Ruleset Update Summary - 2024/08/12 - v10664

rulesbot · August 12, 2024, 9:14pm

Summary:

39 new OPEN, 69 new PRO (39 + 30)

Thanks @pedrinazziM, SwissPostCybersecurity

Added rules:

Open:

2055207 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (informupdate .uno) (exploit_kit.rules)
2055208 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (informupdate .uno) (exploit_kit.rules)
2055209 - ET INFO Observed DNS Over HTTPS Domain (adguard .alu .dog) in TLS SNI (info.rules)
2055210 - ET INFO Observed DNS Over HTTPS Domain (dns .tsknf .net) in TLS SNI (info.rules)
2055211 - ET INFO Observed DNS Over HTTPS Domain (timedns .net) in TLS SNI (info.rules)
2055212 - ET INFO Observed DNS Over HTTPS Domain (adguard .ajinga .net) in TLS SNI (info.rules)
2055213 - ET INFO Observed DNS Over HTTPS Domain (dns .s0ra .asia) in TLS SNI (info.rules)
2055214 - ET INFO Observed DNS Over HTTPS Domain (linkdiscord .xyz) in TLS SNI (info.rules)
2055215 - ET INFO Observed DNS Over HTTPS Domain (www .zburger .top) in TLS SNI (info.rules)
2055216 - ET INFO Observed DNS Over HTTPS Domain (dns .zui .lol) in TLS SNI (info.rules)
2055217 - ET INFO Observed DNS Over HTTPS Domain (adguard .pangerl .it) in TLS SNI (info.rules)
2055218 - ET INFO Observed DNS Over HTTPS Domain (squidmall .vip) in TLS SNI (info.rules)
2055219 - ET INFO Observed DNS Over HTTPS Domain (dns .listo .click) in TLS SNI (info.rules)
2055220 - ET INFO Observed DNS Over HTTPS Domain (dns .propheci .xyz) in TLS SNI (info.rules)
2055221 - ET INFO Observed DNS Over HTTPS Domain (dns .edgeburnmedia .com) in TLS SNI (info.rules)
2055222 - ET MALWARE SocGholish CnC Domain in DNS (* .guide .borden-carleton .ca) (malware.rules)
2055223 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .guide .borden-carleton .ca) (malware.rules)
2055224 - ET INFO DYNAMIC_DNS Query to a * .caminolafusta .cl Domain (info.rules)
2055225 - ET INFO DYNAMIC_DNS HTTP Request to a * .caminolafusta .cl Domain (info.rules)
2055226 - ET INFO DYNAMIC_DNS Query to a * .pavlov .su Domain (info.rules)
2055227 - ET INFO DYNAMIC_DNS HTTP Request to a * .pavlov .su Domain (info.rules)
2055228 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cancedhoeysopzv .shop) (malware.rules)
2055229 - ET MALWARE Observed Lumma Stealer Related Domain (cancedhoeysopzv .shop in TLS SNI) (malware.rules)
2055230 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (enthusiandsi .shop) (malware.rules)
2055231 - ET MALWARE Observed Lumma Stealer Related Domain (enthusiandsi .shop in TLS SNI) (malware.rules)
2055232 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gxsicmj3l .top) (exploit_kit.rules)
2055233 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (legderlivesapp .online) (exploit_kit.rules)
2055234 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gxsicmj3l .top) (exploit_kit.rules)
2055235 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (legderlivesapp .online) (exploit_kit.rules)
2055236 - ET MALWARE ZPHP CnC Domain in DNS Lookup (k1gkl25as .top) (malware.rules)
2055237 - ET MALWARE ZPHP CnC Domain in TLS SNI (k1gkl25as .top) (malware.rules)
2055238 - ET MALWARE ZPHP CnC Domain in DNS Lookup (bet89on .store) (malware.rules)
2055239 - ET MALWARE ZPHP CnC Domain in TLS SNI (bet89on .store) (malware.rules)
2055240 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (brickedpack .com) (exploit_kit.rules)
2055241 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (losttwister .com) (exploit_kit.rules)
2055242 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (brickedpack .com) (exploit_kit.rules)
2055243 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (losttwister .com) (exploit_kit.rules)
2055244 - ET PHISHING TA453 Domain in DNS Lookup (deepspaceocean .info) (phishing.rules)
2055245 - ET PHISHING TA453 Domain in TLS SNI (deepspaceocean .info) (phishing.rules)

Pro:

2857865 - ETPRO MALWARE ForvwokeBot Exfil Activity (Response) (malware.rules)
2857872 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2857873 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857874 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2857875 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2857876 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2857877 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2857878 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2857879 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2857880 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2857881 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857882 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857883 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2857884 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2857885 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2857886 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2857887 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2857888 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2857889 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2857890 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2857891 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2857892 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2857893 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2857894 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2857895 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2857896 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2857897 - ETPRO MALWARE TA582 Domain in DNS Lookup (fpvuzhe73uz .top) (malware.rules)
2857898 - ETPRO MALWARE TA582 Domain in DNS Lookup (cmcebigeiajbfcb .top) (malware.rules)
2857899 - ETPRO PHISHING General Phishing Domain in DNS Lookup (l0gin-microsoftwebonlne .app) (phishing.rules)
2857900 - ETPRO PHISHING Observed General Phishing Domain (l0gin-microsoftwebonlne .app) in TLS SNI (phishing.rules)

Disabled and modified rules:

2856397 - ETPRO MALWARE Suspected TA453 Domain in TLS SNI (malware.rules)

Removed rules:

2856396 - ETPRO MALWARE Suspected TA453 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/07/18 - v10648 Ruleset Updates	109	July 18, 2024
Ruleset Update Summary - 2024/12/01 - v10766 Ruleset Updates	21	December 1, 2024
Ruleset Update Summary - 2024/01/31 - v10520 Ruleset Updates	365	January 31, 2024
Ruleset Update Summary - 2024/01/24 - v10513 Ruleset Updates	282	January 24, 2024
Ruleset Update Summary - 2023/10/26 - v10449 Ruleset Updates	293	October 26, 2023

Ruleset Update Summary - 2024/08/12 - v10664

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Removed rules:

Related topics