Ruleset Update Summary - 2024/10/22 - v10725

rulesbot · October 22, 2024, 7:54pm

Summary:

32 new OPEN, 66 new PRO (32 + 34)

Added rules:

Open:

2056744 - ET INFO DYNAMIC_DNS Query to a * .lipizzanregistry .com Domain (info.rules)
2056745 - ET INFO DYNAMIC_DNS HTTP Request to a * .lipizzanregistry .com Domain (info.rules)
2056746 - ET INFO DYNAMIC_DNS Query to a * .pandatune .com Domain (info.rules)
2056747 - ET INFO DYNAMIC_DNS HTTP Request to a * .pandatune .com Domain (info.rules)
2056748 - ET INFO DYNAMIC_DNS Query to a * .stormfood .com Domain (info.rules)
2056749 - ET INFO DYNAMIC_DNS HTTP Request to a * .stormfood .com Domain (info.rules)
2056750 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (captaitwik .sbs) (malware.rules)
2056751 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (captaitwik .sbs in TLS SNI) (malware.rules)
2056752 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deepymouthi .sbs) (malware.rules)
2056753 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deepymouthi .sbs in TLS SNI) (malware.rules)
2056754 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ferrycheatyk .sbs) (malware.rules)
2056755 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ferrycheatyk .sbs in TLS SNI) (malware.rules)
2056756 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (heroicmint .sbs) (malware.rules)
2056757 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (heroicmint .sbs in TLS SNI) (malware.rules)
2056758 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (kneelyopkr .cfd) (malware.rules)
2056759 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (kneelyopkr .cfd in TLS SNI) (malware.rules)
2056760 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (monstourtu .sbs) (malware.rules)
2056761 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (monstourtu .sbs in TLS SNI) (malware.rules)
2056762 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sidercotay .sbs) (malware.rules)
2056763 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sidercotay .sbs in TLS SNI) (malware.rules)
2056764 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snailyeductyi .sbs) (malware.rules)
2056765 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (snailyeductyi .sbs in TLS SNI) (malware.rules)
2056766 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrigglesight .sbs) (malware.rules)
2056767 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrigglesight .sbs in TLS SNI) (malware.rules)
2056768 - ET WEB_SPECIFIC_APPS Grafana Post-Authentication DuckDB SQL Injection (CVE-2024-9264) (web_specific_apps.rules)
2056769 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (saveourmalta .com) (exploit_kit.rules)
2056770 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (deltaldcenter .com) (exploit_kit.rules)
2056771 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (saveourmalta .com) (exploit_kit.rules)
2056772 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (deltaldcenter .com) (exploit_kit.rules)
2056773 - ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation Attempt (CVE-2022-22733) (web_specific_apps.rules)
2056774 - ET WEB_SPECIFIC_APPS Apache ShardingSphere ElasticJob-UI Privilege Escalation - Successful Attempt (CVE-2022-22733) (web_specific_apps.rules)
2056775 - ET WEB_SPECIFIC_APPS Zyxel USG/Zywall Authentication Bypass Attempt (CVE-2022-0342) (web_specific_apps.rules)

Pro:

2858743 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2858744 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2858745 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858746 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858747 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858748 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858749 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858750 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858751 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858752 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2858753 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858754 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858755 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858756 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858757 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858758 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858759 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858760 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2858761 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858762 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858763 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858764 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858765 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858766 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858767 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858768 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2858769 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858770 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858771 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858772 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858773 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858774 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858775 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858776 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/04/22 - v10580 Ruleset Updates	261	April 22, 2024
Ruleset Update Summary - 2024/11/04 - v10734 Ruleset Updates	78	November 4, 2024
Ruleset Update Summary - 2024/07/22 - v10650 Ruleset Updates	75	July 22, 2024
Ruleset Update Summary - 2024/08/15 - v10667 Ruleset Updates	70	August 15, 2024
Ruleset Update Summary - 2024/11/08 - v10738 Ruleset Updates	95	November 8, 2024

Ruleset Update Summary - 2024/10/22 - v10725

Summary:

Added rules:

Open:

Pro:

Related topics