Ruleset Update Summary - 2024/05/17 - v10598

rulesbot · May 17, 2024, 8:05pm

Summary:

39 new OPEN, 65 new PRO (39 + 26)

Thanks @karol_paciorek

Added rules:

Open:

2052720 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (evokeoutlooklits .shop) (malware.rules)
2052721 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (rejectbettysmartws .shop) (malware.rules)
2052722 - ET MALWARE Observed Lumma Stealer Related Domain (evokeoutlooklits .shop in TLS SNI) (malware.rules)
2052723 - ET MALWARE Observed Lumma Stealer Related Domain (rejectbettysmartws .shop in TLS SNI) (malware.rules)
2052724 - ET MALWARE DNS Query to Async RAT Related Domain (loaded-swift-degrees-packages .trycloudflare .com) (malware.rules)
2052725 - ET MALWARE DNS Query to Async RAT Related Domain (undjsj .duckdns .org) (malware.rules)
2052726 - ET MALWARE DNS Query to Async RAT Related Domain (maintenance-princess-musical-vocational .trycloudflare .com) (malware.rules)
2052727 - ET MALWARE DNS Query to Async RAT Related Domain (invoice .trycloudflare .com) (malware.rules)
2052728 - ET MALWARE DNS Query to Async RAT Related Domain (tired-shareholders-reservoir-talked .trycloudflare .com) (malware.rules)
2052729 - ET MALWARE DNS Query to Async RAT Related Domain (nail-lists-compact-project .trycloudflare .com) (malware.rules)
2052730 - ET MALWARE DNS Query to Async RAT Related Domain (snap-guide-leeds-des .trycloudflare .com) (malware.rules)
2052731 - ET MALWARE DNS Query to Async RAT Related Domain (boy-such-icon-positive .trycloudflare .com) (malware.rules)
2052732 - ET MALWARE DNS Query to Async RAT Related Domain (oral-career-renewable-bacterial .trycloudflare .com) (malware.rules)
2052733 - ET MALWARE DNS Query to Async RAT Related Domain (invoicetrycloudflare .com) (malware.rules)
2052734 - ET MALWARE DNS Query to Async RAT Related Domain (bangkok-generally-ensemble-nfl .trycloudflare .com) (malware.rules)
2052735 - ET MALWARE Observed Async RAT Related Domain (nail-lists-compact-project .trycloudflare .com in TLS SNI) (malware.rules)
2052736 - ET MALWARE Observed Async RAT Related Domain (invoice .trycloudflare .com in TLS SNI) (malware.rules)
2052737 - ET MALWARE Observed Async RAT Related Domain (boy-such-icon-positive .trycloudflare .com in TLS SNI) (malware.rules)
2052738 - ET MALWARE Observed Async RAT Related Domain (snap-guide-leeds-des .trycloudflare .com in TLS SNI) (malware.rules)
2052739 - ET MALWARE Observed Async RAT Related Domain (invoicetrycloudflare .com in TLS SNI) (malware.rules)
2052740 - ET MALWARE Observed Async RAT Related Domain (oral-career-renewable-bacterial .trycloudflare .com in TLS SNI) (malware.rules)
2052741 - ET MALWARE Observed Async RAT Related Domain (loaded-swift-degrees-packages .trycloudflare .com in TLS SNI) (malware.rules)
2052742 - ET MALWARE Observed Async RAT Related Domain (maintenance-princess-musical-vocational .trycloudflare .com in TLS SNI) (malware.rules)
2052743 - ET MALWARE Observed Async RAT Related Domain (tired-shareholders-reservoir-talked .trycloudflare .com in TLS SNI) (malware.rules)
2052744 - ET MALWARE Observed Async RAT Related Domain (bangkok-generally-ensemble-nfl .trycloudflare .com in TLS SNI) (malware.rules)
2052745 - ET MALWARE Observed Async RAT Related Domain (undjsj .duckdns .org in TLS SNI) (malware.rules)
2052746 - ET MALWARE Observed DNS Query to Unknown Malware Domain (qpps .site) (malware.rules)
2052747 - ET MALWARE Observed Unknown Malware Domain (qpps .site) in TLS SNI (malware.rules)
2052748 - ET INFO Observed DNS over HTTPS Domain (dns .editechstudio .com) in TLS SNI (info.rules)
2052749 - ET INFO Observed DNS over HTTPS Domain (dns .mateo .ovh) in TLS SNI (info.rules)
2052750 - ET INFO Observed DNS over HTTPS Domain (dns .eliv .co .kr) in TLS SNI (info.rules)
2052751 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (asyncprogramminghub .com) (exploit_kit.rules)
2052752 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (asyncprogramminghub .com) (exploit_kit.rules)
2052753 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (public .clickstat360 .com) (exploit_kit.rules)
2052754 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (public .clickstat360 .com) (exploit_kit.rules)
2052755 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chezfur .com) (exploit_kit.rules)
2052756 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (osiria-agency .com) (exploit_kit.rules)
2052757 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chezfur .com) (exploit_kit.rules)
2052758 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (osiria-agency .com) (exploit_kit.rules)

Pro:

2856962 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2856963 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2856964 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2856965 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2856966 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2856967 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2856968 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2856969 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2856970 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2856971 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2856972 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2856973 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2856974 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2856975 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2856976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2856977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2856978 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2856979 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2856980 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2856981 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2856982 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2856983 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2856984 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2856985 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2856986 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2856987 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Disabled and modified rules:

2051096 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .collection .aixpirts .com) (malware.rules)
2051097 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .collection .aixpirts .com) (malware.rules)
2051098 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aljannatquranteach .com) (exploit_kit.rules)
2051099 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bbsupplyandsalon .com) (exploit_kit.rules)
2051100 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (betsmovepiyango47 .com) (exploit_kit.rules)
2051101 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bigcuda .com) (exploit_kit.rules)
2051102 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eduvationgroup .com) (exploit_kit.rules)
2051103 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eoskinec .com) (exploit_kit.rules)
2051104 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ezwhatsappp .com) (exploit_kit.rules)
2051105 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (growcalm .com) (exploit_kit.rules)
2051106 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (grupodistribuidora .com) (exploit_kit.rules)
2051107 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aljannatquranteach .com) (exploit_kit.rules)
2051108 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bbsupplyandsalon .com) (exploit_kit.rules)
2051109 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (betsmovepiyango47 .com) (exploit_kit.rules)
2051110 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bigcuda .com) (exploit_kit.rules)
2051111 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eduvationgroup .com) (exploit_kit.rules)
2051112 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eoskinec .com) (exploit_kit.rules)
2051113 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ezwhatsappp .com) (exploit_kit.rules)
2051114 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (growcalm .com) (exploit_kit.rules)
2051115 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (grupodistribuidora .com) (exploit_kit.rules)
2051434 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (africanbeatmaker .com) (exploit_kit.rules)
2051435 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aiifolrida .com) (exploit_kit.rules)
2051436 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (amarod .com) (exploit_kit.rules)
2051437 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (auburnartwalk .com) (exploit_kit.rules)
2051438 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (africanbeatmaker .com) (exploit_kit.rules)
2051439 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aiifolrida .com) (exploit_kit.rules)
2051440 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (amarod .com) (exploit_kit.rules)
2051441 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (auburnartwalk .com) (exploit_kit.rules)
2051464 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .aus .mimico-cooperative .org) (malware.rules)
2051465 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .aus .mimico-cooperative .org) (malware.rules)
2051466 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (briefscala .com) (exploit_kit.rules)
2051467 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (briefscala .com) (exploit_kit.rules)
2051495 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .distributors .commdistinc .com) (malware.rules)
2051496 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .distributors .commdistinc .com) (malware.rules)
2051576 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (advanceddataenterprise .com) (exploit_kit.rules)
2051577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (advanceddataenterprise .com) (exploit_kit.rules)
2051608 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .round .fishingreelinvestment .com) (malware.rules)
2051609 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .round .fishingreelinvestment .com) (malware.rules)
2051610 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ausgov .pro) (exploit_kit.rules)
2051611 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (digestlivepro .com) (exploit_kit.rules)
2051612 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ausgov .pro) (exploit_kit.rules)
2051613 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (digestlivepro .com) (exploit_kit.rules)
2051614 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bestopgoespink .com) (exploit_kit.rules)
2051615 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bestopgoespink .com) (exploit_kit.rules)
2051682 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .policy .donnafrey .com) (malware.rules)
2051683 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .policy .donnafrey .com) (malware.rules)
2051686 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (worldofmantas .com) (exploit_kit.rules)
2051687 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ausgov .pro) (exploit_kit.rules)
2051688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (edulokam .com) (exploit_kit.rules)
2051689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (worldofmantas .com) (exploit_kit.rules)
2051690 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ausgov .pro) (exploit_kit.rules)
2051691 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (edulokam .com) (exploit_kit.rules)
2051692 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (7commbeta .com) (exploit_kit.rules)
2051693 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (7commbeta .com) (exploit_kit.rules)
2051694 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ezshipsy .com) (exploit_kit.rules)
2051695 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ezshipsy .com) (exploit_kit.rules)
2052639 - ET MALWARE DNS Query to Darkgate Domain (savoystocks .com) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	230	March 8, 2024
Ruleset Update Summary - 2024/07/26 - v10654 Ruleset Updates	99	July 26, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	917	March 11, 2024
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	265	March 25, 2024
Ruleset Update Summary - 2024/02/05 - v10524 Ruleset Updates	427	February 5, 2024

Ruleset Update Summary - 2024/05/17 - v10598

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related Topics