Ruleset Update Summary - 2024/04/04 - v10568

rulesbot · April 4, 2024, 8:56pm

Summary:

30 new OPEN, 30 new PRO (30 + 0)

Added rules:

Open:

2051915 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (marchsensedjurkey .shop) (malware.rules)
2051916 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (abuselinenaidwjuew .shop) (malware.rules)
2051917 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (methodgreenglassdatw .shop) (malware.rules)
2051918 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (colorprioritytubbew .shop) (malware.rules)
2051919 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (disagreemenywyws .shop) (malware.rules)
2051920 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (birdpenallitysydw .shop) (malware.rules)
2051921 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fixturewordbakewos .shop) (malware.rules)
2051922 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cinemaclinicttanwk .shop) (malware.rules)
2051923 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (speedparticipatewo .shop) (malware.rules)
2051924 - ET MALWARE Observed Lumma Stealer Related Domain (marchsensedjurkey .shop in TLS SNI) (malware.rules)
2051925 - ET MALWARE Observed Lumma Stealer Related Domain (abuselinenaidwjuew .shop in TLS SNI) (malware.rules)
2051926 - ET MALWARE Observed Lumma Stealer Related Domain (methodgreenglassdatw .shop in TLS SNI) (malware.rules)
2051927 - ET MALWARE Observed Lumma Stealer Related Domain (colorprioritytubbew .shop in TLS SNI) (malware.rules)
2051928 - ET MALWARE Observed Lumma Stealer Related Domain (disagreemenywyws .shop in TLS SNI) (malware.rules)
2051929 - ET MALWARE Observed Lumma Stealer Related Domain (birdpenallitysydw .shop in TLS SNI) (malware.rules)
2051930 - ET MALWARE Observed Lumma Stealer Related Domain (fixturewordbakewos .shop in TLS SNI) (malware.rules)
2051931 - ET MALWARE Observed Lumma Stealer Related Domain (cinemaclinicttanwk .shop in TLS SNI) (malware.rules)
2051932 - ET MALWARE Observed Lumma Stealer Related Domain (speedparticipatewo .shop in TLS SNI) (malware.rules)
2051933 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (appliedgrandyjuiw .shop) (malware.rules)
2051934 - ET MALWARE Observed Lumma Stealer Related Domain (appliedgrandyjuiw .shop in TLS SNI) (malware.rules)
2051935 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (concessionofsellerwo .shop) (malware.rules)
2051936 - ET MALWARE Observed Lumma Stealer Related Domain (concessionofsellerwo .shop in TLS SNI) (malware.rules)
2051937 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (shiverdreammyseaemw .shop) (malware.rules)
2051938 - ET MALWARE Observed Lumma Stealer Related Domain (shiverdreammyseaemw .shop in TLS SNI) (malware.rules)
2051939 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (edelmiramejiaterapeutacosmica .com) (exploit_kit.rules)
2051940 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (replacegarbagedisposal .com) (exploit_kit.rules)
2051941 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (edelmiramejiaterapeutacosmica .com) (exploit_kit.rules)
2051942 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (replacegarbagedisposal .com) (exploit_kit.rules)
2051943 - ET HUNTING Possible Kobold Letters CSS in Email M1 (hunting.rules)
2051944 - ET HUNTING Possible Kobold Letters CSS in Email M2 (hunting.rules)

Modified inactive rules:

2021586 - ET MALWARE Possible Dyre SSL Cert (non-ASCII) Jul 21 2015 (malware.rules)
2021735 - ET MALWARE Possible Dyre SSL Cert Aug 31 2015 (malware.rules)
2021736 - ET MALWARE Possible Dyre SSL Cert Aug 31 2015 (malware.rules)
2021749 - ET MALWARE Possible Upatre/Dyre/Kegotip SSL Cert Sept 8 2015 (malware.rules)
2021773 - ET MALWARE Possible Upatre/Dyre/Kegotip SSL Cert Sept 14 2015 (malware.rules)
2021948 - ET MALWARE Possible Upatre/Dyre/Kegotip SSL Cert Oct 12 2015 (malware.rules)
2023590 - ET MALWARE Zeus OPENSSL Banker Malicious SSL Certificate Detected (malware.rules)
2822686 - ETPRO MALWARE Win32/Etumbot.G CnC SSL Certificate Detected (malware.rules)
2823600 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2824273 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)
2826535 - ETPRO MALWARE Core Bot C2 SSL Certificate Detected (malware.rules)
2828208 - ETPRO MALWARE RevCode SSL Cert (malware.rules)

Disabled and modified rules:

2023025 - ET MALWARE ProjectSauron Remsec DNS Lookup (asrgd-uz .weedns.com) (malware.rules)
2023026 - ET MALWARE ProjectSauron Remsec DNS Lookup (sx4-ws42 .yi.org) (malware.rules)
2023027 - ET MALWARE ProjectSauron Remsec DNS Lookup (we .q.tcow.eu) (malware.rules)
2023083 - ET MALWARE Alfa/Alpha Ransomware Checkin (malware.rules)
2023161 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Vawtrak CnC) (malware.rules)
2023611 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 107 (malware.rules)
2050558 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .honors .howamerica .com) (malware.rules)
2050559 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .honors .howamerica .com) (malware.rules)
2050654 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gigeconomycase .com) (exploit_kit.rules)
2050655 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pngairservices .com) (exploit_kit.rules)
2050656 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gigeconomycase .com) (exploit_kit.rules)
2050657 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pngairservices .com) (exploit_kit.rules)
2050697 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (trust .resourcehost .net) (exploit_kit.rules)
2050698 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (trust .resourcehost .net) (exploit_kit.rules)
2051482 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (problemregardybuiwo .funj) (malware.rules)
2051483 - ET MALWARE Observed Lumma Stealer Related Domain (problemregardybuiwo .funj in TLS SNI) (malware.rules)
2821563 - ETPRO MALWARE iSpy Keylogger Reporting Infection via SMTP M2 (malware.rules)
2821569 - ETPRO MALWARE Locky CnC checkin Aug 03 2016 M2 (malware.rules)
2821600 - ETPRO MALWARE MSIL/Unknown Backdoor CnC Checkin (malware.rules)
2821692 - ETPRO MALWARE ZeusPOS Payload M2 (malware.rules)
2821821 - ETPRO MALWARE Godzilla CnC Beacon (malware.rules)
2821890 - ETPRO MALWARE Likely Evil IRC BOT NICK Command (malware.rules)
2821891 - ETPRO MALWARE Win32/Barys IRC Bot NICK Command (malware.rules)
2821987 - ETPRO MALWARE MSIL/Unknown HTTP Bot CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/27 - v10561 Ruleset Updates	128	March 27, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	355	February 20, 2024
Ruleset Update Summary - 2024/02/14 - v10532 Ruleset Updates	211	February 14, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	404	March 11, 2024
Ruleset Update Summary - 2024/03/05 - v10545 Ruleset Updates	392	March 5, 2024

Ruleset Update Summary - 2024/04/04 - v10568

Summary:

Added rules:

Open:

Modified inactive rules:

Disabled and modified rules:

Related Topics