Ruleset Update Summary - 2024/10/16 - v10721

rulesbot · October 16, 2024, 8:16pm

Summary:

42 new OPEN, 43 new PRO (42 + 1)

Thanks @naumovax

Added rules:

Open:

2056686 - ET INFO DYNAMIC_DNS Query to a * .delectare .org Domain (info.rules)
2056687 - ET INFO DYNAMIC_DNS HTTP Request to a * .delectare .org Domain (info.rules)
2056688 - ET INFO DYNAMIC_DNS Query to a * .shredsnow .com Domain (info.rules)
2056689 - ET INFO DYNAMIC_DNS HTTP Request to a * .shredsnow .com Domain (info.rules)
2056690 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (addicitedoqowm .shop) (malware.rules)
2056691 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (addicitedoqowm .shop in TLS SNI) (malware.rules)
2056692 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (conceptionnyi .sbs) (malware.rules)
2056693 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (conceptionnyi .sbs in TLS SNI) (malware.rules)
2056694 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (divewanntwj .biz) (malware.rules)
2056695 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (divewanntwj .biz in TLS SNI) (malware.rules)
2056696 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightyglobo .sbs) (malware.rules)
2056697 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightyglobo .sbs in TLS SNI) (malware.rules)
2056698 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (insideparti .cfd) (malware.rules)
2056699 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (insideparti .cfd in TLS SNI) (malware.rules)
2056700 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (modellydivi .sbs) (malware.rules)
2056701 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (modellydivi .sbs in TLS SNI) (malware.rules)
2056702 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nervepianoyo .sbs) (malware.rules)
2056703 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (nervepianoyo .sbs in TLS SNI) (malware.rules)
2056704 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pioneeruyj .sbs) (malware.rules)
2056705 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pioneeruyj .sbs in TLS SNI) (malware.rules)
2056706 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (platformcati .sbs) (malware.rules)
2056707 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (platformcati .sbs in TLS SNI) (malware.rules)
2056708 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (punchudump .buzz) (malware.rules)
2056709 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (punchudump .buzz in TLS SNI) (malware.rules)
2056710 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (qualifielgalt .sbs) (malware.rules)
2056711 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (qualifielgalt .sbs in TLS SNI) (malware.rules)
2056712 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (smashygally .sbs) (malware.rules)
2056713 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (smashygally .sbs in TLS SNI) (malware.rules)
2056714 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thanngkwwqlm .shop) (malware.rules)
2056715 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thanngkwwqlm .shop in TLS SNI) (malware.rules)
2056716 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (underlinefiue .sbs) (malware.rules)
2056717 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (underlinefiue .sbs in TLS SNI) (malware.rules)
2056718 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (milan77burn .top) (exploit_kit.rules)
2056719 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (raptwinter .shop) (exploit_kit.rules)
2056720 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (10086623 .top) (exploit_kit.rules)
2056721 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tqshoes .shop) (exploit_kit.rules)
2056722 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (milan77burn .top) (exploit_kit.rules)
2056723 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (raptwinter .shop) (exploit_kit.rules)
2056724 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (10086623 .top) (exploit_kit.rules)
2056725 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tqshoes .shop) (exploit_kit.rules)
2056726 - ET MALWARE BumbleBee Loader CnC Checkin (malware.rules)
2056727 - ET MALWARE BumbleBee Loader CnC Server Response (malware.rules)

Pro:

2858710 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/11/04 - v10734 Ruleset Updates	91	November 4, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	241	March 8, 2024
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	111	November 12, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	938	March 11, 2024
Ruleset Update Summary - 2024/03/05 - v10545 Ruleset Updates	751	March 5, 2024

Ruleset Update Summary - 2024/10/16 - v10721

Summary:

Added rules:

Open:

Pro:

Related topics