Ruleset Update Summary - 2024/07/23 - v10651

rulesbot · July 23, 2024, 8:38pm

Summary:

10 new OPEN, 27 new PRO (10 + 17)

Thanks @JAMESWT_MHT

2054644 - ET MALWARE ZPHP CnC Domain in DNS Lookup (2n8rd3zz1 .top) (malware.rules)
2054645 - ET MALWARE ZPHP CnC Domain in TLS SNI (2n8rd3zz1 .top) (malware.rules)
2054646 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coaching-the-boss .com) (exploit_kit.rules)
2054647 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (knoxvillevideoproductions .com) (exploit_kit.rules)
2054648 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (darchrif .com) (exploit_kit.rules)
2054649 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coaching-the-boss .com) (exploit_kit.rules)
2054650 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (knoxvillevideoproductions .com) (exploit_kit.rules)
2054651 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (darchrif .com) (exploit_kit.rules)
2054652 - ET MALWARE Daolpu Stealer Data Exfiltration Attempt (malware.rules)
2054653 - ET MALWARE Lumma Stealer CnC Host Checkin (malware.rules)

2857641 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2857642 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857643 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2857644 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2857645 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2857646 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2857647 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2857648 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2857649 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2857650 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857651 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2857652 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2857653 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2857654 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2857655 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2857656 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2857657 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/07/05 - v10639 Ruleset Updates	137	July 5, 2024
Ruleset Update Summary - 2024/07/11 - v10643 Ruleset Updates	84	July 11, 2024
Ruleset Update Summary - 2024/08/26 - v10674 Ruleset Updates	127	August 26, 2024
Ruleset Update Summary - 2024/02/19 - v10535 Ruleset Updates	464	February 19, 2024
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	169	July 15, 2024