Ruleset Update Summary - 2024/05/30 - v10606

Ruleset Updates
1

Summary:

170 new OPEN, 185 new PRO (170 + 15)

Thanks @harfanglab

Added rules:

Open:

  • 2053030 - ET EXPLOIT Adobe ColdFusion Unauthorized File Access (CVE-2024-20767) (exploit.rules)
  • 2053031 - ET WEB_SPECIFIC_APPS Checkpoint Quantum Security Gateway Arbitrary File Read Attempt (CVE-2024-24919) (web_specific_apps.rules)
  • 2053032 - ET MALWARE Allasenha Related Domain (nfe-digital .online) in DNS Lookup (malware.rules)
  • 2053033 - ET MALWARE Allasenha Related Domain (nfe-digital .site) in DNS Lookup (malware.rules)
  • 2053034 - ET MALWARE Allasenha Related Domain (nfe-digital .top) in DNS Lookup (malware.rules)
  • 2053035 - ET MALWARE Allasenha Related Domain (nfe-digital .digital) in DNS Lookup (malware.rules)
  • 2053036 - ET MALWARE Observed Allasenha RAT Related Domain (nfe-digital .online) in TLS SNI (malware.rules)
  • 2053037 - ET MALWARE Observed Allasenha RAT Related Domain (nfe-digital .site) in TLS SNI (malware.rules)
  • 2053038 - ET MALWARE Observed Allasenha RAT Related Domain (nfe-digital .top) in TLS SNI (malware.rules)
  • 2053039 - ET MALWARE Observed Allasenha RAT Related Domain (nfe-digital .digital) in TLS SNI (malware.rules)
  • 2053040 - ET MALWARE Justice AV Solutions Viewer Backdoor CnC Checkin (CVE-2024-4978) (malware.rules)
  • 2053041 - ET INFO Observed DNS Over HTTPS Domain (dns .b33 .network) in TLS SNI (info.rules)
  • 2053042 - ET WEB_SPECIFIC_APPS Apache Flink Arbitrary File Read Attempt (CVE-2020-17519) (web_specific_apps.rules)
  • 2053043 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bestcdnforfree .site) (exploit_kit.rules)
  • 2053044 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (gotthebestoffer .site) (exploit_kit.rules)
  • 2053045 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (p4wq3e5r6t .xyz) (exploit_kit.rules)
  • 2053046 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bestcdnforfree .site) (exploit_kit.rules)
  • 2053047 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (gotthebestoffer .site) (exploit_kit.rules)
  • 2053048 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (p4wq3e5r6t .xyz) (exploit_kit.rules)
  • 2053049 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (responsiveuikit .com) (exploit_kit.rules)
  • 2053050 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (24f1989 .com) (exploit_kit.rules)
  • 2053051 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ranconimports .com) (exploit_kit.rules)
  • 2053052 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (24f1989 .com) (exploit_kit.rules)
  • 2053053 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ranconimports .com) (exploit_kit.rules)
  • 2053054 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (s9l0w7n3y5 .xyz) (exploit_kit.rules)
  • 2053055 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (s9l0w7n3y5 .xyz) (exploit_kit.rules)
  • 2053056 - ET INFO DYNAMIC_DNS Query to a *.kje .us Domain (info.rules)
  • 2053057 - ET INFO DYNAMIC_DNS HTTP Request to a *.kje .us Domain (info.rules)
  • 2053058 - ET INFO DYNAMIC_DNS Query to a *.cdpa .cc Domain (info.rules)
  • 2053059 - ET INFO DYNAMIC_DNS HTTP Request to a *.cdpa .cc Domain (info.rules)
  • 2053060 - ET INFO DYNAMIC_DNS Query to a *.hal .se Domain (info.rules)
  • 2053061 - ET INFO DYNAMIC_DNS HTTP Request to a *.hal .se Domain (info.rules)
  • 2053062 - ET INFO DYNAMIC_DNS Query to a *.e-segurarse .com Domain (info.rules)
  • 2053063 - ET INFO DYNAMIC_DNS HTTP Request to a *.e-segurarse .com Domain (info.rules)
  • 2053064 - ET INFO DYNAMIC_DNS Query to a *.hardsoft .nu Domain (info.rules)
  • 2053065 - ET INFO DYNAMIC_DNS HTTP Request to a *.hardsoft .nu Domain (info.rules)
  • 2053066 - ET INFO DYNAMIC_DNS Query to a *.spanishlearning .com .ar Domain (info.rules)
  • 2053067 - ET INFO DYNAMIC_DNS HTTP Request to a *.spanishlearning .com .ar Domain (info.rules)
  • 2053068 - ET INFO DYNAMIC_DNS Query to a *.aybit .ch Domain (info.rules)
  • 2053069 - ET INFO DYNAMIC_DNS HTTP Request to a *.aybit .ch Domain (info.rules)
  • 2053070 - ET INFO DYNAMIC_DNS Query to a *.medscience .cl Domain (info.rules)
  • 2053071 - ET INFO DYNAMIC_DNS HTTP Request to a *.medscience .cl Domain (info.rules)
  • 2053072 - ET INFO DYNAMIC_DNS Query to a *.rugeleychessclub .co .uk Domain (info.rules)
  • 2053073 - ET INFO DYNAMIC_DNS HTTP Request to a *.rugeleychessclub .co .uk Domain (info.rules)
  • 2053074 - ET INFO DYNAMIC_DNS Query to a *.87 .org .uk Domain (info.rules)
  • 2053075 - ET INFO DYNAMIC_DNS HTTP Request to a *.87 .org .uk Domain (info.rules)
  • 2053076 - ET INFO DYNAMIC_DNS Query to a *.deance .org .mx Domain (info.rules)
  • 2053077 - ET INFO DYNAMIC_DNS HTTP Request to a *.deance .org .mx Domain (info.rules)
  • 2053078 - ET INFO DYNAMIC_DNS Query to a *.fatemokid .com Domain (info.rules)
  • 2053079 - ET INFO DYNAMIC_DNS HTTP Request to a *.fatemokid .com Domain (info.rules)
  • 2053080 - ET INFO DYNAMIC_DNS Query to a *.largent .org Domain (info.rules)
  • 2053081 - ET INFO DYNAMIC_DNS HTTP Request to a *.largent .org Domain (info.rules)
  • 2053082 - ET INFO DYNAMIC_DNS Query to a *.fsagc .org Domain (info.rules)
  • 2053083 - ET INFO DYNAMIC_DNS HTTP Request to a *.fsagc .org Domain (info.rules)
  • 2053084 - ET INFO DYNAMIC_DNS Query to a *.900 .my Domain (info.rules)
  • 2053085 - ET INFO DYNAMIC_DNS HTTP Request to a *.900 .my Domain (info.rules)
  • 2053086 - ET INFO DYNAMIC_DNS Query to a *.arkad .nu Domain (info.rules)
  • 2053087 - ET INFO DYNAMIC_DNS HTTP Request to a *.arkad .nu Domain (info.rules)
  • 2053088 - ET INFO DYNAMIC_DNS Query to a *.cachingtech .com Domain (info.rules)
  • 2053089 - ET INFO DYNAMIC_DNS HTTP Request to a *.cachingtech .com Domain (info.rules)
  • 2053090 - ET INFO DYNAMIC_DNS Query to a *.modernpotterystudio .com Domain (info.rules)
  • 2053091 - ET INFO DYNAMIC_DNS HTTP Request to a *.modernpotterystudio .com Domain (info.rules)
  • 2053092 - ET INFO DYNAMIC_DNS Query to a *.sanluix .org Domain (info.rules)
  • 2053093 - ET INFO DYNAMIC_DNS HTTP Request to a *.sanluix .org Domain (info.rules)
  • 2053094 - ET INFO DYNAMIC_DNS Query to a *.ilja .org Domain (info.rules)
  • 2053095 - ET INFO DYNAMIC_DNS HTTP Request to a *.ilja .org Domain (info.rules)
  • 2053096 - ET INFO DYNAMIC_DNS Query to a *.pricemonkey .ca Domain (info.rules)
  • 2053097 - ET INFO DYNAMIC_DNS HTTP Request to a *.pricemonkey .ca Domain (info.rules)
  • 2053098 - ET INFO DYNAMIC_DNS Query to a *.gierweb .nl Domain (info.rules)
  • 2053099 - ET INFO DYNAMIC_DNS HTTP Request to a *.gierweb .nl Domain (info.rules)
  • 2053100 - ET INFO DYNAMIC_DNS Query to a *.smarter-homes .co .uk Domain (info.rules)
  • 2053101 - ET INFO DYNAMIC_DNS HTTP Request to a *.smarter-homes .co .uk Domain (info.rules)
  • 2053102 - ET INFO DYNAMIC_DNS Query to a *.uwgraduation .com Domain (info.rules)
  • 2053103 - ET INFO DYNAMIC_DNS HTTP Request to a *.uwgraduation .com Domain (info.rules)
  • 2053104 - ET INFO DYNAMIC_DNS Query to a *.tradevoip .co .uk Domain (info.rules)
  • 2053105 - ET INFO DYNAMIC_DNS HTTP Request to a *.tradevoip .co .uk Domain (info.rules)
  • 2053106 - ET INFO DYNAMIC_DNS Query to a *.boxiq .com Domain (info.rules)
  • 2053107 - ET INFO DYNAMIC_DNS HTTP Request to a *.boxiq .com Domain (info.rules)
  • 2053108 - ET INFO DYNAMIC_DNS Query to a *.topmoto .pl Domain (info.rules)
  • 2053109 - ET INFO DYNAMIC_DNS HTTP Request to a *.topmoto .pl Domain (info.rules)
  • 2053110 - ET INFO DYNAMIC_DNS Query to a *.fapp .in Domain (info.rules)
  • 2053111 - ET INFO DYNAMIC_DNS HTTP Request to a *.fapp .in Domain (info.rules)
  • 2053112 - ET INFO DYNAMIC_DNS Query to a *.judysart .com Domain (info.rules)
  • 2053113 - ET INFO DYNAMIC_DNS HTTP Request to a *.judysart .com Domain (info.rules)
  • 2053114 - ET INFO DYNAMIC_DNS Query to a *.equalgrid .com Domain (info.rules)
  • 2053115 - ET INFO DYNAMIC_DNS HTTP Request to a *.equalgrid .com Domain (info.rules)
  • 2053116 - ET INFO DYNAMIC_DNS Query to a *.k4ds .org Domain (info.rules)
  • 2053117 - ET INFO DYNAMIC_DNS HTTP Request to a *.k4ds .org Domain (info.rules)
  • 2053118 - ET INFO DYNAMIC_DNS Query to a *.bebecatalog .com Domain (info.rules)
  • 2053119 - ET INFO DYNAMIC_DNS HTTP Request to a *.bebecatalog .com Domain (info.rules)
  • 2053120 - ET INFO DYNAMIC_DNS Query to a *.thebookllc .com Domain (info.rules)
  • 2053121 - ET INFO DYNAMIC_DNS HTTP Request to a *.thebookllc .com Domain (info.rules)
  • 2053122 - ET INFO DYNAMIC_DNS Query to a *.sunny-love .com Domain (info.rules)
  • 2053123 - ET INFO DYNAMIC_DNS HTTP Request to a *.sunny-love .com Domain (info.rules)
  • 2053124 - ET INFO DYNAMIC_DNS Query to a *.mji .ro Domain (info.rules)
  • 2053125 - ET INFO DYNAMIC_DNS HTTP Request to a *.mji .ro Domain (info.rules)
  • 2053126 - ET INFO DYNAMIC_DNS Query to a *.jackng .net Domain (info.rules)
  • 2053127 - ET INFO DYNAMIC_DNS HTTP Request to a *.jackng .net Domain (info.rules)
  • 2053128 - ET INFO DYNAMIC_DNS Query to a *.rdenham .co .uk Domain (info.rules)
  • 2053129 - ET INFO DYNAMIC_DNS HTTP Request to a *.rdenham .co .uk Domain (info.rules)
  • 2053130 - ET INFO DYNAMIC_DNS Query to a *.theyogaboutique .co .uk Domain (info.rules)
  • 2053131 - ET INFO DYNAMIC_DNS HTTP Request to a *.theyogaboutique .co .uk Domain (info.rules)
  • 2053132 - ET INFO DYNAMIC_DNS Query to a *.wolfdork .com Domain (info.rules)
  • 2053133 - ET INFO DYNAMIC_DNS HTTP Request to a *.wolfdork .com Domain (info.rules)
  • 2053134 - ET INFO DYNAMIC_DNS Query to a *.stentwood .com .au Domain (info.rules)
  • 2053135 - ET INFO DYNAMIC_DNS HTTP Request to a *.stentwood .com .au Domain (info.rules)
  • 2053136 - ET INFO DYNAMIC_DNS Query to a *.kanacad .org Domain (info.rules)
  • 2053137 - ET INFO DYNAMIC_DNS HTTP Request to a *.kanacad .org Domain (info.rules)
  • 2053138 - ET INFO DYNAMIC_DNS Query to a *.sage .li Domain (info.rules)
  • 2053139 - ET INFO DYNAMIC_DNS HTTP Request to a *.sage .li Domain (info.rules)
  • 2053140 - ET INFO DYNAMIC_DNS Query to a *.swfin .net Domain (info.rules)
  • 2053141 - ET INFO DYNAMIC_DNS HTTP Request to a *.swfin .net Domain (info.rules)
  • 2053142 - ET INFO DYNAMIC_DNS Query to a *.megajournal .com Domain (info.rules)
  • 2053143 - ET INFO DYNAMIC_DNS HTTP Request to a *.megajournal .com Domain (info.rules)
  • 2053144 - ET INFO DYNAMIC_DNS Query to a *.cobos .mx Domain (info.rules)
  • 2053145 - ET INFO DYNAMIC_DNS HTTP Request to a *.cobos .mx Domain (info.rules)
  • 2053146 - ET INFO DYNAMIC_DNS Query to a *.indforever .net Domain (info.rules)
  • 2053147 - ET INFO DYNAMIC_DNS HTTP Request to a *.indforever .net Domain (info.rules)
  • 2053148 - ET INFO DYNAMIC_DNS Query to a *.toogoofy .com Domain (info.rules)
  • 2053149 - ET INFO DYNAMIC_DNS HTTP Request to a *.toogoofy .com Domain (info.rules)
  • 2053150 - ET INFO DYNAMIC_DNS Query to a [Redacted - Vulgar] Domain (info.rules)
  • 2053151 - ET INFO DYNAMIC_DNS HTTP Request to a [Redacted - Vulgar] Domain (info.rules)
  • 2053152 - ET INFO DYNAMIC_DNS Query to a *.meatbytes .com Domain (info.rules)
  • 2053153 - ET INFO DYNAMIC_DNS HTTP Request to a *.meatbytes .com Domain (info.rules)
  • 2053154 - ET INFO DYNAMIC_DNS Query to a *.z-imaging .com Domain (info.rules)
  • 2053155 - ET INFO DYNAMIC_DNS HTTP Request to a *.z-imaging .com Domain (info.rules)
  • 2053156 - ET INFO DYNAMIC_DNS Query to a *.strongson .com Domain (info.rules)
  • 2053157 - ET INFO DYNAMIC_DNS HTTP Request to a *.strongson .com Domain (info.rules)
  • 2053158 - ET INFO DYNAMIC_DNS Query to a *.oldsouthmarlinclub .com Domain (info.rules)
  • 2053159 - ET INFO DYNAMIC_DNS HTTP Request to a *.oldsouthmarlinclub .com Domain (info.rules)
  • 2053160 - ET INFO DYNAMIC_DNS Query to a *.pimp .co .za Domain (info.rules)
  • 2053161 - ET INFO DYNAMIC_DNS HTTP Request to a *.pimp .co .za Domain (info.rules)
  • 2053162 - ET INFO DYNAMIC_DNS Query to a *.nchez .mx Domain (info.rules)
  • 2053163 - ET INFO DYNAMIC_DNS HTTP Request to a *.nchez .mx Domain (info.rules)
  • 2053164 - ET INFO DYNAMIC_DNS Query to a *.srmck .com Domain (info.rules)
  • 2053165 - ET INFO DYNAMIC_DNS HTTP Request to a *.srmck .com Domain (info.rules)
  • 2053166 - ET INFO DYNAMIC_DNS Query to a *.raulgarza .com Domain (info.rules)
  • 2053167 - ET INFO DYNAMIC_DNS HTTP Request to a *.raulgarza .com Domain (info.rules)
  • 2053168 - ET INFO DYNAMIC_DNS Query to a *.tinysun .net Domain (info.rules)
  • 2053169 - ET INFO DYNAMIC_DNS HTTP Request to a *.tinysun .net Domain (info.rules)
  • 2053170 - ET INFO DYNAMIC_DNS Query to a *.ssident .com Domain (info.rules)
  • 2053171 - ET INFO DYNAMIC_DNS HTTP Request to a *.ssident .com Domain (info.rules)
  • 2053172 - ET INFO DYNAMIC_DNS Query to a *.abl .cl Domain (info.rules)
  • 2053173 - ET INFO DYNAMIC_DNS HTTP Request to a *.abl .cl Domain (info.rules)
  • 2053174 - ET INFO DYNAMIC_DNS Query to a *.garagesport .ch Domain (info.rules)
  • 2053175 - ET INFO DYNAMIC_DNS HTTP Request to a *.garagesport .ch Domain (info.rules)
  • 2053176 - ET INFO DYNAMIC_DNS Query to a *.proheroeyewear .com Domain (info.rules)
  • 2053177 - ET INFO DYNAMIC_DNS HTTP Request to a *.proheroeyewear .com Domain (info.rules)
  • 2053178 - ET INFO DYNAMIC_DNS Query to a *.maiaps .co .uk Domain (info.rules)
  • 2053179 - ET INFO DYNAMIC_DNS HTTP Request to a *.maiaps .co .uk Domain (info.rules)
  • 2053180 - ET INFO DYNAMIC_DNS Query to a *.wawi .es Domain (info.rules)
  • 2053181 - ET INFO DYNAMIC_DNS HTTP Request to a *.wawi .es Domain (info.rules)
  • 2053182 - ET INFO DYNAMIC_DNS Query to a *.mambodev .com Domain (info.rules)
  • 2053183 - ET INFO DYNAMIC_DNS HTTP Request to a *.mambodev .com Domain (info.rules)
  • 2053184 - ET INFO DYNAMIC_DNS Query to a *.hillbrick .net Domain (info.rules)
  • 2053185 - ET INFO DYNAMIC_DNS HTTP Request to a *.hillbrick .net Domain (info.rules)
  • 2053186 - ET INFO DYNAMIC_DNS Query to a *.arph .org Domain (info.rules)
  • 2053187 - ET INFO DYNAMIC_DNS HTTP Request to a *.arph .org Domain (info.rules)
  • 2053188 - ET INFO DYNAMIC_DNS Query to a *.mudonghoi .org Domain (info.rules)
  • 2053189 - ET INFO DYNAMIC_DNS HTTP Request to a *.mudonghoi .org Domain (info.rules)
  • 2053190 - ET INFO DYNAMIC_DNS Query to a *.surreyquays .com Domain (info.rules)
  • 2053191 - ET INFO DYNAMIC_DNS HTTP Request to a *.surreyquays .com Domain (info.rules)
  • 2053192 - ET INFO DYNAMIC_DNS Query to a *.guitarasia .com Domain (info.rules)
  • 2053193 - ET INFO DYNAMIC_DNS HTTP Request to a *.guitarasia .com Domain (info.rules)
  • 2053194 - ET INFO DYNAMIC_DNS Query to a *.ethoscg .net Domain (info.rules)
  • 2053195 - ET INFO DYNAMIC_DNS HTTP Request to a *.ethoscg .net Domain (info.rules)
  • 2053196 - ET INFO DYNAMIC_DNS Query to a *.macao .net Domain (info.rules)
  • 2053197 - ET INFO DYNAMIC_DNS HTTP Request to a *.macao .net Domain (info.rules)
  • 2053198 - ET INFO DYNAMIC_DNS Query to a *.zolik .com Domain (info.rules)
  • 2053199 - ET INFO DYNAMIC_DNS HTTP Request to a *.zolik .com Domain (info.rules)

Pro:

  • 2857077 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2857078 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2857079 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2857080 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2857081 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2857082 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2857083 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2857084 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2857085 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2857086 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2857087 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2857088 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2857089 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2857090 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound (phishing.rules)
  • 2857091 - ETPRO PHISHING JS/Psyduckpockeball CnC Exfiltration (phishing.rules)