Ruleset Update Summary - 2024/08/15 - v10667

Ruleset Updates
1

Summary:

20 new OPEN, 23 new PRO (20 + 3)

Added rules:

Open:

  • 2055268 - ET INFO DYNAMIC_DNS Query to a * .mrdev .com .ar Domain (info.rules)
  • 2055269 - ET INFO DYNAMIC_DNS HTTP Request to a * .mrdev .com .ar Domain (info.rules)
  • 2055270 - ET INFO DYNAMIC_DNS Query to a * .gingertom .com Domain (info.rules)
  • 2055271 - ET INFO DYNAMIC_DNS HTTP Request to a * .gingertom .com Domain (info.rules)
  • 2055272 - ET INFO DYNAMIC_DNS Query to a * .hauganslekt .no Domain (info.rules)
  • 2055273 - ET INFO DYNAMIC_DNS HTTP Request to a * .hauganslekt .no Domain (info.rules)
  • 2055274 - ET INFO DYNAMIC_DNS Query to a * .backriverphotography .com Domain (info.rules)
  • 2055275 - ET INFO DYNAMIC_DNS HTTP Request to a * .backriverphotography .com Domain (info.rules)
  • 2055276 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (roundpleaddso .shop) (malware.rules)
  • 2055277 - ET MALWARE Observed Lumma Stealer Related Domain (roundpleaddso .shop in TLS SNI) (malware.rules)
  • 2055278 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (slamcopynammeks .shop) (malware.rules)
  • 2055279 - ET MALWARE Observed Lumma Stealer Related Domain (slamcopynammeks .shop in TLS SNI) (malware.rules)
  • 2055280 - ET MALWARE OldGremlin/TA801 Domain in DNS Lookup (diadok .net) (malware.rules)
  • 2055281 - ET MALWARE OldGremlin/TA801 Domain in TLS SNI (diadok .net) (malware.rules)
  • 2055282 - ET MALWARE OldGremlin/TA801 Domain in DNS Lookup (1cbit .org) (malware.rules)
  • 2055283 - ET MALWARE OldGremlin/TA801 Domain in TLS SNI (1cbit .org) (malware.rules)
  • 2055284 - ET MALWARE OldGremlin/TA801 Domain in DNS Lookup (diadok-documentscdn .c688de .com) (malware.rules)
  • 2055285 - ET MALWARE OldGremlin/TA801 Domain in TLS SNI (diadok-documentscdn .c688de .com) (malware.rules)
  • 2055286 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tylmxvx .top) (exploit_kit.rules)
  • 2055287 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tylmxvx .top) (exploit_kit.rules)

Pro:

  • 2857938 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2857940 - ETPRO MALWARE Malicious Download Domain in DNS Lookup (malware.rules)
  • 2857941 - ETPRO MALWARE Malicious Download Domain in TLS SNI (malware.rules)