Ruleset Update Summary - 2024/08/22 - v10672

Summary:

19 new OPEN, 21 new PRO (19 + 2)


Added rules:

Open:

  • 2055386 - ET MALWARE Observed Glupteba CnC Domain (statscreate .org in TLS SNI) (malware.rules)
  • 2055387 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (paperryszjxuo .shop) (malware.rules)
  • 2055388 - ET MALWARE Observed Lumma Stealer Related Domain (paperryszjxuo .shop in TLS SNI) (malware.rules)
  • 2055389 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (riffledopspzio .shop) (malware.rules)
  • 2055390 - ET MALWARE Observed Lumma Stealer Related Domain (riffledopspzio .shop in TLS SNI) (malware.rules)
  • 2055391 - ET MALWARE Qwerty Stealer CnC Domain in DNS Lookup (mailservicess .com) (malware.rules)
  • 2055392 - ET MALWARE Observed Qwerty Stealer Domain (mailservicess .com) in TLS SNI (malware.rules)
  • 2055393 - ET MALWARE Qwerty Stealer Data Exfiltration Attempt M1 (malware.rules)
  • 2055394 - ET MALWARE BlankGrabber Stealer Exfiltration via Discord (malware.rules)
  • 2055395 - ET MALWARE Qwerty Stealer Data Exfiltration Attempt M2 (malware.rules)
  • 2055396 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (queimaxofc .com) (exploit_kit.rules)
  • 2055397 - ET MALWARE Qwerty Stealer C2 Response (malware.rules)
  • 2055398 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (queimaxofc .com) (exploit_kit.rules)
  • 2055399 - ET MALWARE Possible RAZR Ransomware User-Agent Observed (malware.rules)
  • 2055400 - ET INFO Observed DNS Query to replit Hosting Domain (replit .dev) (info.rules)
  • 2055401 - ET MALWARE RAZR Ransomware CnC Checkin (malware.rules)
  • 2055402 - ET INFO Observed replit Domain (replit .dev in TLS SNI) (info.rules)
  • 2055403 - ET INFO Abused File Sharing Service (tempfiles .ninja) in DNS Lookup (info.rules)
  • 2055404 - ET INFO Observed Abused File Sharing Service Domain (tempfiles .ninja in TLS SNI) (info.rules)

Pro:

  • 2858005 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858006 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Enabled and modified rules:

  • 2857688 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857690 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)