Ruleset Update Summary - 2024/08/23 - v10673

rulesbot · August 23, 2024, 7:43pm

Summary:

65 new OPEN, 66 new PRO (65 + 1)

Thanks @ESET, @malwrhunterteam, @jeromesegura

Added rules:

Open:

2055405 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (codcraft .shop) (exploit_kit.rules)
2055406 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (codemingle .shop) (exploit_kit.rules)
2055407 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (datawiz .shop) (exploit_kit.rules)
2055408 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (deslgnpro .shop) (exploit_kit.rules)
2055409 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (happywave .shop) (exploit_kit.rules)
2055410 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckipath .shop) (exploit_kit.rules)
2055411 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (pixelsmith .shop) (exploit_kit.rules)
2055412 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (salesguru .online) (exploit_kit.rules)
2055413 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statlstic .shop) (exploit_kit.rules)
2055414 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statmaster .shop) (exploit_kit.rules)
2055415 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendset .website) (exploit_kit.rules)
2055416 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (vodog .shop) (exploit_kit.rules)
2055417 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artvislon .shop) (exploit_kit.rules)
2055418 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statistall .com) (exploit_kit.rules)
2055419 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (analytlx .shop) (exploit_kit.rules)
2055420 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (codcraft .shop) (exploit_kit.rules)
2055421 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (codemingle .shop) (exploit_kit.rules)
2055422 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (datawiz .shop) (exploit_kit.rules)
2055423 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (deslgnpro .shop) (exploit_kit.rules)
2055424 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (happywave .shop) (exploit_kit.rules)
2055425 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckipath .shop) (exploit_kit.rules)
2055426 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (pixelsmith .shop) (exploit_kit.rules)
2055427 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (salesguru .online) (exploit_kit.rules)
2055428 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statlstic .shop) (exploit_kit.rules)
2055429 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statmaster .shop) (exploit_kit.rules)
2055430 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendset .website) (exploit_kit.rules)
2055431 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (vodog .shop) (exploit_kit.rules)
2055432 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artvislon .shop) (exploit_kit.rules)
2055433 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statistall .com) (exploit_kit.rules)
2055434 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (analytlx .shop) (exploit_kit.rules)
2055435 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elmipardaz .com) (exploit_kit.rules)
2055436 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elmipardaz .com) (exploit_kit.rules)
2055437 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (skibidirizz .lol) (exploit_kit.rules)
2055438 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (skibidirizz .lol) (exploit_kit.rules)
2055439 - ET MALWARE Lumma Stealer Domain in DNS Lookup (fictionnykwop .shop) (malware.rules)
2055440 - ET MALWARE Lumma Stealer Domain in TLS SNI (fictionnykwop .shop) (malware.rules)
2055441 - ET MALWARE Cheana Stealer Domain in DNS Lookup (ganache .live) (malware.rules)
2055442 - ET MALWARE Cheana Stealer Domain in DNS Lookup (warpvpn .net) (malware.rules)
2055443 - ET MALWARE Observed Cheana Stealer Domain (ganache .live) in TLS SNI (malware.rules)
2055444 - ET MALWARE Observed Cheana Stealer Domain (warpvpn .net) in TLS SNI (malware.rules)
2055445 - ET MALWARE Cheana Stealer CnC Checkin (malware.rules)
2055446 - ET MALWARE Malicious Domain Observed in DNS Lookup (jslibc .com) (malware.rules)
2055447 - ET MALWARE Malicious Domain Observed in DNS Lookup (libjs .xyz) (malware.rules)
2055448 - ET MALWARE Observed Malicious Domain (jslibc .com in TLS SNI) (malware.rules)
2055449 - ET MALWARE Observed Malicious Domain (libjs .xyz in TLS SNI) (malware.rules)
2055450 - ET MALWARE Cheana Stealer Data Exfiltration Attempt (malware.rules)
2055451 - ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (rb-62d3a .tbc-app .life) (mobile_malware.rules)
2055452 - ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (rb .2f1c0b7d .tbc-app .life) (mobile_malware.rules)
2055453 - ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (geo-4bfa49b2 .tbc-app .life) (mobile_malware.rules)
2055454 - ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (csob-93ef49e7a .tbc-app .life) (mobile_malware.rules)
2055455 - ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (george .tbc-app .life) (mobile_malware.rules)
2055456 - ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (raiffeisen-cz .eu) (mobile_malware.rules)
2055457 - ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (client .nfcpay .workers .dev) (mobile_malware.rules)
2055458 - ET MOBILE_MALWARE Android/Ngate Domain in DNS Lookup (app .mobil-csob-cz .eu) (mobile_malware.rules)
2055459 - ET MOBILE_MALWARE Observed Android/Ngate Domain (rb-62d3a .tbc-app .life) in TLS SNI (mobile_malware.rules)
2055460 - ET MOBILE_MALWARE Observed Android/Ngate Domain (rb .2f1c0b7d .tbc-app .life) in TLS SNI (mobile_malware.rules)
2055461 - ET MOBILE_MALWARE Observed Android/Ngate Domain (geo-4bfa49b2 .tbc-app .life) in TLS SNI (mobile_malware.rules)
2055462 - ET MOBILE_MALWARE Observed Android/Ngate Domain (csob-93ef49e7a .tbc-app .life) in TLS SNI (mobile_malware.rules)
2055463 - ET MOBILE_MALWARE Observed Android/Ngate Domain (george .tbc-app .life) in TLS SNI (mobile_malware.rules)
2055464 - ET MOBILE_MALWARE Observed Android/Ngate Domain (raiffeisen-cz .eu) in TLS SNI (mobile_malware.rules)
2055465 - ET MOBILE_MALWARE Observed Android/Ngate Domain (client .nfcpay .workers .dev) in TLS SNI (mobile_malware.rules)
2055466 - ET MOBILE_MALWARE Observed Android/Ngate Domain (app .mobil-csob-cz .eu) in TLS SNI (mobile_malware.rules)
2055467 - ET MALWARE ELF/crond CnC Request (GET) (malware.rules)
2055468 - ET INFO Observed DNS Query to Pantheon Hosting Domain (pantheonsite .io) (info.rules)
2055469 - ET INFO Observed Pantheon Hosting Domain (pantheonsite .io in TLS SNI) (info.rules)

Pro:

2858015 - ETPRO EXPLOIT_KIT Credit Card Skimmer Middlewear Response (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/09/02 - v10679 Ruleset Updates	117	September 2, 2024
Ruleset Update Summary - 2024/09/04 - v10681 Ruleset Updates	71	September 4, 2024
Ruleset Update Summary - 2024/11/01 - v10733 Ruleset Updates	96	November 1, 2024
Ruleset Update Summary - 2023/08/10 - v10391 Ruleset Updates	255	August 10, 2023
Ruleset Update Summary - 2024/08/28 - v10676 Ruleset Updates	106	August 28, 2024

Ruleset Update Summary - 2024/08/23 - v10673

Summary:

Added rules:

Open:

Pro:

Related topics