Ruleset Update Summary - 2024/09/25 - v10703

rulesbot · September 25, 2024, 8:26pm

Summary:

18 new OPEN, 23 new PRO (18 + 5)

Thanks @Horizon3ai

Added rules:

Open:

2056167 - ET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Hardcoded Credentials Information Leak (CVE-2024-28987) (web_specific_apps.rules)
2056168 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (literacyhangwk .shop) (malware.rules)
2056169 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (literacyhangwk .shop in TLS SNI) (malware.rules)
2056170 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (roaddrermncomplai .shop) (malware.rules)
2056171 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (roaddrermncomplai .shop in TLS SNI) (malware.rules)
2056172 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tiddymarktwo .shop) (malware.rules)
2056173 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tiddymarktwo .shop in TLS SNI) (malware.rules)
2056174 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trustterwowqm .shop) (malware.rules)
2056175 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (trustterwowqm .shop in TLS SNI) (malware.rules)
2056176 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wallkedsleeoi .shop) (malware.rules)
2056177 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wallkedsleeoi .shop in TLS SNI) (malware.rules)
2056178 - ET PHISHING Microsoft Office 365 Cred Phish (2024-09-25) (phishing.rules)
2056179 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (roadrunnersell .com) (exploit_kit.rules)
2056180 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (roadrunnersell .com) (exploit_kit.rules)
2056181 - ET WEB_SPECIFIC_APPS F5 BIG-IP Next Central Manager OData Injection (CVE-2024-21793) (web_specific_apps.rules)
2056182 - ET WEB_SPECIFIC_APPS W&B Weave Server Arbitrary File Leak (CVE-2024-7340) (web_specific_apps.rules)
2056183 - ET WEB_SPECIFIC_APPS F5 BIG-IP Next Central Manager SQL Injection (CVE-2024-26026) (web_specific_apps.rules)
2056184 - ET WEB_SPECIFIC_APPS Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) (web_specific_apps.rules)

Pro:

2858446 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858447 - ETPRO PHISHING DNS Query to TA399 Phishing Domain (phishing.rules)
2858448 - ETPRO PHISHING DNS Query to TA399 Phishing Domain (phishing.rules)
2858449 - ETPRO PHISHING Observed TA399 Phishing Domain in TLS SNI (phishing.rules)
2858450 - ETPRO PHISHING Observed TA399 Phishing Domain in TLS SNI (phishing.rules)

Modified inactive rules:

2056166 - ET EXPLOIT aiohttp Directory Traversal in Static Routing (CVE-2024-23334) (exploit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	932	March 11, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	238	March 8, 2024
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	93	November 12, 2024
Ruleset Update Summary - 2024/10/29 - v10730 Ruleset Updates	75	October 29, 2024
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	302	March 25, 2024

Ruleset Update Summary - 2024/09/25 - v10703

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics