Summary:
27 new OPEN, 43 new PRO (27 + 16)
Added rules:
Open:
- 2055288 - ET MALWARE Quad7777 Botnet - Outbound Login Prompt from Compromised Endpoint (malware.rules)
- 2055289 - ET INFO DYNAMIC_DNS Query to a * .ekobilet .com .tr Domain (info.rules)
- 2055290 - ET INFO DYNAMIC_DNS HTTP Request to a * .ekobilet .com .tr Domain (info.rules)
- 2055291 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cagedwifedsozm .shop) (malware.rules)
- 2055292 - ET MALWARE Observed Lumma Stealer Related Domain (cagedwifedsozm .shop in TLS SNI) (malware.rules)
- 2055293 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (charecteristicdxp .shop) (malware.rules)
- 2055294 - ET MALWARE Observed Lumma Stealer Related Domain (charecteristicdxp .shop in TLS SNI) (malware.rules)
- 2055295 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (consciousourwi .shop) (malware.rules)
- 2055296 - ET MALWARE Observed Lumma Stealer Related Domain (consciousourwi .shop in TLS SNI) (malware.rules)
- 2055297 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deicedosmzj .shop) (malware.rules)
- 2055298 - ET MALWARE Observed Lumma Stealer Related Domain (deicedosmzj .shop in TLS SNI) (malware.rules)
- 2055299 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (interactiedovspm .shop) (malware.rules)
- 2055300 - ET MALWARE Observed Lumma Stealer Related Domain (interactiedovspm .shop in TLS SNI) (malware.rules)
- 2055301 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (potentioallykeos .shop) (malware.rules)
- 2055302 - ET MALWARE Observed Lumma Stealer Related Domain (potentioallykeos .shop in TLS SNI) (malware.rules)
- 2055303 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (southedhiscuso .shop) (malware.rules)
- 2055304 - ET MALWARE Observed Lumma Stealer Related Domain (southedhiscuso .shop in TLS SNI) (malware.rules)
- 2055305 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (torubleeodsmzo .shop) (malware.rules)
- 2055306 - ET MALWARE Observed Lumma Stealer Related Domain (torubleeodsmzo .shop in TLS SNI) (malware.rules)
- 2055307 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (weiggheticulop .shop) (malware.rules)
- 2055308 - ET MALWARE Observed Lumma Stealer Related Domain (weiggheticulop .shop in TLS SNI) (malware.rules)
- 2055309 - ET EXPLOIT OpenBMC slpd-lite Language Tag Length Memory Corruption Attempt (CVE-2024-41660) (exploit.rules)
- 2055310 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kirklareliliste .cfd) (exploit_kit.rules)
- 2055311 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (belvedereparkway .site) (exploit_kit.rules)
- 2055312 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kirklareliliste .cfd) (exploit_kit.rules)
- 2055313 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (belvedereparkway .site) (exploit_kit.rules)
- 2055314 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tlymxvx .top) (exploit_kit.rules)
Pro:
- 2857943 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
- 2857948 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2857949 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2857950 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2857951 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2857952 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2857953 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2857954 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2857955 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2857956 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2857957 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2857958 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2857959 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2857960 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2857963 - ETPRO HUNTING GoogleSheets API V4 Activity (Fetch Single Cell with A1 Notation) (hunting.rules)
- 2857964 - ETPRO HUNTING GoogleSheets API V4 Response (Single Cell with UUID) (hunting.rules)