Ruleset Update Summary - 2024/07/23 - v10651

Summary:

10 new OPEN, 27 new PRO (10 + 17)

Thanks @JAMESWT_MHT


Added rules:

Open:

  • 2054644 - ET MALWARE ZPHP CnC Domain in DNS Lookup (2n8rd3zz1 .top) (malware.rules)
  • 2054645 - ET MALWARE ZPHP CnC Domain in TLS SNI (2n8rd3zz1 .top) (malware.rules)
  • 2054646 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (coaching-the-boss .com) (exploit_kit.rules)
  • 2054647 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (knoxvillevideoproductions .com) (exploit_kit.rules)
  • 2054648 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (darchrif .com) (exploit_kit.rules)
  • 2054649 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (coaching-the-boss .com) (exploit_kit.rules)
  • 2054650 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (knoxvillevideoproductions .com) (exploit_kit.rules)
  • 2054651 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (darchrif .com) (exploit_kit.rules)
  • 2054652 - ET MALWARE Daolpu Stealer Data Exfiltration Attempt (malware.rules)
  • 2054653 - ET MALWARE Lumma Stealer CnC Host Checkin (malware.rules)

Pro:

  • 2857641 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2857642 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2857643 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2857644 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2857645 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2857646 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2857647 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2857648 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2857649 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2857650 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2857651 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2857652 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2857653 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2857654 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2857655 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2857656 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2857657 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)