Ruleset Update Summary - 2024/08/26 - v10674

Ruleset Updates
1

Summary:

52 new OPEN, 60 new PRO (52 + 8)

Thanks @CadoSecurity, @TheDFIRReport

Added rules:

Open:

  • 2055470 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (birddogerc .com) (exploit_kit.rules)
  • 2055471 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (birddogerc .com) (exploit_kit.rules)
  • 2055472 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (ajsdiaolke .shop) (exploit_kit.rules)
  • 2055473 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (ajsdiaolke .shop) (exploit_kit.rules)
  • 2055474 - ET MALWARE Lumma Stealer Domain in DNS Lookup (caffegclasiqwp .shop) (malware.rules)
  • 2055475 - ET MALWARE Lumma Stealer Domain in DNS Lookup (condedqpwqm .shop) (malware.rules)
  • 2055476 - ET MALWARE Lumma Stealer Domain in DNS Lookup (dirtdrawingjsi .shop) (malware.rules)
  • 2055477 - ET MALWARE Lumma Stealer Domain in DNS Lookup (evoliutwoqm .shop) (malware.rules)
  • 2055478 - ET MALWARE Lumma Stealer Domain in DNS Lookup (froytnewqowv .shop) (malware.rules)
  • 2055479 - ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop) (malware.rules)
  • 2055480 - ET MALWARE Lumma Stealer Domain in DNS Lookup (millyscroqwp .shop) (malware.rules)
  • 2055481 - ET MALWARE Lumma Stealer Domain in DNS Lookup (stagedchheiqwo .shop) (malware.rules)
  • 2055482 - ET MALWARE Lumma Stealer Domain in DNS Lookup (stamppreewntnq .shop) (malware.rules)
  • 2055483 - ET MALWARE Lumma Stealer Domain in DNS Lookup (traineiwnqo .shop) (malware.rules)
  • 2055484 - ET MALWARE Lumma Stealer Domain in TLS SNI (caffegclasiqwp .shop) (malware.rules)
  • 2055485 - ET MALWARE Lumma Stealer Domain in TLS SNI (condedqpwqm .shop) (malware.rules)
  • 2055486 - ET MALWARE Lumma Stealer Domain in TLS SNI (dirtdrawingjsi .shop) (malware.rules)
  • 2055487 - ET MALWARE Lumma Stealer Domain in TLS SNI (evoliutwoqm .shop) (malware.rules)
  • 2055488 - ET MALWARE Lumma Stealer Domain in TLS SNI (froytnewqowv .shop) (malware.rules)
  • 2055489 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) (malware.rules)
  • 2055490 - ET MALWARE Lumma Stealer Domain in TLS SNI (millyscroqwp .shop) (malware.rules)
  • 2055491 - ET MALWARE Lumma Stealer Domain in TLS SNI (stagedchheiqwo .shop) (malware.rules)
  • 2055492 - ET MALWARE Lumma Stealer Domain in TLS SNI (stamppreewntnq .shop) (malware.rules)
  • 2055493 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) (malware.rules)
  • 2055494 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .contest .printondemandmerchandise .com) (malware.rules)
  • 2055495 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .contest .printondemandmerchandise .com) (malware.rules)
  • 2055496 - ET MALWARE Possible Cthulu Stealer URI Struct M1 (malware.rules)
  • 2055497 - ET MALWARE SystemBC CnC Beacon (malware.rules)
  • 2055498 - ET MALWARE Possible Cthulu Stealer URI Struct M2 (malware.rules)
  • 2055499 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckkystar .shop) (exploit_kit.rules)
  • 2055500 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (selllify .shop) (exploit_kit.rules)
  • 2055501 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artickon .shop) (exploit_kit.rules)
  • 2055502 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (articon .website) (exploit_kit.rules)
  • 2055503 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (seilsmart .shop) (exploit_kit.rules)
  • 2055504 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (happyllfe .online) (exploit_kit.rules)
  • 2055505 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckkystar .shop) (exploit_kit.rules)
  • 2055506 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (selllify .shop) (exploit_kit.rules)
  • 2055507 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artickon .shop) (exploit_kit.rules)
  • 2055508 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (articon .website) (exploit_kit.rules)
  • 2055509 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (seilsmart .shop) (exploit_kit.rules)
  • 2055510 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (happyllfe .online) (exploit_kit.rules)
  • 2055511 - ET MALWARE Moonpeak RAT Related Domain in DNS Lookup (yoiroyse .store) (malware.rules)
  • 2055512 - ET MALWARE Moonpeak RAT Related Domain in DNS Lookup (pumaria .store) (malware.rules)
  • 2055513 - ET MALWARE Moonpeak RAT Related Domain in DNS Lookup (nmailhostserver .store) (malware.rules)
  • 2055514 - ET MALWARE Moonpeak RAT Related Domain in DNS Lookup (nsonlines .store) (malware.rules)
  • 2055515 - ET MALWARE Observed Moonpeak RAT Related Domain (yoiroyse .store) in TLS SNI (malware.rules)
  • 2055516 - ET MALWARE Observed Moonpeak RAT Related Domain (pumaria .store) in TLS SNI (malware.rules)
  • 2055517 - ET MALWARE Observed Moonpeak RAT Related Domain (nmailhostserver .store) in TLS SNI (malware.rules)
  • 2055518 - ET MALWARE Observed Moonpeak RAT Related Domain (nsonlines .store) in TLS SNI (malware.rules)
  • 2055519 - ET MALWARE Lumma Stealer Domain in DNS Lookup (juniirsoow .shop) (malware.rules)
  • 2055520 - ET MALWARE Lumma Stealer Domain in TLS SNI (juniirsoow .shop) (malware.rules)
  • 2055521 - ET HUNTING Missing Content-Type in Multipart/Form-Data Request (hunting.rules)

Pro:

  • 2858016 - ETPRO PHISHING Generic Credential Phish Landing Lage 2024-08-23 (phishing.rules)
  • 2858017 - ETPRO PHISHING HTML Smuggling Credential Phish Landing Page 2024-08-23 (phishing.rules)
  • 2858018 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
  • 2858019 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858020 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858021 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858040 - ETPRO MALWARE Sistem Updater CnC Beacon (executedMsg) (malware.rules)
  • 2858041 - ETPRO MALWARE Sistem Updater CnC Beacon (noSharesFounded) (malware.rules)