Ruleset Update Summary - 2024/09/27 - v10708

rulesbot · September 27, 2024, 8:52pm

Summary:

104 new OPEN, 105 new PRO (104 + 1)

Thanks @Cloudflare

Added rules:

Open:

2056214 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (herald-b2a .workers .dev) (malware.rules)
2056215 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (dawn .apl-org .online) (malware.rules)
2056216 - ET WEB_SPECIFIC_APPS Totolink CP450 Information Disclosure via product.ini (CVE-2024-7332) (web_specific_apps.rules)
2056217 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (classifieds .workers .dev) (malware.rules)
2056218 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (sensors .opensecurity-legacy .com) (malware.rules)
2056219 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (hurr .zapto .org) (malware.rules)
2056220 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (owa-spamcheck .apl-org .online) (malware.rules)
2056221 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (zoom .osutuga7 .workers .dev) (malware.rules)
2056222 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (monitor .opensecurity-legacy .com) (malware.rules)
2056223 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (images-11d .workers .dev) (malware.rules)
2056224 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (168-gov .info) (malware.rules)
2056225 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (mozilla .apl-org .online) (malware.rules)
2056226 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (aljazeerak .online) (malware.rules)
2056227 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (storage-e13 .sharepoint-e13 .workers .dev) (malware.rules)
2056228 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (acrobat .paknavy-pk .org) (malware.rules)
2056229 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (bin .opensecurity-legacy .com) (malware.rules)
2056230 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (locaal .navybd-gov .info) (malware.rules)
2056231 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (crec-bd .site) (malware.rules)
2056232 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (mail .apl-com .icu) (malware.rules)
2056233 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (obituary .workers .dev) (malware.rules)
2056234 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (dawnnews .workers .dev) (malware.rules)
2056235 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (sharepoint-punjab .sharepoint-e13 .workers .dev) (malware.rules)
2056236 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (openkm .paknavy-pk .org) (malware.rules)
2056237 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (helpdesk-lab .site) (malware.rules)
2056238 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (aurora .dawn-904 .workers .dev) (malware.rules)
2056239 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (cloud .adobefileshare .com) (malware.rules)
2056240 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (redzone2 .apl-org .online) (malware.rules)
2056241 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (maldevfudding .com) (malware.rules)
2056242 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (blabla .apl-com .icu) (malware.rules)
2056243 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (quran-books .store) (malware.rules)
2056244 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (m .opensecurity-legacy .com) (malware.rules)
2056245 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (redzone .apl-org .online) (malware.rules)
2056246 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (browser .apl-org .online) (malware.rules)
2056247 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (api .opensecurity-legacy .com) (malware.rules)
2056248 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (mail-na-gov-pk .na-gov-pk .workers .dev) (malware.rules)
2056249 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (jammycanonicalupdates .cloud) (malware.rules)
2056250 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (mail .pakistangov .com) (malware.rules)
2056251 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (static .opensecurity-legacy .com) (malware.rules)
2056252 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (epaper .dawn-323 .workers .dev) (malware.rules)
2056253 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (adobefileshare .com) (malware.rules)
2056254 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (frontend-m .opensecurity-legacy .com) (malware.rules)
2056255 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (pitb .gov-pkgov .workers .dev) (malware.rules)
2056256 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (login .apl-org .online) (malware.rules)
2056257 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (new .apl-org .online) (malware.rules)
2056258 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (accounts .opensecurity-legacy .com) (malware.rules)
2056259 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (mail-islamabadpolice-gov-pk .ntc-telecommunication-safecity .workers .dev) (malware.rules)
2056260 - ET MALWARE Observed DNS Query to SloppyLemming/UNK_SloppyDisc Domain (docs .apl-com .icu) (malware.rules)
2056261 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (herald-b2a .workers .dev in TLS SNI) (malware.rules)
2056262 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (dawn .apl-org .online in TLS SNI) (malware.rules)
2056263 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (classifieds .workers .dev in TLS SNI) (malware.rules)
2056264 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (sensors .opensecurity-legacy .com in TLS SNI) (malware.rules)
2056265 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (hurr .zapto .org in TLS SNI) (malware.rules)
2056266 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (owa-spamcheck .apl-org .online in TLS SNI) (malware.rules)
2056267 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (zoom .osutuga7 .workers .dev in TLS SNI) (malware.rules)
2056268 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (monitor .opensecurity-legacy .com in TLS SNI) (malware.rules)
2056269 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (images-11d .workers .dev in TLS SNI) (malware.rules)
2056270 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (168-gov .info in TLS SNI) (malware.rules)
2056271 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (mozilla .apl-org .online in TLS SNI) (malware.rules)
2056272 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (aljazeerak .online in TLS SNI) (malware.rules)
2056273 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (storage-e13 .sharepoint-e13 .workers .dev in TLS SNI) (malware.rules)
2056274 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (acrobat .paknavy-pk .org in TLS SNI) (malware.rules)
2056275 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (bin .opensecurity-legacy .com in TLS SNI) (malware.rules)
2056276 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (locaal .navybd-gov .info in TLS SNI) (malware.rules)
2056277 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (crec-bd .site in TLS SNI) (malware.rules)
2056278 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (mail .apl-com .icu in TLS SNI) (malware.rules)
2056279 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (obituary .workers .dev in TLS SNI) (malware.rules)
2056280 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (dawnnews .workers .dev in TLS SNI) (malware.rules)
2056281 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (sharepoint-punjab .sharepoint-e13 .workers .dev in TLS SNI) (malware.rules)
2056282 - ET WEB_SPECIFIC_APPS Raisecom MSG Series Gateway Command Injection Attempt (CVE-2024-7120) (web_specific_apps.rules)
2056283 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (openkm .paknavy-pk .org in TLS SNI) (malware.rules)
2056284 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (helpdesk-lab .site in TLS SNI) (malware.rules)
2056285 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (aurora .dawn-904 .workers .dev in TLS SNI) (malware.rules)
2056286 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (cloud .adobefileshare .com in TLS SNI) (malware.rules)
2056287 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (redzone2 .apl-org .online in TLS SNI) (malware.rules)
2056288 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (maldevfudding .com in TLS SNI) (malware.rules)
2056289 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (blabla .apl-com .icu in TLS SNI) (malware.rules)
2056290 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (quran-books .store in TLS SNI) (malware.rules)
2056291 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (m .opensecurity-legacy .com in TLS SNI) (malware.rules)
2056292 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (redzone .apl-org .online in TLS SNI) (malware.rules)
2056293 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (browser .apl-org .online in TLS SNI) (malware.rules)
2056294 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (api .opensecurity-legacy .com in TLS SNI) (malware.rules)
2056295 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (mail-na-gov-pk .na-gov-pk .workers .dev in TLS SNI) (malware.rules)
2056296 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (jammycanonicalupdates .cloud in TLS SNI) (malware.rules)
2056297 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (mail .pakistangov .com in TLS SNI) (malware.rules)
2056298 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (static .opensecurity-legacy .com in TLS SNI) (malware.rules)
2056299 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (epaper .dawn-323 .workers .dev in TLS SNI) (malware.rules)
2056300 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (adobefileshare .com in TLS SNI) (malware.rules)
2056301 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (frontend-m .opensecurity-legacy .com in TLS SNI) (malware.rules)
2056302 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (pitb .gov-pkgov .workers .dev in TLS SNI) (malware.rules)
2056303 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (login .apl-org .online in TLS SNI) (malware.rules)
2056304 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (new .apl-org .online in TLS SNI) (malware.rules)
2056305 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (accounts .opensecurity-legacy .com in TLS SNI) (malware.rules)
2056306 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (mail-islamabadpolice-gov-pk .ntc-telecommunication-safecity .workers .dev in TLS SNI) (malware.rules)
2056307 - ET MALWARE Observed SloppyLemming/UNK_SloppyDisc Domain (docs .apl-com .icu in TLS SNI) (malware.rules)
2056308 - ET WEB_SPECIFIC_APPS SonicWall SMA1000 Directory Traversal Attempt (CVE-2023-0126) (web_specific_apps.rules)
2056309 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (internationalcricketboard .com) (exploit_kit.rules)
2056310 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (internationalcricketboard .com) (exploit_kit.rules)
2056311 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resstyeggeuo .shop) (malware.rules)
2056312 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resstyeggeuo .shop in TLS SNI) (malware.rules)
2056313 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (riderratttinow .shop) (malware.rules)
2056314 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (riderratttinow .shop in TLS SNI) (malware.rules)
2056315 - ET WEB_SPECIFIC_APPS Spring Framework FileSystemResource Path Traversal (CVE-2024-38816) (web_specific_apps.rules)
2056316 - ET PHISHING Generic Credential Phish Landing Page (jsnom.js) (phishing.rules)
2056317 - ET PHISHING Generic Credential Phish Fingerprinting Activity (Base64 Vars Detected &rand=, &sv=, &uid=) (phishing.rules)

Pro:

2858507 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/07/25 - v10379 Ruleset Updates	288	July 25, 2023
Ruleset Update Summary - 2024/01/26 - v10515 Ruleset Updates	211	January 26, 2024
Ruleset Update Summary - 2024/02/26 - v10540 Ruleset Updates	299	February 26, 2024
Ruleset Update Summary - 2024/11/21 - v10747 Ruleset Updates	94	November 21, 2024
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	349	November 22, 2023

Ruleset Update Summary - 2024/09/27 - v10708

Summary:

Added rules:

Open:

Pro:

Related topics