Ruleset Update Summary - 2024/10/25 - v10728

rulesbot · October 25, 2024, 9:11pm

Summary:

21 new OPEN, 35 new PRO (21 + 14)

Thanks Kevin, Ross

Added rules:

Open:

2057043 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arreggshow .cfd) (malware.rules)
2057044 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (arreggshow .cfd in TLS SNI) (malware.rules)
2057045 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wheatari .cyou) (malware.rules)
2057046 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wheatari .cyou in TLS SNI) (malware.rules)
2057047 - ET INFO DYNAMIC_DNS Query to a * .elephantass .com Domain (info.rules)
2057048 - ET INFO DYNAMIC_DNS HTTP Request to a * .elephantass .com Domain (info.rules)
2057049 - ET INFO DYNAMIC_DNS Query to a * .stevekoch .ca Domain (info.rules)
2057050 - ET INFO DYNAMIC_DNS HTTP Request to a * .stevekoch .ca Domain (info.rules)
2057051 - ET INFO DYNAMIC_DNS Query to a * .ens .org Domain (info.rules)
2057052 - ET INFO DYNAMIC_DNS HTTP Request to a * .ens .org Domain (info.rules)
2057053 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arreggshow .cfd) (malware.rules)
2057054 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (arreggshow .cfd in TLS SNI) (malware.rules)
2057055 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wheatari .cyou) (malware.rules)
2057056 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wheatari .cyou in TLS SNI) (malware.rules)
2057057 - ET MALWARE ZharkBOT CnC Activity (GET) M1 (malware.rules)
2057058 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arubapalmrealtor .com) (exploit_kit.rules)
2057059 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arubapalmrealtor .com) (exploit_kit.rules)
2057060 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cosdfdfrefdch .best) (exploit_kit.rules)
2057061 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cosdfdfrefdch .best) (exploit_kit.rules)
2057062 - ET MALWARE ZharkBOT CnC Activity (GET) M2 (malware.rules)
2057063 - ET MALWARE Mints.Loader CnC Activity (GET) (malware.rules)

Pro:

2858797 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2858798 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858799 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858800 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858801 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858802 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2858803 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858804 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2858805 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858806 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2858807 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858808 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858809 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2858810 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Disabled and modified rules:

2056856 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (explorationmsn .store) (malware.rules)
2056858 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorationmsn .store in TLS SNI) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	241	March 8, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	938	March 11, 2024
Ruleset Update Summary - 2024/08/19 - v10669 Ruleset Updates	133	August 19, 2024
Ruleset Update Summary - 2024/03/05 - v10545 Ruleset Updates	751	March 5, 2024
Ruleset Update Summary - 2024/02/14 - v10532 Ruleset Updates	290	February 14, 2024

Ruleset Update Summary - 2024/10/25 - v10728

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics