Ruleset Update Summary - 2024/07/08 - v10640

rulesbot · July 8, 2024, 9:35pm

Summary:

54 new OPEN, 61 new PRO (54 + 7)

Thanks @Jane_0sint

Added rules:

Open:

2033076 - ET INFO Observed File Transfer Service SSL/TLS Certificate (transfer .sh) (info.rules)
2054354 - ET MALWARE SocGholish CnC Domain in DNS (* .parish .chuathuongxot .org) (malware.rules)
2054355 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .parish .chuathuongxot .org) (malware.rules)
2054356 - ET INFO DYNAMIC_DNS Query to a *.ro0t .hm Domain (info.rules)
2054357 - ET INFO DYNAMIC_DNS HTTP Request to a *.ro0t .hm Domain (info.rules)
2054358 - ET INFO DYNAMIC_DNS Query to a *.ittelecom .pl Domain (info.rules)
2054359 - ET INFO DYNAMIC_DNS HTTP Request to a *.ittelecom .pl Domain (info.rules)
2054360 - ET INFO DYNAMIC_DNS Query to a *.mechtronics .net Domain (info.rules)
2054361 - ET INFO DYNAMIC_DNS HTTP Request to a *.mechtronics .net Domain (info.rules)
2054362 - ET INFO DYNAMIC_DNS Query to a *.mega-link .cl Domain (info.rules)
2054363 - ET INFO DYNAMIC_DNS HTTP Request to a *.mega-link .cl Domain (info.rules)
2054364 - ET INFO DYNAMIC_DNS Query to a *.cnew .ir Domain (info.rules)
2054365 - ET INFO DYNAMIC_DNS HTTP Request to a *.cnew .ir Domain (info.rules)
2054366 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (arritswpoewroso .shop) (malware.rules)
2054367 - ET MALWARE Observed Lumma Stealer Related Domain (arritswpoewroso .shop in TLS SNI) (malware.rules)
2054368 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (dancecmapleadsjwk .shop) (malware.rules)
2054369 - ET MALWARE Observed Lumma Stealer Related Domain (dancecmapleadsjwk .shop in TLS SNI) (malware.rules)
2054370 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (gogobad .fun) (malware.rules)
2054371 - ET MALWARE Observed Lumma Stealer Related Domain (gogobad .fun in TLS SNI) (malware.rules)
2054372 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (curtainjors .fun) (malware.rules)
2054373 - ET MALWARE Observed Lumma Stealer Related Domain (curtainjors .fun in TLS SNI) (malware.rules)
2054374 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (civilizzzationo .shop) (malware.rules)
2054375 - ET MALWARE Observed Lumma Stealer Related Domain (civilizzzationo .shop in TLS SNI) (malware.rules)
2054376 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (citizencenturygoodwk .shop) (malware.rules)
2054377 - ET MALWARE Observed Lumma Stealer Related Domain (citizencenturygoodwk .shop in TLS SNI) (malware.rules)
2054378 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (filesoftdownload .shop) (exploit_kit.rules)
2054379 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (filesoftdownload .shop) (exploit_kit.rules)
2054380 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (busbookingjbg .com) (exploit_kit.rules)
2054381 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (busbookingjbg .com) (exploit_kit.rules)
2054382 - ET MALWARE Cryptbot CnC DGA Domain (one1) (malware.rules)
2054383 - ET MALWARE Cryptbot CnC DGA Domain (two2) (malware.rules)
2054384 - ET MALWARE Cryptbot CnC DGA Domain (thre3) (malware.rules)
2054385 - ET MALWARE Cryptbot CnC DGA Domain (for4) (malware.rules)
2054386 - ET MALWARE Cryptbot CnC DGA Domain (five5) (malware.rules)
2054387 - ET MALWARE Cryptbot CnC DGA Domain (six6) (malware.rules)
2054388 - ET MALWARE Cryptbot CnC DGA Domain (seven7) (malware.rules)
2054389 - ET MALWARE Cryptbot CnC DGA Domain (eight8) (malware.rules)
2054390 - ET MALWARE Cryptbot CnC DGA Domain (nine9) (malware.rules)
2054391 - ET MALWARE Cryptbot CnC DGA Domain (ten10) (malware.rules)
2054392 - ET MALWARE Cryptbot CnC DGA Domain (elev11) (malware.rules)
2054393 - ET MALWARE Cryptbot CnC DGA Domain (twel12) (malware.rules)
2054394 - ET MALWARE Cryptbot CnC DGA Domain (thirt13) (malware.rules)
2054395 - ET MALWARE Cryptbot CnC DGA Domain (fourteen14) (malware.rules)
2054396 - ET MALWARE Cryptbot CnC DGA Domain (fifteen15) (malware.rules)
2054397 - ET MALWARE Cryptbot CnC DGA Domain (fift15) (malware.rules)
2054398 - ET MALWARE Cryptbot CnC DGA Domain (sixt16) (malware.rules)
2054399 - ET MALWARE Cryptbot CnC DGA Domain (sevt17) (malware.rules)
2054400 - ET MALWARE Cryptbot CnC DGA Domain (eight18) (malware.rules)
2054401 - ET MALWARE Cryptbot CnC DGA Domain (ninet19) (malware.rules)
2054402 - ET MALWARE Cryptbot CnC DGA Domain (fourt14) (malware.rules)
2054403 - ET MALWARE Cryptbot CnC DGA Domain (sev7) (malware.rules)
2054404 - ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI) (malware.rules)
2054405 - ET INFO HTTP GET for JPG File (flowbit set) (info.rules)
2054406 - ET HUNTING Server Responding to JPG Request with Fake JPG Structure (hunting.rules)

Pro:

2857521 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857522 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857523 - ETPRO MALWARE TA425 Domain in DNS Lookup (malware.rules)
2857524 - ETPRO MALWARE TA425 Domain in DNS Lookup (malware.rules)
2857525 - ETPRO MALWARE TA425 Domain in TLS SNI (malware.rules)
2857526 - ETPRO MALWARE TA425 Domain in TLS SNI (malware.rules)
2857527 - ETPRO MALWARE TA422 Payload Delivery via Deceptive HTML href M1 (malware.rules)

Removed rules:

2033076 - ET MALWARE Observed File Transfer Service SSL/TLS Certificate (transfer .sh) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/11/04 - v10734 Ruleset Updates	78	November 4, 2024
Ruleset Update Summary - 2024/08/19 - v10669 Ruleset Updates	112	August 19, 2024
Ruleset Update Summary - 2024/10/28 - v10729 Ruleset Updates	79	October 28, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	336	January 25, 2024
Ruleset Update Summary - 2024/07/22 - v10650 Ruleset Updates	75	July 22, 2024

Ruleset Update Summary - 2024/07/08 - v10640

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related topics