Ruleset Update Summary - 2024/08/21 - v10671

Ruleset Updates
1

Summary:

19 new OPEN, 32 new PRO (19 + 13)

Added rules:

Open:

  • 2055367 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (blueselectorpage .com) (exploit_kit.rules)
  • 2055368 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (taskscompletedlists .com) (exploit_kit.rules)
  • 2055369 - ET EXPLOIT_KIT Balada Domain in TLS SNI (blueselectorpage .com) (exploit_kit.rules)
  • 2055370 - ET EXPLOIT_KIT Balada Domain in TLS SNI (taskscompletedlists .com) (exploit_kit.rules)
  • 2055371 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (iprotosample .com) (exploit_kit.rules)
  • 2055372 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (iprotosample .com) (exploit_kit.rules)
  • 2055373 - ET INFO DYNAMIC_DNS Query to a * .lasboleras .com .ar Domain (info.rules)
  • 2055374 - ET INFO DYNAMIC_DNS HTTP Request to a * .lasboleras .com .ar Domain (info.rules)
  • 2055375 - ET INFO DYNAMIC_DNS Query to a * .flexiblegeeks .com Domain (info.rules)
  • 2055376 - ET INFO DYNAMIC_DNS HTTP Request to a * .flexiblegeeks .com Domain (info.rules)
  • 2055377 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (miracledzmnqwui .shop) (malware.rules)
  • 2055378 - ET MALWARE Observed Lumma Stealer Related Domain (miracledzmnqwui .shop in TLS SNI) (malware.rules)
  • 2055379 - ET MALWARE Cobalt Strike Malleable C2 (MSNBC Video Profile) (malware.rules)
  • 2055380 - ET MALWARE ZPHP CnC Domain in DNS Lookup (aweland .store) (malware.rules)
  • 2055381 - ET MALWARE ZPHP CnC Domain in TLS SNI (aweland .store) (malware.rules)
  • 2055382 - ET MALWARE Cobalt Strike Malleable C2 (Pandora Profile) (malware.rules)
  • 2055383 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (expertcloud .xyz) (exploit_kit.rules)
  • 2055384 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (expertcloud .xyz) (exploit_kit.rules)
  • 2055385 - ET MALWARE Possible Host Profile Exfiltration In Pipe Delimited Format (malware.rules)

Pro:

  • 2857984 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857985 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857986 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2857987 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2857988 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2857989 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2857990 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2857991 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2857992 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2857993 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858000 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2858001 - ETPRO EXPLOIT_KIT LandUpdate808 Stage 2 Request (exploit_kit.rules)
  • 2858002 - ETPRO MALWARE Win32/IllyrianStealer CnC Checkin (malware.rules)