Ruleset Update Summary - 2024/06/28 - v10631

rulesbot · June 28, 2024, 8:43pm

Summary:

68 new OPEN, 70 new PRO (68 + 2)

Added rules:

Open:

2054105 - ET MALWARE Malicious Typo Squatting Domain in DNS Lookup (putyy .org) (malware.rules)
2054106 - ET MALWARE Malicious Typo Squatting Domain in DNS Lookup (wnscp .net) (malware.rules)
2054107 - ET MALWARE Malicious Typo Squatting Domain in DNS Lookup (puttyy .org) (malware.rules)
2054108 - ET MALWARE Malicious Typo Squatting Domain in DNS Lookup (puutty .org) (malware.rules)
2054109 - ET MALWARE Observed Malicious Typo Squatting Domain (putyy .org) in TLS SNI (malware.rules)
2054110 - ET MALWARE Observed Malicious Typo Squatting Domain (wnscp .net) in TLS SNI (malware.rules)
2054111 - ET MALWARE Observed Malicious Typo Squatting Domain (puttyy .org) in TLS SNI (malware.rules)
2054112 - ET MALWARE Observed Malicious Typo Squatting Domain (puutty .org) in TLS SNI (malware.rules)
2054113 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (daslkjfhi2 .shop) (exploit_kit.rules)
2054114 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (daslkjfhi2 .shop) (exploit_kit.rules)
2054115 - ET INFO DYNAMIC_DNS Query to a *.bakkoda .com Domain (info.rules)
2054116 - ET INFO DYNAMIC_DNS HTTP Request to a *.bakkoda .com Domain (info.rules)
2054117 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deadtrainingactioniw .xyz) (malware.rules)
2054118 - ET MALWARE Observed Lumma Stealer Related Domain (deadtrainingactioniw .xyz in TLS SNI) (malware.rules)
2054119 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (qualificationjdwko .xyz) (malware.rules)
2054120 - ET MALWARE Observed Lumma Stealer Related Domain (qualificationjdwko .xyz in TLS SNI) (malware.rules)
2054121 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (grandcommonyktsju .xyz) (malware.rules)
2054122 - ET MALWARE Observed Lumma Stealer Related Domain (grandcommonyktsju .xyz in TLS SNI) (malware.rules)
2054123 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (wordingnatturedowo .xyz) (malware.rules)
2054124 - ET MALWARE Observed Lumma Stealer Related Domain (wordingnatturedowo .xyz in TLS SNI) (malware.rules)
2054125 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (crisisrottenyjs .xyz) (malware.rules)
2054126 - ET MALWARE Observed Lumma Stealer Related Domain (crisisrottenyjs .xyz in TLS SNI) (malware.rules)
2054127 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sweetcalcutangkdow .xyz) (malware.rules)
2054128 - ET MALWARE Observed Lumma Stealer Related Domain (sweetcalcutangkdow .xyz in TLS SNI) (malware.rules)
2054129 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cooperatvassquaidmew .xyz) (malware.rules)
2054130 - ET MALWARE Observed Lumma Stealer Related Domain (cooperatvassquaidmew .xyz in TLS SNI) (malware.rules)
2054131 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (exuberanttjdkwo .xyz) (malware.rules)
2054132 - ET MALWARE Observed Lumma Stealer Related Domain (exuberanttjdkwo .xyz in TLS SNI) (malware.rules)
2054133 - ET MALWARE ZPHP CnC Domain in DNS Lookup (helpcenter .cyou) (malware.rules)
2054134 - ET MALWARE ZPHP CnC Domain in TLS SNI (helpcenter .cyou) (malware.rules)
2054135 - ET INFO External IP Lookup Domain in DNS Lookup (ipecho .net) (info.rules)
2054136 - ET INFO External IP Lookup Domain in DNS Lookup (whatismyip .akamai .com) (info.rules)
2054137 - ET INFO External IP Lookup Domain in DNS Lookup (ifconfig .io) (info.rules)
2054138 - ET INFO External IP Lookup Domain in DNS Lookup (ipcalf .com) (info.rules)
2054139 - ET INFO External IP Lookup Domain in DNS Lookup (tnx .nl) (info.rules)
2054140 - ET INFO External IP Lookup Domain in DNS Lookup (checkip .amazonaws .com) (info.rules)
2054141 - ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com) (info.rules)
2054142 - ET INFO External IP Lookup Domain in DNS Lookup (ip .liquidweb .com) (info.rules)
2054143 - ET INFO External IP Lookup Domain in DNS Lookup (ipaddress .sh) (info.rules)
2054144 - ET INFO External IP Lookup Domain in DNS Lookup (ipaddr .site) (info.rules)
2054145 - ET INFO External IP Lookup Domain in DNS Lookup (ip .tyk .nu) (info.rules)
2054146 - ET INFO External IP Lookup Domain in DNS Lookup (ifconfig .co) (info.rules)
2054147 - ET INFO External IP Lookup Domain in DNS Lookup (wgetip .com) (info.rules)
2054148 - ET INFO External IP Lookup Domain in DNS Lookup (echoip .de) (info.rules)
2054149 - ET INFO External IP Lookup Domain in DNS Lookup (ifconfig .es) (info.rules)
2054150 - ET INFO Observed External IP Lookup Domain (ipecho .net) in TLS SNI (info.rules)
2054151 - ET INFO Observed External IP Lookup Domain (whatismyip .akamai .com) in TLS SNI (info.rules)
2054152 - ET INFO Observed External IP Lookup Domain (ifconfig .io) in TLS SNI (info.rules)
2054153 - ET INFO Observed External IP Lookup Domain (ipcalf .com) in TLS SNI (info.rules)
2054154 - ET INFO Observed External IP Lookup Domain (tnx .nl) in TLS SNI (info.rules)
2054155 - ET INFO Observed External IP Lookup Domain (checkip .amazonaws .com) in TLS SNI (info.rules)
2054156 - ET INFO Observed External IP Lookup Domain (ip-api .com) in TLS SNI (info.rules)
2054157 - ET INFO Observed External IP Lookup Domain (ip .liquidweb .com) in TLS SNI (info.rules)
2054158 - ET INFO Observed External IP Lookup Domain (ipaddress .sh) in TLS SNI (info.rules)
2054159 - ET INFO Observed External IP Lookup Domain (ipaddr .site) in TLS SNI (info.rules)
2054160 - ET INFO Observed External IP Lookup Domain (ip .tyk .nu) in TLS SNI (info.rules)
2054161 - ET INFO Observed External IP Lookup Domain (ifconfig .co) in TLS SNI (info.rules)
2054162 - ET INFO Observed External IP Lookup Domain (wgetip .com) in TLS SNI (info.rules)
2054163 - ET INFO Observed External IP Lookup Domain (echoip .de) in TLS SNI (info.rules)
2054164 - ET INFO Observed External IP Lookup Domain (ifconfig .es) in TLS SNI (info.rules)
2054165 - ET INFO External IP Lookup Domain in DNS Lookup (ident .me) (info.rules)
2054166 - ET INFO Observed External IP Lookup Domain (ident .me) in TLS SNI (info.rules)
2054167 - ET INFO External IP Lookup Domain in DNS Lookup (2ip .ru) (info.rules)
2054168 - ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io) (info.rules)
2054169 - ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com) (info.rules)
2054170 - ET INFO External IP Lookup Domain in DNS Lookup (whatismyipaddress .com) (info.rules)
2054171 - ET INFO Observed External IP Lookup Domain (curlmyip .net) in TLS SNI (info.rules)
2054172 - ET INFO Observed External IP Lookup Domain (eth0 .me) in TLS SNI (info.rules)

Pro:

2857358 - ETPRO EXPLOIT_KIT ClickFix HTML Script Inject (exploit_kit.rules)
2857457 - ETPRO EXPLOIT_KIT ClearFake HTML Script Inject M3 (exploit_kit.rules)

Disabled and modified rules:

2052233 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gnoticiasimparciais .com) (exploit_kit.rules)
2052234 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gnoticiasimparciais .com) (exploit_kit.rules)
2052274 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (ipscanadvsf .com) (exploit_kit.rules)
2052275 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (ipscanadvsf .com) (exploit_kit.rules)
2052286 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (nanoderecho .com) (exploit_kit.rules)
2052287 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pixelread .com) (exploit_kit.rules)
2052288 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (nanoderecho .com) (exploit_kit.rules)
2052289 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pixelread .com) (exploit_kit.rules)
2052294 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .demo .betterbuiltdogs .com) (malware.rules)
2052295 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .demo .betterbuiltdogs .com) (malware.rules)
2855516 - ETPRO EXPLOIT_KIT RogueRaticate POST to .CSS (exploit_kit.rules)
2856099 - ETPRO EXPLOIT_KIT ZPHP Lure Request M4 (exploit_kit.rules)
2856579 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
2856592 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
2856619 - ETPRO MALWARE TA582 Domain in HTTP HOST (malware.rules)
2857177 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	331	March 25, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	960	March 11, 2024
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	129	November 12, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	360	January 25, 2024
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	95	December 26, 2024

Ruleset Update Summary - 2024/06/28 - v10631

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics