Ruleset Update Summary - 2024/05/13 - v10594

rulesbot · May 13, 2024, 9:00pm

Summary:

43 new OPEN, 44 new PRO (43 + 1)

Thanks @Unit42_Intel, @kevross33

Added rules:

Open:

2052537 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (headraisepresidensu .shop) (malware.rules)
2052538 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (smallelementyjdui .shop) (malware.rules)
2052539 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tendencyportionjsuk .shop) (malware.rules)
2052540 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sofaprivateawarderysj .shop) (malware.rules)
2052541 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sloganprogrevidefkso .shop) (malware.rules)
2052542 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (appetitesallooonsj .shop) (malware.rules)
2052543 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lineagelasserytailsd .shop) (malware.rules)
2052544 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (prideconstituiiosjk .shop) (malware.rules)
2052545 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (minorittyeffeoos .shop) (malware.rules)
2052546 - ET MALWARE Observed Lumma Stealer Related Domain (headraisepresidensu .shop in TLS SNI) (malware.rules)
2052547 - ET MALWARE Observed Lumma Stealer Related Domain (smallelementyjdui .shop in TLS SNI) (malware.rules)
2052548 - ET MALWARE Observed Lumma Stealer Related Domain (tendencyportionjsuk .shop in TLS SNI) (malware.rules)
2052549 - ET MALWARE Observed Lumma Stealer Related Domain (sofaprivateawarderysj .shop in TLS SNI) (malware.rules)
2052550 - ET MALWARE Observed Lumma Stealer Related Domain (sloganprogrevidefkso .shop in TLS SNI) (malware.rules)
2052551 - ET MALWARE Observed Lumma Stealer Related Domain (appetitesallooonsj .shop in TLS SNI) (malware.rules)
2052552 - ET MALWARE Observed Lumma Stealer Related Domain (lineagelasserytailsd .shop in TLS SNI) (malware.rules)
2052553 - ET MALWARE Observed Lumma Stealer Related Domain (prideconstituiiosjk .shop in TLS SNI) (malware.rules)
2052554 - ET MALWARE Observed Lumma Stealer Related Domain (minorittyeffeoos .shop in TLS SNI) (malware.rules)
2052555 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (roleprofittypleasw .shop) (malware.rules)
2052556 - ET MALWARE Observed Lumma Stealer Related Domain (roleprofittypleasw .shop in TLS SNI) (malware.rules)
2052557 - ET MALWARE W32/Badspace.Backdoor CnC Activity (GET) (malware.rules)
2052558 - ET MALWARE W32/Badspace.Backdoor CnC Activity (POST) (malware.rules)
2052559 - ET MALWARE Possible XWorm Payload Downloaded via Powershell (malware.rules)
2052560 - ET MALWARE Trkcdn Domain in DNS Lookup (simitor .com) (malware.rules)
2052561 - ET MALWARE Trkcdn Domain in DNS Lookup (vitrfar .info) (malware.rules)
2052562 - ET MALWARE Trkcdn Domain in DNS Lookup (pordasa .info) (malware.rules)
2052563 - ET MALWARE Trkcdn Domain in DNS Lookup (vibnere .com) (malware.rules)
2052564 - ET MALWARE Trkcdn Domain in DNS Lookup (edrefo .com) (malware.rules)
2052565 - ET MALWARE Trkcdn Domain in DNS Lookup (frotel .info) (malware.rules)
2052566 - ET MALWARE SpamTracker Domain in DNS Lookup (epyujbhfhbs35j .com) (malware.rules)
2052567 - ET MALWARE SpamTracker Domain in DNS Lookup (cgb488dixfxjw7 .com) (malware.rules)
2052568 - ET MALWARE SpamTracker Domain in DNS Lookup (8egub9e7s6cz7n .com) (malware.rules)
2052569 - ET MALWARE SpamTracker Domain in DNS Lookup (hjmpfsamfkj5m5 .com) (malware.rules)
2052570 - ET MALWARE SpamTracker Domain in DNS Lookup (uxjxfg2ui8k5zk .com) (malware.rules)
2052571 - ET MALWARE SecShow Domain DNS Lookup (secshow .net) (malware.rules)
2052572 - ET MALWARE SecShow Domain DNS Lookup (secshow .online) (malware.rules)
2052573 - ET MALWARE SecShow Domain DNS Lookup (secdns .site) (malware.rules)
2052574 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (firstaischool .com) (exploit_kit.rules)
2052575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (veniam-veritatis .site) (exploit_kit.rules)
2052576 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (firstaischool .com) (exploit_kit.rules)
2052577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (veniam-veritatis .site) (exploit_kit.rules)
2052578 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .location .oysterfloats .us) (malware.rules)
2052579 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .location .oysterfloats .us) (malware.rules)

Pro:

2856951 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/05/20 - v10599 Ruleset Updates	147	May 20, 2024
Ruleset Update Summary - 2024/05/03 - v10589 Ruleset Updates	261	May 3, 2024
Ruleset Update Summary - 2024/03/05 - v10545 Ruleset Updates	636	March 5, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	910	March 11, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	463	February 20, 2024

Ruleset Update Summary - 2024/05/13 - v10594

Summary:

Added rules:

Open:

Pro:

Related Topics