Ruleset Update Summary - 2024/07/01 - v10632

rulesbot · July 1, 2024, 8:45pm

Summary:

46 new OPEN, 49 new PRO (46 + 3)

Added rules:

Open:

2027267 - ET INFO Possible Lateral Movement - File Creation Request in Remote System32 Directory (T1105) (info.rules)
2054173 - ET MALWARE Poseidon Stealer Data Exfiltration Attempt (malware.rules)
2054174 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (swellfrrgwwos .xyz) (malware.rules)
2054175 - ET MALWARE Observed Lumma Stealer Related Domain (swellfrrgwwos .xyz in TLS SNI) (malware.rules)
2054176 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pedestriankodwu .xyz) (malware.rules)
2054177 - ET MALWARE Observed Lumma Stealer Related Domain (pedestriankodwu .xyz in TLS SNI) (malware.rules)
2054178 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (towerxxuytwi .xyz) (malware.rules)
2054179 - ET MALWARE Observed Lumma Stealer Related Domain (towerxxuytwi .xyz in TLS SNI) (malware.rules)
2054180 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (contintnetksows .shop) (malware.rules)
2054181 - ET MALWARE Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) (malware.rules)
2054182 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (potterryisiw .shop) (malware.rules)
2054183 - ET MALWARE Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) (malware.rules)
2054184 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (foodypannyjsud .shop) (malware.rules)
2054185 - ET MALWARE Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) (malware.rules)
2054186 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ellaboratepwsz .xyz) (malware.rules)
2054187 - ET MALWARE Observed Lumma Stealer Related Domain (ellaboratepwsz .xyz in TLS SNI) (malware.rules)
2054188 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (penetratedpoopp .xyz) (malware.rules)
2054189 - ET MALWARE Observed Lumma Stealer Related Domain (penetratedpoopp .xyz in TLS SNI) (malware.rules)
2054190 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (flockkydwos .shop) (malware.rules)
2054191 - ET MALWARE Observed Lumma Stealer Related Domain (flockkydwos .shop in TLS SNI) (malware.rules)
2054192 - ET INFO DYNAMIC_DNS Query to a *.7s .com .tr Domain (info.rules)
2054193 - ET INFO DYNAMIC_DNS HTTP Request to a *.7s .com .tr Domain (info.rules)
2054194 - ET MALWARE SocGholish CnC Domain in DNS (* .fans .smalladventureguide .com) (malware.rules)
2054195 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .fans .smalladventureguide .com in TLS SNI) (malware.rules)
2054196 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frontendcodingtips .com) (exploit_kit.rules)
2054197 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frontendcodingtips .com) (exploit_kit.rules)
2054198 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (beetrootculture .com) (exploit_kit.rules)
2054199 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (propertyclosings .com) (exploit_kit.rules)
2054200 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (beetrootculture .com) (exploit_kit.rules)
2054201 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (propertyclosings .com) (exploit_kit.rules)
2054202 - ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (agov-ch .net) (malware.rules)
2054203 - ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (agov-ch .com) (malware.rules)
2054204 - ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (poseidon .cool) (malware.rules)
2054205 - ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (agovaccess-ch .com) (malware.rules)
2054206 - ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (agov-access .com) (malware.rules)
2054207 - ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (agov-access .net) (malware.rules)
2054208 - ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (register-agov .com) (malware.rules)
2054209 - ET MALWARE Poseidon Stealer Related Domain in DNS Lookup (register-agov .net) (malware.rules)
2054210 - ET MALWARE Observed Poseidon Stealer Related Domain (agov-ch .net) in TLS SNI (malware.rules)
2054211 - ET MALWARE Observed Poseidon Stealer Related Domain (agov-ch .com) in TLS SNI (malware.rules)
2054212 - ET MALWARE Observed Poseidon Stealer Related Domain (poseidon .cool) in TLS SNI (malware.rules)
2054213 - ET MALWARE Observed Poseidon Stealer Related Domain (agovaccess-ch .com) in TLS SNI (malware.rules)
2054214 - ET MALWARE Observed Poseidon Stealer Related Domain (agov-access .com) in TLS SNI (malware.rules)
2054215 - ET MALWARE Observed Poseidon Stealer Related Domain (agov-access .net) in TLS SNI (malware.rules)
2054216 - ET MALWARE Observed Poseidon Stealer Related Domain (register-agov .com) in TLS SNI (malware.rules)
2054217 - ET MALWARE Observed Poseidon Stealer Related Domain (register-agov .net) in TLS SNI (malware.rules)

Pro:

2857458 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2857459 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857460 - ETPRO MALWARE SocGholish CnC Initial Request M7 (malware.rules)

Removed rules:

2027267 - ET ATTACK_RESPONSE Possible Lateral Movement - File Creation Request in Remote System32 Directory (T1105) (attack_response.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	917	March 11, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	230	March 8, 2024
Ruleset Update Summary - 2024/07/26 - v10654 Ruleset Updates	99	July 26, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	331	January 25, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	474	February 20, 2024

Ruleset Update Summary - 2024/07/01 - v10632

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related Topics