Ruleset Update Summary - 2024/08/22 - v10672

rulesbot · August 22, 2024, 8:53pm

Summary:

19 new OPEN, 21 new PRO (19 + 2)

Added rules:

Open:

2055386 - ET MALWARE Observed Glupteba CnC Domain (statscreate .org in TLS SNI) (malware.rules)
2055387 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (paperryszjxuo .shop) (malware.rules)
2055388 - ET MALWARE Observed Lumma Stealer Related Domain (paperryszjxuo .shop in TLS SNI) (malware.rules)
2055389 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (riffledopspzio .shop) (malware.rules)
2055390 - ET MALWARE Observed Lumma Stealer Related Domain (riffledopspzio .shop in TLS SNI) (malware.rules)
2055391 - ET MALWARE Qwerty Stealer CnC Domain in DNS Lookup (mailservicess .com) (malware.rules)
2055392 - ET MALWARE Observed Qwerty Stealer Domain (mailservicess .com) in TLS SNI (malware.rules)
2055393 - ET MALWARE Qwerty Stealer Data Exfiltration Attempt M1 (malware.rules)
2055394 - ET MALWARE BlankGrabber Stealer Exfiltration via Discord (malware.rules)
2055395 - ET MALWARE Qwerty Stealer Data Exfiltration Attempt M2 (malware.rules)
2055396 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (queimaxofc .com) (exploit_kit.rules)
2055397 - ET MALWARE Qwerty Stealer C2 Response (malware.rules)
2055398 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (queimaxofc .com) (exploit_kit.rules)
2055399 - ET MALWARE Possible RAZR Ransomware User-Agent Observed (malware.rules)
2055400 - ET INFO Observed DNS Query to replit Hosting Domain (replit .dev) (info.rules)
2055401 - ET MALWARE RAZR Ransomware CnC Checkin (malware.rules)
2055402 - ET INFO Observed replit Domain (replit .dev in TLS SNI) (info.rules)
2055403 - ET INFO Abused File Sharing Service (tempfiles .ninja) in DNS Lookup (info.rules)
2055404 - ET INFO Observed Abused File Sharing Service Domain (tempfiles .ninja in TLS SNI) (info.rules)

Pro:

2858005 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858006 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Enabled and modified rules:

2857688 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857690 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	920	March 11, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	477	February 20, 2024
Ruleset Update Summary - 2024/07/26 - v10654 Ruleset Updates	101	July 26, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	231	March 8, 2024
Ruleset Update Summary - 2024/07/19 - v10649 Ruleset Updates	133	July 19, 2024

Ruleset Update Summary - 2024/08/22 - v10672

Summary:

Added rules:

Open:

Pro:

Enabled and modified rules:

Related Topics