Ruleset Update Summary - 2024/09/10 - v10686

Summary:

6 new OPEN, 13 new PRO (6 + 7)

Thanks @kaspersky


Added rules:

Open:

  • 2055812 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (glassestacwop .shop) (malware.rules)
  • 2055813 - ET MALWARE Observed Lumma Stealer Related Domain (glassestacwop .shop in TLS SNI) (malware.rules)
  • 2055814 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (radlantroots .com) (exploit_kit.rules)
  • 2055815 - ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (radlantroots .com) (exploit_kit.rules)
  • 2055816 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (north-residence .com) (exploit_kit.rules)
  • 2055817 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (north-residence .com) (exploit_kit.rules)

Pro:

  • 2858322 - ETPRO EXPLOIT Windows Mark of the Web Security Feature Bypass Attempt (CVE-2024-38217) (exploit.rules)
  • 2858323 - ETPRO EXPLOIT Adobe Coldfusion Deserialization Remote Code Execution (CVE-2024-41874) (exploit.rules)
  • 2858326 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound to VexTrio (exploit_kit.rules)
  • 2858327 - ETPRO HUNTING Office Doc with Embedded eXtensible Stylesheet Language Transformations (XSLT) Script Block (hunting.rules)
  • 2858328 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2858329 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2858330 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Modified inactive rules:

  • 2014645 - ET EXPLOIT RuggedCom Banner with MAC (SET) (exploit.rules)
  • 2831252 - ETPRO EXPLOIT Flash Player Integer Overflow Inbound (CVE-2018-5000) (exploit.rules)

Disabled and modified rules:

  • 2829286 - ETPRO MALWARE APT28 DNS Lookup (malware.rules)