Ruleset Update Summary - 2024/08/29 - v10677

rulesbot · August 29, 2024, 10:00pm

Summary:

55 new OPEN, 71 new PRO (55 + 16)

Thanks @TrendMicro, @Unit42_Intel

Added rules:

Open:

2055586 - ET MALWARE Globalshadow Trojan CnC Checkin M1 (malware.rules)
2055587 - ET MALWARE Globalshadow Trojan CnC Checkin M2 (malware.rules)
2055588 - ET MALWARE Globalshadow CnC Domain in DNS Lookup (portal .sharjahconnect .online) (malware.rules)
2055589 - ET MALWARE Observed Globalshadow Domain (portal .sharjahconnect .online) in TLS SNI (malware.rules)
2055590 - ET WEB_SPECIFIC_APPS Fortra FileCatalyst Workflow Insecure HSQLDB Default Credentials (web_specific_apps.rules)
2055591 - ET MALWARE DNS Query to Lumma Stealer Domain (adstrra .b-cdn .net) (malware.rules)
2055592 - ET MALWARE DNS Query to Lumma Stealer Domain (ch3 .dlvideosfre .click) (malware.rules)
2055593 - ET MALWARE DNS Query to Lumma Stealer Domain (human-check .b-cdn .net) (malware.rules)
2055594 - ET MALWARE DNS Query to Lumma Stealer Domain (human-verify02 .b-cdn .net) (malware.rules)
2055595 - ET MALWARE DNS Query to Lumma Stealer Domain (get-verified2 .b-cdn .net) (malware.rules)
2055596 - ET MALWARE DNS Query to Lumma Stealer Domain (propller .b-cdn .net) (malware.rules)
2055597 - ET MALWARE DNS Query to Lumma Stealer Domain (myapt67 .s3 .amazonaws .com) (malware.rules)
2055598 - ET MALWARE DNS Query to Lumma Stealer Domain (zone02 .b-cdn .net) (malware.rules)
2055599 - ET MALWARE DNS Query to Lumma Stealer Domain (verif .dlvideosfre .click) (malware.rules)
2055600 - ET MALWARE DNS Query to Lumma Stealer Domain (poko .b-cdn .net) (malware.rules)
2055601 - ET MALWARE DNS Query to Lumma Stealer Domain (get-verified .b-cdn .net) (malware.rules)
2055602 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (assumptionflattyou .shop) (malware.rules)
2055603 - ET MALWARE Observed Lumma Stealer Related Domain (assumptionflattyou .shop in TLS SNI) (malware.rules)
2055604 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deteriotraiwo .shop) (malware.rules)
2055605 - ET MALWARE Observed Lumma Stealer Related Domain (deteriotraiwo .shop in TLS SNI) (malware.rules)
2055606 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (diamonykeqpwm .shop) (malware.rules)
2055607 - ET MALWARE Observed Lumma Stealer Related Domain (diamonykeqpwm .shop in TLS SNI) (malware.rules)
2055608 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (excavtaionps .shop) (malware.rules)
2055609 - ET MALWARE Observed Lumma Stealer Related Domain (excavtaionps .shop in TLS SNI) (malware.rules)
2055610 - ET MALWARE Observed Lumma Stealer Domain (adstrra .b-cdn .net in TLS SNI) (malware.rules)
2055611 - ET MALWARE Observed Lumma Stealer Domain (ch3 .dlvideosfre .click in TLS SNI) (malware.rules)
2055612 - ET MALWARE Observed Lumma Stealer Domain (human-check .b-cdn .net in TLS SNI) (malware.rules)
2055613 - ET MALWARE Observed Lumma Stealer Domain (human-verify02 .b-cdn .net in TLS SNI) (malware.rules)
2055614 - ET MALWARE Observed Lumma Stealer Domain (get-verified2 .b-cdn .net in TLS SNI) (malware.rules)
2055615 - ET MALWARE Observed Lumma Stealer Domain (propller .b-cdn .net in TLS SNI) (malware.rules)
2055616 - ET MALWARE Observed Lumma Stealer Domain (myapt67 .s3 .amazonaws .com in TLS SNI) (malware.rules)
2055617 - ET MALWARE Observed Lumma Stealer Domain (zone02 .b-cdn .net in TLS SNI) (malware.rules)
2055618 - ET MALWARE Observed Lumma Stealer Domain (verif .dlvideosfre .click in TLS SNI) (malware.rules)
2055619 - ET MALWARE Observed Lumma Stealer Domain (poko .b-cdn .net in TLS SNI) (malware.rules)
2055620 - ET MALWARE Observed Lumma Stealer Domain (get-verified .b-cdn .net in TLS SNI) (malware.rules)
2055621 - ET MALWARE Lumma Stealer Related Fake Captcha Page Inbound M1 (malware.rules)
2055622 - ET MALWARE Lumma Stealer Related Fake Captcha Page Inbound M2 (malware.rules)
2055623 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (dealhunt .website) (exploit_kit.rules)
2055624 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (merchifly .shop) (exploit_kit.rules)
2055625 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (selloria .shop) (exploit_kit.rules)
2055626 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (designlq .com) (exploit_kit.rules)
2055627 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphlq .shop) (exploit_kit.rules)
2055628 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (javaninja .shop) (exploit_kit.rules)
2055629 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (creativeslim .com) (exploit_kit.rules)
2055630 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (dealhunt .website) (exploit_kit.rules)
2055631 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (merchifly .shop) (exploit_kit.rules)
2055632 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (selloria .shop) (exploit_kit.rules)
2055633 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (designlq .com) (exploit_kit.rules)
2055634 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphlq .shop) (exploit_kit.rules)
2055635 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (javaninja .shop) (exploit_kit.rules)
2055636 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (creativeslim .com) (exploit_kit.rules)
2055637 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (rentyrooms .com) (exploit_kit.rules)
2055638 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (rentyrooms .com) (exploit_kit.rules)
2055639 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (tayakay .com) (exploit_kit.rules)
2055640 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (tayakay .com) (exploit_kit.rules)

Pro:

2858211 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2858212 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858213 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858214 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858215 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858216 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2858217 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858218 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2858219 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858220 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2858221 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858222 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858223 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2858224 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2858231 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound to VexTrio (5dc72) (exploit_kit.rules)
2858232 - ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (com) (malware.rules)

Removed rules:

2811544 - ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (com) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/06/20 - v10622 Ruleset Updates	152	June 20, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	333	January 25, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	233	March 8, 2024
Ruleset Update Summary - 2024/02/16 - v10534 Ruleset Updates	284	February 16, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	480	February 20, 2024

Ruleset Update Summary - 2024/08/29 - v10677

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related Topics