Ruleset Update Summary - 2024/06/26 - v10629

rulesbot · June 26, 2024, 9:10pm

Summary:

189 new OPEN, 192 new PRO (189 + 3)

Thanks @GroupIB, @JasonMilletary

Added rules:

Open:

2053885 - ET MALWARE Polyfill Malicious Redirect Attempt M1 (malware.rules)
2053886 - ET MALWARE Polyfill Malicious Redirect Attempt M2 (malware.rules)
2053887 - ET MALWARE Polyfill Malicious Redirect Attempt M3 (malware.rules)
2053888 - ET MALWARE Polyfill Malicious Redirect Domain in DNS Lookup (www .googie-anaiytics .com) (malware.rules)
2053889 - ET MALWARE Polyfill Malicious Redirect Domain in DNS Lookup (kuurza .com) (malware.rules)
2053890 - ET MALWARE Polyfill Malicious Redirect Domain (www .googie-anaiytics .com) in TLS SNI (malware.rules)
2053891 - ET MALWARE Polyfill Malicious Redirect Domain (kuurza .com) in TLS SNI (malware.rules)
2053892 - ET INFO Suspicious Domain (polyfill .io) in DNS Lookup (info.rules)
2053893 - ET INFO Suspicious Domain (polyfill .io) in TLS SNI (info.rules)
2053894 - ET INFO Pastebin-like Service Domain in DNS Lookup (jsfiddle .net) (info.rules)
2053895 - ET INFO Pastebin-like Service Domain in DNS Lookup (jsbin .com) (info.rules)
2053896 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .jp) (info.rules)
2053897 - ET INFO Pastebin-like Service Domain in DNS Lookup (www .paste .lv) (info.rules)
2053898 - ET INFO Pastebin-like Service Domain in DNS Lookup (bpa .st) (info.rules)
2053899 - ET INFO Pastebin-like Service Domain in DNS Lookup (dotnetfiddle .net) (info.rules)
2053900 - ET INFO Pastebin-like Service Domain in DNS Lookup (ide .geeksforgeeks .org) (info.rules)
2053901 - ET INFO Pastebin-like Service Domain in DNS Lookup (pastelink .net) (info.rules)
2053902 - ET INFO Pastebin-like Service Domain in DNS Lookup (tny .cz) (info.rules)
2053903 - ET INFO Pastebin-like Service Domain in DNS Lookup (cryptpad .piratenpartei-bw .de) (info.rules)
2053904 - ET INFO Pastebin-like Service Domain in DNS Lookup (cryptpad .piratenpartei .de) (info.rules)
2053905 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste-bin .xyz) (info.rules)
2053906 - ET INFO Pastebin-like Service Domain in DNS Lookup (notes .io) (info.rules)
2053907 - ET INFO Pastebin-like Service Domain in DNS Lookup (cryptpad .malacher .fr) (info.rules)
2053908 - ET INFO Pastebin-like Service Domain in DNS Lookup (www .pastebin .pt) (info.rules)
2053909 - ET INFO Pastebin-like Service Domain in DNS Lookup (cl1p .net) (info.rules)
2053910 - ET INFO Pastebin-like Service Domain in DNS Lookup (dpaste .com) (info.rules)
2053911 - ET INFO Pastebin-like Service Domain in DNS Lookup (commie .io) (info.rules)
2053912 - ET INFO Pastebin-like Service Domain in DNS Lookup (ideone .com) (info.rules)
2053913 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .mozilla .org) (info.rules)
2053914 - ET INFO Pastebin-like Service Domain in DNS Lookup (n0paste .tk) (info.rules)
2053915 - ET INFO Pastebin-like Service Domain in DNS Lookup (pastebin .fi) (info.rules)
2053916 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .centos .org) (info.rules)
2053917 - ET INFO Pastebin-like Service Domain in DNS Lookup (p .ip .fi) (info.rules)
2053918 - ET INFO Pastebin-like Service Domain in DNS Lookup (cutapaste .net) (info.rules)
2053919 - ET INFO Pastebin-like Service Domain in DNS Lookup (cryptpad .bolha .tools) (info.rules)
2053920 - ET INFO Pastebin-like Service Domain in DNS Lookup (notes .dunst .be) (info.rules)
2053921 - ET INFO Pastebin-like Service Domain in DNS Lookup (www .paste4btc .com) (info.rules)
2053922 - ET INFO Pastebin-like Service Domain in DNS Lookup (pastebin .osuosl .org) (info.rules)
2053923 - ET INFO Pastebin-like Service Domain in DNS Lookup (dpaste .org) (info.rules)
2053924 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .sh) (info.rules)
2053925 - ET INFO Pastebin-like Service Domain in DNS Lookup (ivpaste .com) (info.rules)
2053926 - ET INFO Pastebin-like Service Domain in DNS Lookup (cryptpad .disroot .org) (info.rules)
2053927 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ofcode .org) (info.rules)
2053928 - ET INFO Pastebin-like Service Domain in DNS Lookup (codeshare .io) (info.rules)
2053929 - ET INFO Pastebin-like Service Domain in DNS Lookup (privatebin .net) (info.rules)
2053930 - ET INFO Pastebin-like Service Domain in DNS Lookup (jpst .it) (info.rules)
2053931 - ET INFO Pastebin-like Service Domain in DNS Lookup (bitbin .it) (info.rules)
2053932 - ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .io) (info.rules)
2053933 - ET INFO Pastebin-like Service Domain in DNS Lookup (cryptpad .fr) (info.rules)
2053934 - ET INFO Pastebin-like Service Domain in DNS Lookup (justpaste .me) (info.rules)
2053935 - ET INFO Pastebin-like Service Domain in DNS Lookup (quickhighlighter .com) (info.rules)
2053936 - ET INFO Pastebin-like Service Domain in DNS Lookup (pad .envs .net) (info.rules)
2053937 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .sr .ht) (info.rules)
2053938 - ET INFO Pastebin-like Service Domain in DNS Lookup (pasted .co) (info.rules)
2053939 - ET INFO Pastebin-like Service Domain in DNS Lookup (friendpaste .com) (info.rules)
2053940 - ET INFO Pastebin-like Service Domain in DNS Lookup (tutpaste .com) (info.rules)
2053941 - ET INFO Pastebin-like Service Domain in DNS Lookup (nekobin .com) (info.rules)
2053942 - ET INFO Pastebin-like Service Domain in DNS Lookup (cryptpad .private .coffee) (info.rules)
2053943 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste2 .org) (info.rules)
2053944 - ET INFO Pastebin-like Service Domain in DNS Lookup (pastecode .dev) (info.rules)
2053945 - ET INFO Pastebin-like Service Domain in DNS Lookup (controlc .com) (info.rules)
2053946 - ET INFO Pastebin-like Service Domain in DNS Lookup (codebeautify .org) (info.rules)
2053947 - ET INFO Observed Pastebin-like Service Domain (jsfiddle .net) in TLS SNI (info.rules)
2053948 - ET INFO Observed Pastebin-like Service Domain (jsbin .com) in TLS SNI (info.rules)
2053949 - ET INFO Observed Pastebin-like Service Domain (paste .jp) in TLS SNI (info.rules)
2053950 - ET INFO Observed Pastebin-like Service Domain (www .paste .lv) in TLS SNI (info.rules)
2053951 - ET INFO Observed Pastebin-like Service Domain (bpa .st) in TLS SNI (info.rules)
2053952 - ET INFO Observed Pastebin-like Service Domain (dotnetfiddle .net) in TLS SNI (info.rules)
2053953 - ET INFO Observed Pastebin-like Service Domain (ide .geeksforgeeks .org) in TLS SNI (info.rules)
2053954 - ET INFO Observed Pastebin-like Service Domain (pastelink .net) in TLS SNI (info.rules)
2053955 - ET INFO Observed Pastebin-like Service Domain (tny .cz) in TLS SNI (info.rules)
2053956 - ET INFO Observed Pastebin-like Service Domain (cryptpad .piratenpartei-bw .de) in TLS SNI (info.rules)
2053957 - ET INFO Observed Pastebin-like Service Domain (cryptpad .piratenpartei .de) in TLS SNI (info.rules)
2053958 - ET INFO Observed Pastebin-like Service Domain (paste-bin .xyz) in TLS SNI (info.rules)
2053959 - ET INFO Observed Pastebin-like Service Domain (notes .io) in TLS SNI (info.rules)
2053960 - ET INFO Observed Pastebin-like Service Domain (cryptpad .malacher .fr) in TLS SNI (info.rules)
2053961 - ET INFO Observed Pastebin-like Service Domain (www .pastebin .pt) in TLS SNI (info.rules)
2053962 - ET INFO Observed Pastebin-like Service Domain (cl1p .net) in TLS SNI (info.rules)
2053963 - ET INFO Observed Pastebin-like Service Domain (dpaste .com) in TLS SNI (info.rules)
2053964 - ET INFO Observed Pastebin-like Service Domain (commie .io) in TLS SNI (info.rules)
2053965 - ET INFO Observed Pastebin-like Service Domain (ideone .com) in TLS SNI (info.rules)
2053966 - ET INFO Observed Pastebin-like Service Domain (paste .mozilla .org) in TLS SNI (info.rules)
2053967 - ET INFO Observed Pastebin-like Service Domain (n0paste .tk) in TLS SNI (info.rules)
2053968 - ET INFO Observed Pastebin-like Service Domain (pastebin .fi) in TLS SNI (info.rules)
2053969 - ET INFO Observed Pastebin-like Service Domain (paste .centos .org) in TLS SNI (info.rules)
2053970 - ET INFO Observed Pastebin-like Service Domain (p .ip .fi) in TLS SNI (info.rules)
2053971 - ET INFO Observed Pastebin-like Service Domain (cutapaste .net) in TLS SNI (info.rules)
2053972 - ET INFO Observed Pastebin-like Service Domain (cryptpad .bolha .tools) in TLS SNI (info.rules)
2053973 - ET INFO Observed Pastebin-like Service Domain (notes .dunst .be) in TLS SNI (info.rules)
2053974 - ET INFO Observed Pastebin-like Service Domain (www .paste4btc .com) in TLS SNI (info.rules)
2053975 - ET INFO Observed Pastebin-like Service Domain (pastebin .osuosl .org) in TLS SNI (info.rules)
2053976 - ET INFO Observed Pastebin-like Service Domain (dpaste .org) in TLS SNI (info.rules)
2053977 - ET INFO Observed Pastebin-like Service Domain (paste .sh) in TLS SNI (info.rules)
2053978 - ET INFO Observed Pastebin-like Service Domain (ivpaste .com) in TLS SNI (info.rules)
2053979 - ET INFO Observed Pastebin-like Service Domain (cryptpad .disroot .org) in TLS SNI (info.rules)
2053980 - ET INFO Observed Pastebin-like Service Domain (paste .ofcode .org) in TLS SNI (info.rules)
2053981 - ET INFO Observed Pastebin-like Service Domain (codeshare .io) in TLS SNI (info.rules)
2053982 - ET INFO Observed Pastebin-like Service Domain (privatebin .net) in TLS SNI (info.rules)
2053983 - ET INFO Observed Pastebin-like Service Domain (jpst .it) in TLS SNI (info.rules)
2053984 - ET INFO Observed Pastebin-like Service Domain (bitbin .it) in TLS SNI (info.rules)
2053985 - ET INFO Observed Pastebin-like Service Domain (pastecode .io) in TLS SNI (info.rules)
2053986 - ET INFO Observed Pastebin-like Service Domain (cryptpad .fr) in TLS SNI (info.rules)
2053987 - ET INFO Observed Pastebin-like Service Domain (justpaste .me) in TLS SNI (info.rules)
2053988 - ET INFO Observed Pastebin-like Service Domain (quickhighlighter .com) in TLS SNI (info.rules)
2053989 - ET INFO Observed Pastebin-like Service Domain (pad .envs .net) in TLS SNI (info.rules)
2053990 - ET INFO Observed Pastebin-like Service Domain (paste .sr .ht) in TLS SNI (info.rules)
2053991 - ET INFO Observed Pastebin-like Service Domain (pasted .co) in TLS SNI (info.rules)
2053992 - ET INFO Observed Pastebin-like Service Domain (friendpaste .com) in TLS SNI (info.rules)
2053993 - ET INFO Observed Pastebin-like Service Domain (tutpaste .com) in TLS SNI (info.rules)
2053994 - ET INFO Observed Pastebin-like Service Domain (nekobin .com) in TLS SNI (info.rules)
2053995 - ET INFO Observed Pastebin-like Service Domain (cryptpad .private .coffee) in TLS SNI (info.rules)
2053996 - ET INFO Observed Pastebin-like Service Domain (paste2 .org) in TLS SNI (info.rules)
2053997 - ET INFO Observed Pastebin-like Service Domain (pastecode .dev) in TLS SNI (info.rules)
2053998 - ET INFO Observed Pastebin-like Service Domain (controlc .com) in TLS SNI (info.rules)
2053999 - ET INFO Observed Pastebin-like Service Domain (codebeautify .org) in TLS SNI (info.rules)
2054000 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (surprisedscaledowp .xyz) (malware.rules)
2054001 - ET MALWARE Observed Lumma Stealer Related Domain (surprisedscaledowp .xyz in TLS SNI) (malware.rules)
2054002 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fiondationkvowos .xyz) (malware.rules)
2054003 - ET MALWARE Observed Lumma Stealer Related Domain (fiondationkvowos .xyz in TLS SNI) (malware.rules)
2054004 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (voyagedprivillywk .xyz) (malware.rules)
2054005 - ET MALWARE Observed Lumma Stealer Related Domain (voyagedprivillywk .xyz in TLS SNI) (malware.rules)
2054006 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (singerreasonnbasldd .xyz) (malware.rules)
2054007 - ET MALWARE Observed Lumma Stealer Related Domain (singerreasonnbasldd .xyz in TLS SNI) (malware.rules)
2054008 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (clerkpolicemandwusi .xyz) (malware.rules)
2054009 - ET MALWARE Observed Lumma Stealer Related Domain (clerkpolicemandwusi .xyz in TLS SNI) (malware.rules)
2054010 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (spitechallengddwlsv .xyz) (malware.rules)
2054011 - ET MALWARE Observed Lumma Stealer Related Domain (spitechallengddwlsv .xyz in TLS SNI) (malware.rules)
2054012 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (matterrydamagedowkds .xyz) (malware.rules)
2054013 - ET MALWARE Observed Lumma Stealer Related Domain (matterrydamagedowkds .xyz in TLS SNI) (malware.rules)
2054014 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (varitycookypowerw .xyz) (malware.rules)
2054015 - ET MALWARE Observed Lumma Stealer Related Domain (varitycookypowerw .xyz in TLS SNI) (malware.rules)
2054016 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (peasanthovecapspll .shop) (malware.rules)
2054017 - ET MALWARE Observed Lumma Stealer Related Domain (peasanthovecapspll .shop in TLS SNI) (malware.rules)
2054018 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (vesselcultiralkettlw .shop) (malware.rules)
2054019 - ET MALWARE Observed Lumma Stealer Related Domain (vesselcultiralkettlw .shop in TLS SNI) (malware.rules)
2054020 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (online-vip-dating .com) (malware.rules)
2054021 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (face-your-dreams .com) (malware.rules)
2054022 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (onlinechatconnections .com) (malware.rules)
2054023 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (silver-dates .com) (malware.rules)
2054024 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (matchingsingles .net) (malware.rules)
2054025 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (vipchattingonline .com) (malware.rules)
2054026 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (click4chatting .com) (malware.rules)
2054027 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (pegasusdate .com) (malware.rules)
2054028 - ET MALWARE DNS Query to Wordpress Social Warfare Plugin Exploit Related Domain (dateyourlove .live) (malware.rules)
2054029 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (cejecuu4 .xyz) (exploit_kit.rules)
2054030 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (cejecuu4 .xyz) (exploit_kit.rules)
2054031 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (performanscore .com) (exploit_kit.rules)
2054032 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (performanscore .com) (exploit_kit.rules)
2054033 - ET INFO Pastebin-like Service Domain in DNS Lookup (vpaste .net) (info.rules)
2054034 - ET INFO Pastebin-like Service Domain in DNS Lookup (pastebin .fr) (info.rules)
2054035 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (face-your-dreams .com in TLS SNI) (malware.rules)
2054036 - ET INFO Pastebin-like Service Domain in DNS Lookup (jsitor .com) (info.rules)
2054037 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .org .ru) (info.rules)
2054038 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (silver-dates .com in TLS SNI) (malware.rules)
2054039 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .rohitab .com) (info.rules)
2054040 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (matchingsingles .net in TLS SNI) (malware.rules)
2054041 - ET INFO Pastebin-like Service Domain in DNS Lookup (paste .ee) (info.rules)
2054042 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (vipchattingonline .com in TLS SNI) (malware.rules)
2054043 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (click4chatting .com in TLS SNI) (malware.rules)
2054044 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (pegasusdate .com in TLS SNI) (malware.rules)
2054045 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (dateyourlove .live in TLS SNI) (malware.rules)
2054046 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (matchingsingles .net in TLS SNI) (malware.rules)
2054047 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (onlinechatconnections .com in TLS SNI) (malware.rules)
2054048 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (face-your-dreams .com in TLS SNI) (malware.rules)
2054049 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (dateyourlove .live in TLS SNI) (malware.rules)
2054050 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (online-vip-dating .com in TLS SNI) (malware.rules)
2054051 - ET MALWARE Observed Wordpress Social Warfare Plugin Exploit Related Domain (silver-dates .com in TLS SNI) (malware.rules)
2054052 - ET INFO Pastebin-like Service in DNS Lookup (pastie .org) (info.rules)
2054053 - ET MALWARE BMANAGER CnC Domain in DNS Lookup (1-update-soft .com) (malware.rules)
2054054 - ET MALWARE BMANAGER CnC Domain in DNS Lookup (beonlineboo .com) (malware.rules)
2054055 - ET MALWARE BMANAGER CnC Domain in DNS Lookup (boolka .tk) (malware.rules)
2054056 - ET MALWARE BMANAGER CnC Domain in DNS Lookup (boolka24 .tk) (malware.rules)
2054057 - ET INFO Observed Pastebin-like Service Domain (hastebin .com) in TLS SNI (info.rules)
2054058 - ET MALWARE BMANAGER CnC Domain in DNS Lookup (update-brower .com) (malware.rules)
2054059 - ET INFO Observed Pastebin-like Service Domain (paste .debian .net) in TLS SNI (info.rules)
2054060 - ET MALWARE Observed BMANAGER Domain (1-update-soft .com in TLS SNI) (malware.rules)
2054061 - ET MALWARE Observed BMANAGER Domain (beonlineboo .com in TLS SNI) (malware.rules)
2054062 - ET MALWARE Observed BMANAGER Domain (boolka .tk in TLS SNI) (malware.rules)
2054063 - ET MALWARE Observed BMANAGER Domain (boolka24 .tk in TLS SNI) (malware.rules)
2054064 - ET MALWARE Observed BMANAGER Domain (updatebrower .com in TLS SNI) (malware.rules)
2054065 - ET MALWARE Observed BMANAGER Domain (update-brower .com in TLS SNI) (malware.rules)
2054066 - ET MALWARE BMANAGER CnC Domain in DNS Lookup (updatebrower .com) (malware.rules)
2054067 - ET MALWARE Sniffthem/Tnaket Trojan CnC Domain in DNS Lookup (lsrael .today) (malware.rules)
2054068 - ET MALWARE Observed Sniffthem/Tnaket Trojan Domain (lsrael .today) in TLS SNI (malware.rules)
2054069 - ET MALWARE Possible Sniffthem/Tnaket User-Agent Observed M1 (malware.rules)
2054070 - ET MALWARE Possible Sniffthem/Tnaket User-Agent Observed M2 (malware.rules)
2054071 - ET MALWARE Possible Sniffthem/Tnaket User-Agent Observed M3 (malware.rules)
2054072 - ET MALWARE Possible Sniffthem/Tnaket Payload Retrieval Attempt (malware.rules)
2054073 - ET MALWARE Possible Sniffthem/Tnaket CnC Checkin (malware.rules)

Pro:

2857351 - ETPRO EXPLOIT Ollama Directory Traversal Attempt Inbound (CVE-2024-37032) (exploit.rules)
2857352 - ETPRO PHISHING Casino Phishing Related Domain in DNS Lookup (phishing.rules)
2857353 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound (61eb3) (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/04/29 - v10585 Ruleset Updates	273	April 29, 2024
Ruleset Update Summary - 2023/09/19 - v10420 Ruleset Updates	264	September 19, 2023
Ruleset Update Summary - 2023/09/05 - v10410 Ruleset Updates	283	September 5, 2023
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	349	November 22, 2023
Ruleset Update Summary - 2024/05/29 - v10605 Ruleset Updates	240	May 29, 2024

Ruleset Update Summary - 2024/06/26 - v10629

Summary:

Added rules:

Open:

Pro:

Related topics