Ruleset Update Summary - 2024/07/29 - v10655

rulesbot · July 29, 2024, 8:45pm

Summary:

39 new OPEN, 52 new PRO (39 + 13)

Thanks @1ZRR4H, @naumovax, @VirITeXplorer, @Walmarttech

ETOPEN/ETPRO Customers: Please be aware that Friday August 2nd is a Proofpoint company holiday, There will not be a daily rule release that day. Daily rule releases will continue the following Monday, August 5th.

Added rules:

Open:

2054712 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (astronomicspace .com) (exploit_kit.rules)
2054713 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (saxymiss .com) (exploit_kit.rules)
2054714 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (astronomicspace .com) (exploit_kit.rules)
2054715 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (saxymiss .com) (exploit_kit.rules)
2054716 - ET MALWARE ZPHP CnC Domain in DNS Lookup (c08d .top) (malware.rules)
2054717 - ET MALWARE ZPHP CnC Domain in TLS SNI (c08d .top) (malware.rules)
2054718 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (packedbrick .com) (exploit_kit.rules)
2054719 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (packedbrick .com) (exploit_kit.rules)
2054720 - ET MALWARE SocGholish CnC Domain in DNS (* .living .miraclesofeucharisticjesus .org) (malware.rules)
2054721 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .living .miraclesofeucharisticjesus .org) (malware.rules)
2054722 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (kaminiasbbefow .shop) (malware.rules)
2054723 - ET MALWARE Observed Lumma Stealer Related Domain (kaminiasbbefow .shop in TLS SNI) (malware.rules)
2054724 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (oventoolyeditiiow .xyz) (malware.rules)
2054725 - ET MALWARE Observed Lumma Stealer Related Domain (oventoolyeditiiow .xyz in TLS SNI) (malware.rules)
2054726 - ET MALWARE EncryptHub Stealer Host Details Exfil via Telegram (POST) (malware.rules)
2054727 - ET MALWARE Observed DNS Query to EncryptHub Stealer Payload Domain (win-rar .co) (malware.rules)
2054728 - ET MALWARE Observed EncryptHub Stealer Domain (win-rar .co in TLS SNI) (malware.rules)
2054729 - ET MALWARE 9002 RAT CnC Activity (POST) (malware.rules)
2054730 - ET MALWARE DNS Query to 9002 RAT Domain (meeting .equitaligaiustizia .it) (malware.rules)
2054731 - ET MALWARE DNS Query to 9002 RAT Domain (themicrosoftnow .com) (malware.rules)
2054732 - ET MALWARE Observed 9002 RAT Domain (meeting .equitaligaiustizia .it in TLS SNI) (malware.rules)
2054733 - ET MALWARE Observed 9002 RAT Domain (themicrosoftnow .com in TLS SNI) (malware.rules)
2054734 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (msfw .store) (malware.rules)
2054735 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mafw .store) (malware.rules)
2054736 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (aerofly .live) (malware.rules)
2054737 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (dison .live) (malware.rules)
2054738 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (wesco .live) (malware.rules)
2054739 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mfsc .live) (malware.rules)
2054740 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (mamore .live) (malware.rules)
2054741 - ET MALWARE Zloader Related CnC Domain in DNS Lookup (jesko .live) (malware.rules)
2054742 - ET MALWARE Observed Zloader Related Domain (jesko .live in TLS SNI) (malware.rules)
2054743 - ET MALWARE Observed Zloader Related Domain (mfsc .live in TLS SNI) (malware.rules)
2054744 - ET MALWARE Observed Zloader Related Domain (msfw .store in TLS SNI) (malware.rules)
2054745 - ET MALWARE Observed Zloader Related Domain (wesco .live in TLS SNI) (malware.rules)
2054746 - ET MALWARE Observed Zloader Related Domain (aerofly .live in TLS SNI) (malware.rules)
2054747 - ET MALWARE Observed Zloader Related Domain (mamore .live in TLS SNI) (malware.rules)
2054748 - ET MALWARE Observed Zloader Related Domain (mafw .store in TLS SNI) (malware.rules)
2054749 - ET MALWARE Observed Zloader Related Domain (dison .live in TLS SNI) (malware.rules)
2054750 - ET MALWARE PshellBkdr C2 Traffic Known Authorization Bearer in HTTP Request (POST) (malware.rules)

Pro:

2857675 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857676 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857677 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857678 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857679 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2857680 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2857681 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857682 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2857683 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2857684 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2857685 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2857686 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2857687 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/07/30 - v10656 Ruleset Updates	98	July 30, 2024
Ruleset Update Summary - 2024/07/31 - v10657 Ruleset Updates	87	July 31, 2024
Ruleset Update Summary - 2024/10/10 - v10718 Ruleset Updates	81	October 10, 2024
Ruleset Update Summary - 2024/10/08 - v10716 Ruleset Updates	64	October 8, 2024
Ruleset Update Summary - 2023/08/01 - v10385 Ruleset Updates	390	August 1, 2023

Ruleset Update Summary - 2024/07/29 - v10655

Summary:

Added rules:

Open:

Pro:

Related Topics