Ruleset Update Summary - 2024/06/06 - v10611

rulesbot · June 6, 2024, 9:37pm

Summary:

47 new OPEN, 48 new PRO (47 + 1)

Added rules:

Open:

2053273 - ET MALWARE UNC1151 Related Domain in DNS Lookup (goudieelectric .shop) (malware.rules)
2053274 - ET MALWARE UNC1151 Related Domain in DNS Lookup (thevegan8 .shop) (malware.rules)
2053275 - ET MALWARE Observed UNC1151 Related Domain (goudieelectric .shop) in TLS SNI (malware.rules)
2053276 - ET MALWARE Observed UNC1151 Related Domain (thevegan8 .shop) in TLS SNI (malware.rules)
2053277 - ET MALWARE UNC1151 Payload Retrieval Attempt (malware.rules)
2053278 - ET MALWARE Silverfox Related Domain in DNS Lookup (uiekjxw .net) (malware.rules)
2053279 - ET MALWARE Silverfox Payload Retrieval Attempt (malware.rules)
2053280 - ET ADWARE_PUP Win32/OfferCore Checkin M1 (adware_pup.rules)
2053281 - ET INFO Commonly Actor Abused Online Service Domain (syncthing .net) (info.rules)
2053282 - ET INFO Commonly Actor Abused Online Service Domain (syncthing .net) (info.rules)
2053283 - ET ADWARE_PUP Win32/OfferCore Checkin M2 (adware_pup.rules)
2053284 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (greentastellesqwm .shop) (malware.rules)
2053285 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (innerverdanytiresw .shop) (malware.rules)
2053286 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (macabrecondfucews .shop) (malware.rules)
2053287 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (handsomelydicrwop .shop) (malware.rules)
2053288 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (standingcomperewhitwo .shop) (malware.rules)
2053289 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (distincttangyflippan .shop) (malware.rules)
2053290 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (stickyyummyskiwffe .shop) (malware.rules)
2053291 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (stronggemateraislw .shop) (malware.rules)
2053292 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (specialadventurousw .shop) (malware.rules)
2053293 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lamentablegapingkwaq .shop) (malware.rules)
2053294 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sturdyregularrmsnhw .shop) (malware.rules)
2053295 - ET MALWARE Observed Lumma Stealer Domain (greentastellesqwm .shop) in TLS SNI (malware.rules)
2053296 - ET MALWARE Observed Lumma Stealer Domain (innerverdanytiresw .shop) in TLS SNI (malware.rules)
2053297 - ET MALWARE Observed Lumma Stealer Domain (macabrecondfucews .shop) in TLS SNI (malware.rules)
2053298 - ET MALWARE Observed Lumma Stealer Domain (handsomelydicrwop .shop) in TLS SNI (malware.rules)
2053299 - ET MALWARE Observed Lumma Stealer Domain (standingcomperewhitwo .shop) in TLS SNI (malware.rules)
2053300 - ET MALWARE Observed Lumma Stealer Domain (distincttangyflippan .shop) in TLS SNI (malware.rules)
2053301 - ET MALWARE Observed Lumma Stealer Domain (stickyyummyskiwffe .shop) in TLS SNI (malware.rules)
2053302 - ET MALWARE Observed Lumma Stealer Domain (stronggemateraislw .shop) in TLS SNI (malware.rules)
2053303 - ET MALWARE Observed Lumma Stealer Domain (specialadventurousw .shop) in TLS SNI (malware.rules)
2053304 - ET MALWARE Observed Lumma Stealer Domain (lamentablegapingkwaq .shop) in TLS SNI (malware.rules)
2053305 - ET MALWARE Observed Lumma Stealer Domain (sturdyregularrmsnhw .shop) in TLS SNI (malware.rules)
2053306 - ET INFO Observed DNS over HTTPS Domain (doh .buzz) in TLS SNI (info.rules)
2053307 - ET INFO Observed DNS over HTTPS Domain (horus-team .com) in TLS SNI (info.rules)
2053308 - ET INFO Observed DNS over HTTPS Domain (dns .stevenz .net) in TLS SNI (info.rules)
2053309 - ET INFO Observed DNS over HTTPS Domain (dns .tesem .dog) in TLS SNI (info.rules)
2053310 - ET INFO Observed DNS over HTTPS Domain (agh .dshubham .xyz) in TLS SNI (info.rules)
2053311 - ET INFO Observed DNS over HTTPS Domain (dns .indust .me) in TLS SNI (info.rules)
2053312 - ET INFO Observed DNS over HTTPS Domain (oraclejp2 .chungyu .com) in TLS SNI (info.rules)
2053313 - ET INFO Observed DNS over HTTPS Domain (dns .kosan .moe) in TLS SNI (info.rules)
2053314 - ET INFO Observed DNS over HTTPS Domain (vpsus3 .pzhg .meat .pzhg .me) in TLS SNI (info.rules)
2053315 - ET INFO Observed DNS over HTTPS Domain (agh .kyusang .win) in TLS SNI (info.rules)
2053316 - ET INFO Observed DNS over HTTPS Domain (dns .npe .bz) in TLS SNI (info.rules)
2053317 - ET INFO Observed DNS over HTTPS Domain (c .cicitt .ch) in TLS SNI (info.rules)
2053318 - ET INFO Observed DNS over HTTPS Domain (adguard-kartoffel .zernico .de) in TLS SNI (info.rules)
2053319 - ET MALWARE HTTP Request to URL Ending in Payload .bin (malware.rules)

Pro:

2857157 - ETPRO MALWARE HTML/FakeOffice Payload Downloader (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	463	February 20, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	910	March 11, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	225	March 8, 2024
Ruleset Update Summary - 2024/05/15 - v10596 Ruleset Updates	187	May 15, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	330	January 25, 2024

Ruleset Update Summary - 2024/06/06 - v10611

Summary:

Added rules:

Open:

Pro:

Related Topics