Ruleset Update Summary - 2024/09/03 - v10680

Ruleset Updates
1

Summary:

34 new OPEN, 34 new PRO (34 + 0)

Thanks @GreyNoiseIO, @offsectraining

Added rules:

Open:

  • 2055690 - ET MALWARE TA399 Related Domain in DNS Lookup (document-viewer .live) (malware.rules)
  • 2055691 - ET MALWARE Observed TA399 Domain (document-viewer .live) in TLS SNI (malware.rules)
  • 2055692 - ET MALWARE directlinkgen_bot CnC Domain in DNS Lookup (ddl .safone .dev) (malware.rules)
  • 2055693 - ET MALWARE Observed directlinkgen_bot CnC Domain (ddl .safone .dev in TLS SNI) (malware.rules)
  • 2055694 - ET INFO DYNAMIC_DNS Query to a * .jansolo .com Domain (info.rules)
  • 2055695 - ET INFO DYNAMIC_DNS HTTP Request to a * .jansolo .com Domain (info.rules)
  • 2055696 - ET INFO DYNAMIC_DNS Query to a * .vanomania .net Domain (info.rules)
  • 2055697 - ET INFO DYNAMIC_DNS HTTP Request to a * .vanomania .net Domain (info.rules)
  • 2055698 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (applieddyooqnz .shop) (malware.rules)
  • 2055699 - ET MALWARE Observed Lumma Stealer Related Domain (applieddyooqnz .shop in TLS SNI) (malware.rules)
  • 2055700 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ensuredqsnjqk .shop) (malware.rules)
  • 2055701 - ET MALWARE Observed Lumma Stealer Related Domain (ensuredqsnjqk .shop in TLS SNI) (malware.rules)
  • 2055702 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (iserjpcektoq .shop) (malware.rules)
  • 2055703 - ET MALWARE Observed Lumma Stealer Related Domain (iserjpcektoq .shop in TLS SNI) (malware.rules)
  • 2055704 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tibedowqmwo .shop) (malware.rules)
  • 2055705 - ET MALWARE Observed Lumma Stealer Related Domain (tibedowqmwo .shop in TLS SNI) (malware.rules)
  • 2055706 - ET WEB_SPECIFIC_APPS Ivanti Virtual Traffic Manager Authentication Bypass Attempt (CVE-2024-7593) (web_specific_apps.rules)
  • 2055707 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (southasianfitness .com) (exploit_kit.rules)
  • 2055708 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (villasara974 .com) (exploit_kit.rules)
  • 2055709 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (southasianfitness .com) (exploit_kit.rules)
  • 2055710 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (villasara974 .com) (exploit_kit.rules)
  • 2055711 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (novastraem .com) (exploit_kit.rules)
  • 2055712 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendgurupro .com) (exploit_kit.rules)
  • 2055713 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (advertispro .com) (exploit_kit.rules)
  • 2055714 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphisprintstudio .com) (exploit_kit.rules)
  • 2055715 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (techtnee .com) (exploit_kit.rules)
  • 2055716 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (brandilift .com) (exploit_kit.rules)
  • 2055717 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (novastraem .com) (exploit_kit.rules)
  • 2055718 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendgurupro .com) (exploit_kit.rules)
  • 2055719 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (advertispro .com) (exploit_kit.rules)
  • 2055720 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphisprintstudio .com) (exploit_kit.rules)
  • 2055721 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (techtnee .com) (exploit_kit.rules)
  • 2055722 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (brandilift .com) (exploit_kit.rules)
  • 2055723 - ET WEB_SPECIFIC_APPS D-Link DIR-859 Information Disclosure Attempt (CVE-2024-07969) (web_specific_apps.rules)