Ruleset Update Summary - 2024/04/30 - v10586

rulesbot · April 30, 2024, 10:20pm

Summary:

23 new OPEN, 23 new PRO (23 + 0)

Added rules:

Open:

2052296 - ET MALWARE Observed Lumma Stealer Related Domain (tolerateilusidjukl .shop in TLS SNI) (malware.rules)
2052297 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (democraticseekysiwo .shop) (malware.rules)
2052298 - ET MALWARE Observed Lumma Stealer Related Domain (democraticseekysiwo .shop in TLS SNI) (malware.rules)
2052299 - ET INFO Observed DNS Over HTTPS Domain (dns .rbn .gr in TLS SNI) (info.rules)
2052300 - ET INFO Observed DNS Over HTTPS Domain (dns1 .in .newpangea .de in TLS SNI) (info.rules)
2052301 - ET INFO Observed DNS Over HTTPS Domain (dns1 .sg .newpangea .de in TLS SNI) (info.rules)
2052302 - ET INFO Observed DNS Over HTTPS Domain (dns1 .fi .newpangea .de in TLS SNI) (info.rules)
2052303 - ET INFO Observed DNS Over HTTPS Domain (dns1 .cl .newpangea .de in TLS SNI) (info.rules)
2052304 - ET INFO Observed DNS Over HTTPS Domain (dns1 .au .newpangea .de in TLS SNI) (info.rules)
2052305 - ET INFO Observed DNS Over HTTPS Domain (doh .archuser .org in TLS SNI) (info.rules)
2052306 - ET INFO Observed DNS Over HTTPS Domain (dns .kusoneko .moe in TLS SNI) (info.rules)
2052307 - ET INFO Observed DNS Over HTTPS Domain (dns1 .us .newpangea .de in TLS SNI) (info.rules)
2052308 - ET INFO Observed DNS Over HTTPS Domain (doh .kekew .info in TLS SNI) (info.rules)
2052309 - ET INFO Observed DNS Over HTTPS Domain (dns .seiffert .me in TLS SNI) (info.rules)
2052310 - ET INFO Observed DNS Over HTTPS Domain (adblockersite .com in TLS SNI) (info.rules)
2052311 - ET INFO Observed DNS Over HTTPS Domain (dns .technostriker .com in TLS SNI) (info.rules)
2052312 - ET MALWARE Cobalt Strike CnC Activity (GET) (malware.rules)
2052313 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dinets .best) (exploit_kit.rules)
2052314 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dinets .best) (exploit_kit.rules)
2052315 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevwa .com) (exploit_kit.rules)
2052316 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevwa .com) (exploit_kit.rules)
2052317 - ET EXPLOIT_KIT Parrot TDS Malicious Response M2 (exploit_kit.rules)
2052318 - ET EXPLOIT_KIT Parrot TDS Cleared Response M2 (exploit_kit.rules)

Disabled and modified rules:

2017694 - ET EXPLOIT_KIT Possible Magnitude IE EK Payload Nov 8 2013 (exploit_kit.rules)
2020708 - ET MALWARE Win32/Agent.WMN CnC Beacon (malware.rules)
2021160 - ET MALWARE Win32/Gatak.DR Payload Instructions (malware.rules)
2044386 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
2050579 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (nationalistvetecanve .shop) (malware.rules)
2050580 - ET MALWARE Observed Lumma Stealer Related Domain (nationalistvetecanve .shop in TLS SNI) (malware.rules)
2050586 - ET MALWARE Observed Lumma Stealer Related Domain (cakecoldsplurgrewe .pw in TLS SNI) (malware.rules)
2050587 - ET MALWARE Observed Lumma Stealer Related Domain (bombertublestylebanws .fun in TLS SNI) (malware.rules)
2050588 - ET MALWARE Observed Lumma Stealer Related Domain (diagramfiremonkeyowwa .fun in TLS SNI) (malware.rules)
2050589 - ET MALWARE Observed Lumma Stealer Related Domain (dayfarrichjwclik .fun in TLS SNI) (malware.rules)
2050590 - ET MALWARE Observed Lumma Stealer Related Domain (ratefacilityframw .fun in TLS SNI) (malware.rules)
2050591 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (healthrankunderow .fun) (malware.rules)
2050592 - ET MALWARE Observed Lumma Stealer Related Domain (healthrankunderow .fun in TLS SNI) (malware.rules)
2050594 - ET MALWARE Observed Lumma Stealer Related Domain (cakecoldsplurgrewe .pw in TLS SNI) (malware.rules)
2050608 - ET INFO Observed DNS Over HTTPS Domain (tienpham .id .vn in TLS SNI) (info.rules)
2050610 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (info.rules)
2050615 - ET INFO Observed DNS Over HTTPS Domain (quic .lol in TLS SNI) (info.rules)
2050619 - ET INFO Observed DNS Over HTTPS Domain (www .chungocoai .name .vn in TLS SNI) (info.rules)
2050620 - ET INFO Observed DNS Over HTTPS Domain (takhtakh .domyah .net in TLS SNI) (info.rules)
2050622 - ET INFO Observed DNS Over HTTPS Domain (dns .skrep .in in TLS SNI) (info.rules)
2050627 - ET INFO Observed DNS Over HTTPS Domain (dns .354688 .xyz in TLS SNI) (info.rules)
2811905 - ETPRO MALWARE PhilBot/Toshliph POST CnC Beacon (malware.rules)
2815180 - ETPRO EXPLOIT_KIT Nuclear EK Landing URI struct Dec 03 2015 M1 (exploit_kit.rules)
2820517 - ETPRO MALWARE Win32/ExtenBro.ACE Activity (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	253	March 25, 2024
Ruleset Update Summary - 2024/04/01 - v10564 Ruleset Updates	201	April 1, 2024
Ruleset Update Summary - 2024/01/12 - v10506 Ruleset Updates	401	January 12, 2024
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	208	June 3, 2024
Ruleset Update Summary - 2024/02/09 - v10528 Ruleset Updates	505	February 9, 2024

Ruleset Update Summary - 2024/04/30 - v10586

Summary:

Added rules:

Open:

Disabled and modified rules:

Related Topics