Ruleset Update Summary - 2024/05/15 - v10596

Summary:

23 new OPEN, 25 new PRO (23 + 2)

Thanks @naumovax


Added rules:

Open:

  • 2052611 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (surprisemakedjukenw .shop) (malware.rules)
  • 2052612 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (vehicledropliberwls .shop) (malware.rules)
  • 2052613 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (destructionloserods .shop) (malware.rules)
  • 2052614 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (grandmuseimhalltso .shop) (malware.rules)
  • 2052615 - ET MALWARE Observed Lumma Stealer Related Domain (surprisemakedjukenw .shop in TLS SNI) (malware.rules)
  • 2052616 - ET MALWARE Observed Lumma Stealer Related Domain (vehicledropliberwls .shop in TLS SNI) (malware.rules)
  • 2052617 - ET MALWARE Observed Lumma Stealer Related Domain (destructionloserods .shop in TLS SNI) (malware.rules)
  • 2052618 - ET MALWARE Observed Lumma Stealer Related Domain (grandmuseimhalltso .shop in TLS SNI) (malware.rules)
  • 2052619 - ET MALWARE JS/Unknown RAT Activity (GET) M1 (malware.rules)
  • 2052620 - ET MALWARE JS/Unknown RAT Activity (GET) M2 (malware.rules)
  • 2052621 - ET MALWARE JS/Unknown RAT Activity (POST) (malware.rules)
  • 2052622 - ET INFO Observed DNS over HTTPS Domain (0ms .dev) in TLS SNI (info.rules)
  • 2052623 - ET INFO Observed DNS over HTTPS Domain (doh .b86 .nl) in TLS SNI (info.rules)
  • 2052624 - ET INFO Observed DNS over HTTPS Domain (doh .viatech .com .tw) in TLS SNI (info.rules)
  • 2052625 - ET INFO Observed DNS over HTTPS Domain (doh .cippapp .com) in TLS SNI (info.rules)
  • 2052626 - ET INFO Observed DNS over HTTPS Domain (dns .novg .net) in TLS SNI (info.rules)
  • 2052627 - ET INFO Observed DNS over HTTPS Domain (dns .kescher .at) in TLS SNI (info.rules)
  • 2052628 - ET INFO Observed DNS Query to AI Image Generation Service (stablediffusionapi .com) (info.rules)
  • 2052629 - ET INFO Observed AI Image Generation Service Domain (stablediffusionapi .com) in TLS SNI (info.rules)
  • 2052630 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (forgreatestgoal .site) (exploit_kit.rules)
  • 2052631 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (polikarbonad .xyz) (exploit_kit.rules)
  • 2052632 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (forgreatestgoal .site) (exploit_kit.rules)
  • 2052633 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (polikarbonad .xyz) (exploit_kit.rules)

Pro:

  • 2856958 - ETPRO MALWARE Unknown Malware Domain in DNS Lookup (malware.rules)
  • 2856959 - ETPRO MALWARE Unknown Malware Domain in TLS SNI (malware.rules)