Ruleset Update Summary - 2024/05/15 - v10596

rulesbot · May 15, 2024, 9:56pm

Summary:

23 new OPEN, 25 new PRO (23 + 2)

Thanks @naumovax

Added rules:

Open:

2052611 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (surprisemakedjukenw .shop) (malware.rules)
2052612 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (vehicledropliberwls .shop) (malware.rules)
2052613 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (destructionloserods .shop) (malware.rules)
2052614 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (grandmuseimhalltso .shop) (malware.rules)
2052615 - ET MALWARE Observed Lumma Stealer Related Domain (surprisemakedjukenw .shop in TLS SNI) (malware.rules)
2052616 - ET MALWARE Observed Lumma Stealer Related Domain (vehicledropliberwls .shop in TLS SNI) (malware.rules)
2052617 - ET MALWARE Observed Lumma Stealer Related Domain (destructionloserods .shop in TLS SNI) (malware.rules)
2052618 - ET MALWARE Observed Lumma Stealer Related Domain (grandmuseimhalltso .shop in TLS SNI) (malware.rules)
2052619 - ET MALWARE JS/Unknown RAT Activity (GET) M1 (malware.rules)
2052620 - ET MALWARE JS/Unknown RAT Activity (GET) M2 (malware.rules)
2052621 - ET MALWARE JS/Unknown RAT Activity (POST) (malware.rules)
2052622 - ET INFO Observed DNS over HTTPS Domain (0ms .dev) in TLS SNI (info.rules)
2052623 - ET INFO Observed DNS over HTTPS Domain (doh .b86 .nl) in TLS SNI (info.rules)
2052624 - ET INFO Observed DNS over HTTPS Domain (doh .viatech .com .tw) in TLS SNI (info.rules)
2052625 - ET INFO Observed DNS over HTTPS Domain (doh .cippapp .com) in TLS SNI (info.rules)
2052626 - ET INFO Observed DNS over HTTPS Domain (dns .novg .net) in TLS SNI (info.rules)
2052627 - ET INFO Observed DNS over HTTPS Domain (dns .kescher .at) in TLS SNI (info.rules)
2052628 - ET INFO Observed DNS Query to AI Image Generation Service (stablediffusionapi .com) (info.rules)
2052629 - ET INFO Observed AI Image Generation Service Domain (stablediffusionapi .com) in TLS SNI (info.rules)
2052630 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (forgreatestgoal .site) (exploit_kit.rules)
2052631 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (polikarbonad .xyz) (exploit_kit.rules)
2052632 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (forgreatestgoal .site) (exploit_kit.rules)
2052633 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (polikarbonad .xyz) (exploit_kit.rules)

Pro:

2856958 - ETPRO MALWARE Unknown Malware Domain in DNS Lookup (malware.rules)
2856959 - ETPRO MALWARE Unknown Malware Domain in TLS SNI (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	480	February 20, 2024
Ruleset Update Summary - 2024/03/27 - v10561 Ruleset Updates	185	March 27, 2024
Ruleset Update Summary - 2024/02/14 - v10532 Ruleset Updates	288	February 14, 2024
Ruleset Update Summary - 2024/05/20 - v10599 Ruleset Updates	149	May 20, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	333	January 25, 2024

Ruleset Update Summary - 2024/05/15 - v10596

Summary:

Added rules:

Open:

Pro:

Related Topics