Ruleset Update Summary - 2024/03/22 - v10558

Summary:

10 new OPEN, 10 new PRO (10 + 0)

Thanks @threatfabric, @assetnote


Added rules:

Open:

  • 2051762 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (brickbrothjorkyooe .shop) (malware.rules)
  • 2051763 - ET MALWARE Observed Lumma Stealer Related Domain (brickbrothjorkyooe .shop in TLS SNI) (malware.rules)
  • 2051764 - ET MOBILE_MALWARE Android Chameleon Banking Trojan Activity (POST) (mobile_malware.rules)
  • 2051765 - ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length (CVE-2024-21762) Vulnerability Scan Attempt (web_specific_apps.rules)
  • 2051766 - ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length Out of Bounds Write Remote Code Execution Attempt (CVE-2024-21762) - Heap Manipulation (web_specific_apps.rules)
  • 2051767 - ET INFO Observed DNS Query to Cloudflare workers.dev Domain (info.rules)
  • 2051768 - ET INFO Observed Cloudflare workers.dev Domain in TLS SNI (info.rules)
  • 2051769 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (keamcanyoncafe .com) (exploit_kit.rules)
  • 2051770 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (keamcanyoncafe .com) (exploit_kit.rules)
  • 2051771 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (testdomen .xyz) (exploit_kit.rules)

Modified inactive rules:

  • 2014107 - ET MALWARE Zeus POST Request to CnC - cookie variation (malware.rules)
  • 2038634 - ET MOBILE_MALWARE Android.Trojan.Banker.XJ Activity (mobile_malware.rules)

Disabled and modified rules:

  • 2014950 - ET WEB_SPECIFIC_APPS Nagios XI div parameter Cross-Site Scripting Attempt (web_specific_apps.rules)
  • 2049807 - ET MALWARE Brute Ratel Framework Related Domain in DNS Lookup (azureclouder .com) (malware.rules)
  • 2049808 - ET MALWARE Observed Brute Ratel Framework Related Domain (azureclouder .com in TLS SNI) (malware.rules)
  • 2805107 - ETPRO MALWARE Win32/Meredrop Checkin (malware.rules)