Ruleset Update Summary - 2024/08/07 - v10661

Ruleset Updates
1

Summary:

73 new OPEN, 73 new PRO (73 + 0)

Thanks @anyrun_app

Added rules:

Open:

  • 2054969 - ET INFO URL Shortener Service Domain in DNS Lookup (redr .me) (info.rules)
  • 2054970 - ET INFO URL Shortener Service Domain in TLS SNI (redr .me) (info.rules)
  • 2054971 - ET PHISHING TA453 Domain in DNS Lookup (request-human-received .xyz) (phishing.rules)
  • 2054972 - ET PHISHING TA453 Domain in DNS Lookup (flow-exulltation-uplift .top) (phishing.rules)
  • 2054973 - ET PHISHING TA453 Domain in DNS Lookup (frame-roar-retire .top) (phishing.rules)
  • 2054974 - ET PHISHING TA453 Domain in DNS Lookup (house-server-digital .xyz) (phishing.rules)
  • 2054975 - ET PHISHING TA453 Domain in DNS Lookup (nail-forward-valid .lol) (phishing.rules)
  • 2054976 - ET PHISHING TA453 Domain in DNS Lookup (complete-telecom-operation .top) (phishing.rules)
  • 2054977 - ET PHISHING TA453 Domain in DNS Lookup (click-manage-room .cfd) (phishing.rules)
  • 2054978 - ET PHISHING TA453 Domain in DNS Lookup (click-choose-figured .cfd) (phishing.rules)
  • 2054979 - ET PHISHING TA453 Domain in DNS Lookup (review-continue-entered .cfd) (phishing.rules)
  • 2054980 - ET PHISHING TA453 Domain in TLS SNI (request-human-received .xyz) (phishing.rules)
  • 2054981 - ET PHISHING TA453 Domain in TLS SNI (flow-exulltation-uplift .top) (phishing.rules)
  • 2054982 - ET PHISHING TA453 Domain in TLS SNI (frame-roar-retire .top) (phishing.rules)
  • 2054983 - ET PHISHING TA453 Domain in TLS SNI (house-server-digital .xyz) (phishing.rules)
  • 2054984 - ET PHISHING TA453 Domain in TLS SNI (nail-forward-valid .lol) (phishing.rules)
  • 2054985 - ET PHISHING TA453 Domain in TLS SNI (complete-telecom-operation .top) (phishing.rules)
  • 2054986 - ET PHISHING TA453 Domain in TLS SNI (click-manage-room .cfd) (phishing.rules)
  • 2054987 - ET PHISHING TA453 Domain in TLS SNI (click-choose-figured .cfd) (phishing.rules)
  • 2054988 - ET PHISHING TA453 Domain in TLS SNI (review-continue-entered .cfd) (phishing.rules)
  • 2054989 - ET INFO Tunneling Service in DNS Lookup (* .ply .gg) (info.rules)
  • 2054990 - ET INFO Tunneling Service in TLS SNI (* .ply .gg) (info.rules)
  • 2054991 - ET INFO DYNAMIC_DNS Query to a * .hosts .name Domain (info.rules)
  • 2054992 - ET INFO DYNAMIC_DNS HTTP Request to a * .hosts .name Domain (info.rules)
  • 2054993 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ballottynsjm .shop) (malware.rules)
  • 2054994 - ET MALWARE Observed Lumma Stealer Related Domain (ballottynsjm .shop in TLS SNI) (malware.rules)
  • 2054995 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (demandlinzei .shop) (malware.rules)
  • 2054996 - ET MALWARE Observed Lumma Stealer Related Domain (demandlinzei .shop in TLS SNI) (malware.rules)
  • 2054997 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (technologggisp .shop) (malware.rules)
  • 2054998 - ET MALWARE Observed Lumma Stealer Related Domain (technologggisp .shop in TLS SNI) (malware.rules)
  • 2054999 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (whimiscallysmmzn .shop) (malware.rules)
  • 2055000 - ET MALWARE Observed Lumma Stealer Related Domain (whimiscallysmmzn .shop in TLS SNI) (malware.rules)
  • 2055001 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (alphawatchrmf .com) (exploit_kit.rules)
  • 2055002 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (alphawatchrmf .com) (exploit_kit.rules)
  • 2055003 - ET MALWARE DeerStealer CnC Activity M1 (malware.rules)
  • 2055004 - ET MALWARE DeerStealer CnC Activity M2 (malware.rules)
  • 2055005 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authentificatorgogle .com) (malware.rules)
  • 2055006 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authentifficatorgogle .com) (malware.rules)
  • 2055007 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authentificatorgoogle .com) (malware.rules)
  • 2055008 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authentificator-googl .com) (malware.rules)
  • 2055009 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authenticcator-descktop .com) (malware.rules)
  • 2055010 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authentificcatorgoolgle .com) (malware.rules)
  • 2055011 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (updater-pro .com) (malware.rules)
  • 2055012 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authenticattor-googl .com) (malware.rules)
  • 2055013 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (chromstore-authentificator .com) (malware.rules)
  • 2055014 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (paradiso4 .fun) (malware.rules)
  • 2055015 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (gg2024 .com) (malware.rules)
  • 2055016 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authenticator-googl .com) (malware.rules)
  • 2055017 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (vaniloin .fun) (malware.rules)
  • 2055018 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authenficatorgoogle .com) (malware.rules)
  • 2055019 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authentificator-gogle .com) (malware.rules)
  • 2055020 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (gg2024 .info) (malware.rules)
  • 2055021 - ET MALWARE DeerStealer CnC Domain in DNS Lookup (authetificator-gogle .com) (malware.rules)
  • 2055022 - ET MALWARE Observed DeerStealer Domain (authentificatorgogle .com in TLS SNI) (malware.rules)
  • 2055023 - ET MALWARE Observed DeerStealer Domain (authentifficatorgogle .com in TLS SNI) (malware.rules)
  • 2055024 - ET MALWARE Observed DeerStealer Domain (authentificatorgoogle .com in TLS SNI) (malware.rules)
  • 2055025 - ET MALWARE Observed DeerStealer Domain (authentificator-googl .com in TLS SNI) (malware.rules)
  • 2055026 - ET MALWARE Observed DeerStealer Domain (authenticcator-descktop .com in TLS SNI) (malware.rules)
  • 2055027 - ET MALWARE Observed DeerStealer Domain (authentificcatorgoolgle .com in TLS SNI) (malware.rules)
  • 2055028 - ET MALWARE Observed DeerStealer Domain (updater-pro .com in TLS SNI) (malware.rules)
  • 2055029 - ET MALWARE Observed DeerStealer Domain (authenticattor-googl .com in TLS SNI) (malware.rules)
  • 2055030 - ET MALWARE Observed DeerStealer Domain (chromstore-authentificator .com in TLS SNI) (malware.rules)
  • 2055031 - ET MALWARE Observed DeerStealer Domain (paradiso4 .fun in TLS SNI) (malware.rules)
  • 2055032 - ET MALWARE Observed DeerStealer Domain (gg2024 .com in TLS SNI) (malware.rules)
  • 2055033 - ET MALWARE Observed DeerStealer Domain (authenticator-googl .com in TLS SNI) (malware.rules)
  • 2055034 - ET MALWARE Observed DeerStealer Domain (vaniloin .fun in TLS SNI) (malware.rules)
  • 2055035 - ET MALWARE Observed DeerStealer Domain (authenficatorgoogle .com in TLS SNI) (malware.rules)
  • 2055036 - ET MALWARE Observed DeerStealer Domain (authentificator-gogle .com in TLS SNI) (malware.rules)
  • 2055037 - ET MALWARE Observed DeerStealer Domain (gg2024 .info in TLS SNI) (malware.rules)
  • 2055038 - ET MALWARE Observed DeerStealer Domain (authetificator-gogle .com in TLS SNI) (malware.rules)
  • 2055039 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (dais7nsa .lol) (exploit_kit.rules)
  • 2055040 - ET MALWARE DeerStealer Telegram Bot Response (malware.rules)
  • 2055041 - ET EXPLOIT_KIT ET EXPLOIT_KIT ClickFix Domain in TLS SNI (dais7nsa .lol) (exploit_kit.rules)

Enabled and modified rules:

  • 2006380 - ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted (policy.rules)