Ruleset Update Summary - 2024/06/14 - v10618

Ruleset Updates
1

Summary:

31 new OPEN, 35 new PRO (31 + 4)

Added rules:

Open:

  • 2022115 - ET INFO Serialized Java Object Calling Common Collection Function (info.rules)
  • 2053667 - ET PHISHING Generic Credential Phish Landing Page 2024-06-13 (phishing.rules)
  • 2053668 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (richardflorespoew .shop) (malware.rules)
  • 2053669 - ET MALWARE Observed Lumma Stealer Related Domain (richardflorespoew .shop in TLS SNI) (malware.rules)
  • 2053670 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (strwawrunnygjwu .shop) (malware.rules)
  • 2053671 - ET MALWARE Observed Lumma Stealer Related Domain (strwawrunnygjwu .shop in TLS SNI) (malware.rules)
  • 2053672 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (justifycanddidatewd .shop) (malware.rules)
  • 2053673 - ET MALWARE Observed Lumma Stealer Related Domain (justifycanddidatewd .shop in TLS SNI) (malware.rules)
  • 2053674 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (raiseboltskdlwpow .shop) (malware.rules)
  • 2053675 - ET MALWARE Observed Lumma Stealer Related Domain (raiseboltskdlwpow .shop in TLS SNI) (malware.rules)
  • 2053676 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (falseaudiencekd .shop) (malware.rules)
  • 2053677 - ET MALWARE Observed Lumma Stealer Related Domain (falseaudiencekd .shop in TLS SNI) (malware.rules)
  • 2053678 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pleasurenarrowsdla .shop) (malware.rules)
  • 2053679 - ET MALWARE Observed Lumma Stealer Related Domain (pleasurenarrowsdla .shop in TLS SNI) (malware.rules)
  • 2053680 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (feighminoritsjda .shop) (malware.rules)
  • 2053681 - ET MALWARE Observed Lumma Stealer Related Domain (feighminoritsjda .shop in TLS SNI) (malware.rules)
  • 2053682 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (marathonbeedksow .shop) (malware.rules)
  • 2053683 - ET MALWARE Observed Lumma Stealer Related Domain (marathonbeedksow .shop in TLS SNI) (malware.rules)
  • 2053684 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (flimsybrieffykmew .shop) (malware.rules)
  • 2053685 - ET MALWARE Observed Lumma Stealer Related Domain (flimsybrieffykmew .shop in TLS SNI) (malware.rules)
  • 2053686 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cottageaskyflolewk .shop) (malware.rules)
  • 2053687 - ET MALWARE Observed Lumma Stealer Related Domain (cottageaskyflolewk .shop in TLS SNI) (malware.rules)
  • 2053688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (feckwear .com) (exploit_kit.rules)
  • 2053689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (feckwear .com) (exploit_kit.rules)
  • 2053690 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (cococuy8 .xyz) (exploit_kit.rules)
  • 2053691 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (x52op6gt0i .xyz) (exploit_kit.rules)
  • 2053692 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (cococuy8 .xyz) (exploit_kit.rules)
  • 2053693 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (x52op6gt0i .xyz) (exploit_kit.rules)
  • 2053694 - ET MALWARE Win64/TrojanDownloader.Agent.AUO User Agent (malware.rules)
  • 2053695 - ET INFO QR Code Generator Domain in DNS Lookup (qrfy .io) (info.rules)
  • 2053696 - ET INFO Observed QR Code Generator Domain (qrfy .io in TLS SNI) (info.rules)

Pro:

  • 2857208 - ETPRO MALWARE UNK_CopperClucker Domain in DNS Lookup (malware.rules)
  • 2857209 - ETPRO MALWARE UNK_CopperClucker Domain in DNS Lookup (malware.rules)
  • 2857210 - ETPRO MALWARE Observed UNK_CopperClucker Domain in TLS SNI (malware.rules)
  • 2857211 - ETPRO MALWARE Observed UNK_CopperClucker Domain in TLS SNI (malware.rules)

Removed rules:

  • 2022115 - ET EXPLOIT Serialized Java Object Calling Common Collection Function (exploit.rules)