Ruleset Update Summary - 2024/07/19 - v10649

rulesbot · July 19, 2024, 8:53pm

Summary:

35 new OPEN, 35 new PRO (35 + 0)

Added rules:

Open:

2054585 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (chhimi .com) (exploit_kit.rules)
2054586 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (chhimi .com) (exploit_kit.rules)
2054587 - ET MALWARE ZPHP CnC Domain in DNS Lookup (3hhr8h2hx .top) (malware.rules)
2054588 - ET MALWARE ZPHP CnC Domain in TLS SNI (3hhr8h2hx .top) (malware.rules)
2054589 - ET MALWARE Lumma Stealer Domain in DNS Lookup (indexterityszcoxp .shop) (malware.rules)
2054590 - ET MALWARE Lumma Stealer Domain in DNS Lookup (lariatedzugspd .shop) (malware.rules)
2054591 - ET MALWARE Lumma Stealer Domain in DNS Lookup (callosallsaospz .shop) (malware.rules)
2054592 - ET MALWARE Lumma Stealer Domain in DNS Lookup (outpointsozp .shop) (malware.rules)
2054593 - ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop) (malware.rules)
2054594 - ET MALWARE Lumma Stealer Domain in DNS Lookup (upknittsoappz .shop) (malware.rules)
2054595 - ET MALWARE Lumma Stealer Domain in DNS Lookup (shepherdlyopzc .shop) (malware.rules)
2054596 - ET MALWARE Lumma Stealer Domain in DNS Lookup (unseaffarignsk .shop) (malware.rules)
2054597 - ET MALWARE Lumma Stealer Domain in DNS Lookup (flydryszxo .shop) (malware.rules)
2054598 - ET MALWARE Lumma Stealer Domain in DNS Lookup (edificedcampslzi .shop) (malware.rules)
2054599 - ET MALWARE Lumma Stealer Domain in DNS Lookup (stckeringdkzpx .shop) (malware.rules)
2054600 - ET MALWARE Lumma Stealer Domain in TLS SNI (indexterityszcoxp .shop) (malware.rules)
2054601 - ET MALWARE Lumma Stealer Domain in TLS SNI (lariatedzugspd .shop) (malware.rules)
2054602 - ET MALWARE Lumma Stealer Domain in TLS SNI (callosallsaospz .shop) (malware.rules)
2054603 - ET MALWARE Lumma Stealer Domain in TLS SNI (outpointsozp .shop) (malware.rules)
2054604 - ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) (malware.rules)
2054605 - ET MALWARE Lumma Stealer Domain in TLS SNI (upknittsoappz .shop) (malware.rules)
2054606 - ET MALWARE Lumma Stealer Domain in TLS SNI (shepherdlyopzc .shop) (malware.rules)
2054607 - ET MALWARE Lumma Stealer Domain in TLS SNI (unseaffarignsk .shop) (malware.rules)
2054608 - ET MALWARE Lumma Stealer Domain in TLS SNI (flydryszxo .shop) (malware.rules)
2054609 - ET MALWARE Lumma Stealer Domain in TLS SNI (edificedcampslzi .shop) (malware.rules)
2054610 - ET MALWARE Lumma Stealer Domain in TLS SNI (stckeringdkzpx .shop) (malware.rules)
2054611 - ET INFO Observed DNS Over HTTPS Domain (dns .keviland .com) in TLS SNI (info.rules)
2054612 - ET INFO Observed DNS Over HTTPS Domain (doh .javi .lat) in TLS SNI (info.rules)
2054613 - ET INFO Observed DNS Over HTTPS Domain (3dcosas .xyz) in TLS SNI (info.rules)
2054614 - ET INFO Observed DNS Over HTTPS Domain (adguard .tldn .org) in TLS SNI (info.rules)
2054615 - ET INFO Observed DNS Over HTTPS Domain (mendozasdelivery .com) in TLS SNI (info.rules)
2054616 - ET MALWARE Win32/saolei CnC Host Checkin (malware.rules)
2054617 - ET MALWARE Remcos CnC Domain in DNS Lookup (jesusgabrielahumadalora09 .con-ip .com) (malware.rules)
2054618 - ET MALWARE Observed Remcos Domain (jesusgabrielahumadalora09 .con-ip .com in TLS SNI) (malware.rules)
2054619 - ET ATTACK_RESPONSE Covenant .NET Framework SSL/TLS Certificate Observed (attack_response.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/07/05 - v10639 Ruleset Updates	132	July 5, 2024
Ruleset Update Summary - 2024/04/01 - v10564 Ruleset Updates	210	April 1, 2024
Ruleset Update Summary - 2024/08/22 - v10672 Ruleset Updates	57	August 22, 2024
Ruleset Update Summary - 2024/02/05 - v10524 Ruleset Updates	427	February 5, 2024
Ruleset Update Summary - 2024/08/26 - v10674 Ruleset Updates	83	August 26, 2024

Ruleset Update Summary - 2024/07/19 - v10649

Summary:

Added rules:

Open:

Related Topics