern POST ACtHUCo data= (malware.rules)
2804283 - ETPRO MALWARE Backdoor.Hupigon Checkin (malware.rules)
2808010 - ETPRO ADWARE_PUP Win32.Boaxxe.BL windowsupdate connectivity check (adware_pup.rules)
2825226 - ETPRO MALWARE Helminth/Oilrig CnC Beacon 2 (malware.rules)
2825309 - ETPRO MALWARE Win32.Emdivi CnC Beacon (malware.rules)
2827509 - ETPRO MALWARE Win32/Downloader.Banload.YAZ CnC Activity (malware.rules)

Disabled and modified rules:

2019353 - ET MALWARE Cryptolocker Checkin (malware.rules)
2019387 - ET POLICY SSL Certificate IRC GEEKS Likely Encrypted IRC or CnC (policy.rules)
2019400 - ET MALWARE Possible Bedep Connectivity Check (malware.rules)
2019717 - ET MALWARE Alureon Checkin (malware.rules)
2019759 - ET MALWARE Win32/Zemot Requesting PE (malware.rules)
2050962 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (theoryapparatusjuko .funy) (malware.rules)
2050963 - ET MALWARE Observed Lumma Stealer Related Domain (theoryapparatusjuko .funy in TLS SNI) (malware.rules)
2050964 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (greenbowelsustainny .fun) (malware.rules)
2050965 - ET MALWARE Observed Lumma Stealer Related Domain (greenbowelsustainny .fun in TLS SNI) (malware.rules)
2050966 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (theoryapparatusjuko .funl) (malware.rules)
2050967 - ET MALWARE Observed Lumma Stealer Related Domain (theoryapparatusjuko .funl in TLS SNI) (malware.rules)
2050968 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fikkeropendorwiw .pw) (malware.rules)
2050969 - ET MALWARE Observed Lumma Stealer Related Domain (fikkeropendorwiw .pw in TLS SNI) (malware.rules)
2050970 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (numberlesswortheiwol .shop) (malware.rules)
2050971 - ET MALWARE Observed Lumma Stealer Related Domain (numberlesswortheiwol .shop in TLS SNI) (malware.rules)
2050972 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (superiorhardwaerw .pw) (malware.rules)
2050973 - ET MALWARE Observed Lumma Stealer Related Domain (superiorhardwaerw .pw in TLS SNI) (malware.rules)
2050974 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pooreveningfuseor .pwl) (malware.rules)
2050976 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pwl in TLS SNI) (malware.rules)
2808888 - ETPRO MALWARE Win32/BrowserPassview Checkin via SMTP 2 (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/12/28 - v10495 Ruleset Updates	252	December 28, 2023
Ruleset Update Summary - 2023/12/20 - v10490 Ruleset Updates	216	December 20, 2023
Ruleset Update Summary - 2024/02/23 - v10539 Ruleset Updates	238	February 23, 2024
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	173	July 15, 2024
Ruleset Update Summary - 2023/12/27 - v10494 Ruleset Updates	279	December 27, 2023

Ruleset Update Summary - 2024/03/21 - v10557

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Related topics