Ruleset Update Summary - 2024/10/28 - v10729

rulesbot · October 28, 2024, 8:41pm

Summary:

55 new OPEN, 56 new PRO (55 + 1)

Thanks @g0njxa

Added rules:

Open:

2057064 - ET WEB_SPECIFIC_APPS PFsense Stored Cross-Site Scripting (CVE-2024-46538) (web_specific_apps.rules)
2057065 - ET MALWARE SocGholish CnC Domain in DNS (* .range .cccinvolve .org) (malware.rules)
2057066 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .range .cccinvolve .org) (malware.rules)
2057067 - ET INFO DYNAMIC_DNS Query to a * .vhutambo .co .za Domain (info.rules)
2057068 - ET INFO DYNAMIC_DNS HTTP Request to a * .vhutambo .co .za Domain (info.rules)
2057069 - ET INFO DYNAMIC_DNS Query to a * .gewamed .de Domain (info.rules)
2057070 - ET INFO DYNAMIC_DNS HTTP Request to a * .gewamed .de Domain (info.rules)
2057071 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (authorisev .site) (malware.rules)
2057072 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (authorisev .site in TLS SNI) (malware.rules)
2057073 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (carbonhari .cyou) (malware.rules)
2057074 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (carbonhari .cyou in TLS SNI) (malware.rules)
2057075 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (colldycatle .cyou) (malware.rules)
2057076 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (colldycatle .cyou in TLS SNI) (malware.rules)
2057077 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (contemteny .site) (malware.rules)
2057078 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (contemteny .site in TLS SNI) (malware.rules)
2057079 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dilemmadu .site) (malware.rules)
2057080 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dilemmadu .site in TLS SNI) (malware.rules)
2057081 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fashionablei .sbs) (malware.rules)
2057082 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fashionablei .sbs in TLS SNI) (malware.rules)
2057083 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (faulteyotk .site) (malware.rules)
2057084 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (faulteyotk .site in TLS SNI) (malware.rules)
2057085 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (goalyfeastz .site) (malware.rules)
2057086 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) (malware.rules)
2057087 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (messejawu .store) (malware.rules)
2057088 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (messejawu .store in TLS SNI) (malware.rules)
2057089 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (opposezmny .site) (malware.rules)
2057090 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (opposezmny .site in TLS SNI) (malware.rules)
2057091 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prinyveri .cfd) (malware.rules)
2057092 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (prinyveri .cfd in TLS SNI) (malware.rules)
2057093 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (seallysl .site) (malware.rules)
2057094 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (seallysl .site in TLS SNI) (malware.rules)
2057095 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (servicedny .site) (malware.rules)
2057096 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (servicedny .site in TLS SNI) (malware.rules)
2057097 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thighpecr .cyou) (malware.rules)
2057098 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thighpecr .cyou in TLS SNI) (malware.rules)
2057099 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (transparenteunlawfullyp .site) (malware.rules)
2057100 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (transparenteunlawfullyp .site in TLS SNI) (malware.rules)
2057101 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scriptyprefej .store) (malware.rules)
2057102 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scriptyprefej .store in TLS SNI) (malware.rules)
2057103 - ET MALWARE Win32/Ailurophile Stealer CnC Domain in DNS Lookup (manestvli .shop) (malware.rules)
2057104 - ET MALWARE Observed Win32/Ailurophile Stealer Domain (manestvli .shop) in TLS SNI (malware.rules)
2057105 - ET ATTACK_RESPONSE Observed ClickFix Powershell Delivery Page (Portuguese) (attack_response.rules)
2057106 - ET ATTACK_RESPONSE Observed ClickFix Powershell Delivery Page Inbound (attack_response.rules)
2057107 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (perfectlinestarter .com) (exploit_kit.rules)
2057108 - ET EXPLOIT_KIT Balada Domain in DNS Lookup (linetoslice .com) (exploit_kit.rules)
2057109 - ET EXPLOIT_KIT Balada Domain in TLS SNI (perfectlinestarter .com) (exploit_kit.rules)
2057110 - ET EXPLOIT_KIT Balada Domain in TLS SNI (linetoslice .com) (exploit_kit.rules)
2057111 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (promiseresolverdev .com) (exploit_kit.rules)
2057112 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (promiseresolverdev .com) (exploit_kit.rules)
2057113 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (prepare2swim .com) (exploit_kit.rules)
2057114 - ET MALWARE Observed DNS Query to ClickFix Domain (bigops .s3 .us-east-2 .amazonaws .com) (malware.rules)
2057115 - ET MALWARE Observed DNS Query to ClickFix Domain (youcansay .s3 .us-east-2 .amazonaws .com) (malware.rules)
2057116 - ET MALWARE Observed ClickFix Domain (bigops .s3 .us-east-2 .amazonaws .com in TLS SNI) (malware.rules)
2057117 - ET MALWARE Observed ClickFix Domain (youcansay .s3 .us-east-2 .amazonaws .com in TLS SNI) (malware.rules)
2057118 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (prepare2swim .com) (exploit_kit.rules)

Pro:

2858827 - ETPRO HUNTING V8 JavaScript Engine JIT Forcing Observed - Investigate Possible Exploitation M4 (hunting.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	336	January 25, 2024
Ruleset Update Summary - 2024/11/15 - v10743 Ruleset Updates	92	November 15, 2024
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	92	November 12, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	486	February 20, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	932	March 11, 2024

Ruleset Update Summary - 2024/10/28 - v10729

Summary:

Added rules:

Open:

Pro:

Related topics