Ruleset Update Summary - 2024/08/20 - v10670

Summary:

13 new OPEN, 14 new PRO (13 + 1)

Thanks @symantec


Added rules:

Open:

  • 2055354 - ET INFO Commonly Abused Service in DNS Lookup (tempfiles .ninja) (info.rules)
  • 2055355 - ET INFO Observed Commonly Abused Service Domain (tempfiles .ninja) in TLS SNI (info.rules)
  • 2055356 - ET MALWARE Cobalt Strike Malleable C2 (Amazon Profile) (malware.rules)
  • 2055357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cafeespeciales .com) (exploit_kit.rules)
  • 2055358 - ET MALWARE Cobalt Strike Malleable C2 (Google Drive Profile) (malware.rules)
  • 2055359 - ET MALWARE Win32/Backdoor.Msupedge CnC Domain in DNS Lookup (ctl .msedgeapi .net) (malware.rules)
  • 2055360 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cafeespeciales .com) (exploit_kit.rules)
  • 2055361 - ET MALWARE Lumma Stealer Domain in DNS Lookup (drinnkysoapmzv .shop) (malware.rules)
  • 2055362 - ET MALWARE Lumma Stealer Domain in DNS Lookup (spoortsiso .shop) (malware.rules)
  • 2055363 - ET MALWARE Lumma Stealer Domain in DNS Lookup (uttercarrigsno .shop) (malware.rules)
  • 2055364 - ET MALWARE Lumma Stealer Domain in TLS SNI (drinnkysoapmzv .shop) (malware.rules)
  • 2055365 - ET MALWARE Lumma Stealer Domain in TLS SNI (spoortsiso .shop) (malware.rules)
  • 2055366 - ET MALWARE Lumma Stealer Domain in TLS SNI (uttercarrigsno .shop) (malware.rules)

Pro:

  • 2857977 - ETPRO MALWARE Mozilla User-Agent to ipify Potential Tempest CnC (Mozilla/5.0) (malware.rules)

Disabled and modified rules:

  • 2053786 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (intensedefense300 .com) (exploit_kit.rules)
  • 2053787 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (intensedefense300 .com) (exploit_kit.rules)
  • 2856581 - ETPRO MALWARE CleanupLoader CnC Domain in DNS Lookup (malware.rules)
  • 2856582 - ETPRO MALWARE CleanupLoader CnC Domain in DNS Lookup (malware.rules)
  • 2857815 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)