Ruleset Update Summary - 2024/09/13 - v10693

rulesbot · September 13, 2024, 8:43pm

Summary:

15 new OPEN, 18 new PRO (15 + 3)

Today is the last release for the Suricata 4 ruleset.

2055832 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (desynlabtech .com) (exploit_kit.rules)
2055833 - ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (desynlabtech .com) (exploit_kit.rules)
2055834 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sentistivowmi .shop) (malware.rules)
2055835 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sentistivowmi .shop in TLS SNI) (malware.rules)
2055836 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tatemosher .com) (exploit_kit.rules)
2055837 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (zeleitex .com) (exploit_kit.rules)
2055838 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tatemosher .com) (exploit_kit.rules)
2055839 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (zeleitex .com) (exploit_kit.rules)
2055840 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (auth-owlting .com) (exploit_kit.rules)
2055841 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (www-wpx .net) (exploit_kit.rules)
2055842 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (auth-owlting .com) (exploit_kit.rules)
2055843 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (www-wpx .net) (exploit_kit.rules)
2055844 - ET INFO Observed DNS Query to Commonly Actor Abused Service (image .thum .io) (info.rules)
2055845 - ET INFO Observed Commonly Actor Abused Domain (image .thum .io in TLS SNI) (info.rules)
2055846 - ET MALWARE Fake Captcha Page Containing Powershell Inbound (malware.rules)

2015902 - ET MALWARE Win32/Kuluoz.B CnC (malware.rules)
2015903 - ET MALWARE Win32/Kuluoz.B CnC 2 (malware.rules)
2020335 - ET MALWARE MSIL/Agent.PYO Receiving Config (malware.rules)
2020421 - ET MALWARE Win32/Gulcrypt.B Downloading components (malware.rules)
2802898 - ETPRO MALWARE Win32/IRCBrute/Floder.ej Command Report (malware.rules)
2802986 - ETPRO MALWARE Win32/Banload.YE Checkin (malware.rules)
2806001 - ETPRO MALWARE Win32/Tepv.A CnC Credentials Returned (malware.rules)
2806507 - ETPRO MALWARE Win32/Injector.Autoit.P variant response (malware.rules)
2808054 - ETPRO MALWARE MSIL/RapidStealer.A FTP Activity 1 (set) (malware.rules)
2808056 - ETPRO MALWARE MSIL/RapidStealer.A FTP Activity 2 (set) (malware.rules)
2809836 - ETPRO MALWARE Win32/Spy.Banker.AALI MSSQL CnC Beacon (malware.rules)
2811637 - ETPRO MALWARE Win32/Ceatrg.A CnC Beacon M2 (malware.rules)
2812602 - ETPRO MALWARE Win32/Genasom.FO Sending Ransom Details (malware.rules)
2812773 - ETPRO MALWARE Win32/Aibatook CnC Beacon Response (malware.rules)
2815048 - ETPRO MALWARE Win32/Spy.Banker.ABMV CnC Response (malware.rules)
2815564 - ETPRO MALWARE Win32/Agent.RNW CnC Beacon Response (malware.rules)
2820576 - ETPRO MALWARE MSIL/PWS.Agent.OMJ Inbound Beacon (malware.rules)
2828307 - ETPRO MALWARE Win32/Unk.Stealer Requesting Config Update (malware.rules)
2849858 - ETPRO MALWARE Win32/Syndicasec CnC Activity - JavaScript Command Decoder Observed (malware.rules)

2055830 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (simplymecosmetics .com) (exploit_kit.rules)
2055831 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (simplymecosmetics .com) (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	309	March 25, 2024
Ruleset Update Summary - 2024/04/01 - v10564 Ruleset Updates	233	April 1, 2024
Ruleset Update Summary - 2024/02/09 - v10528 Ruleset Updates	515	February 9, 2024
Ruleset Update Summary - 2024/02/05 - v10524 Ruleset Updates	445	February 5, 2024
Ruleset Update Summary - 2024/10/30 - v10731 Ruleset Updates	178	October 30, 2024