Ruleset Update Summary - 2024/10/29 - v10730

rulesbot · October 29, 2024, 8:25pm

Summary:

31 new OPEN, 40 new PRO (31 + 9)

Added rules:

Open:

2057119 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store) (malware.rules)
2057120 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) (malware.rules)
2057121 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) (malware.rules)
2057122 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) (malware.rules)
2057123 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) (malware.rules)
2057124 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) (malware.rules)
2057125 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) (malware.rules)
2057126 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thumbystriw .store in TLS SNI) (malware.rules)
2057127 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) (malware.rules)
2057128 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fadehairucw .store in TLS SNI) (malware.rules)
2057129 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) (malware.rules)
2057130 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (crisiwarny .store in TLS SNI) (malware.rules)
2057131 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) (malware.rules)
2057132 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (presticitpo .store in TLS SNI) (malware.rules)
2057133 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ppi .circledexj .cyou) (malware.rules)
2057134 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ppi .circledexj .cyou in TLS SNI) (malware.rules)
2057135 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lossycristi .cyou) (malware.rules)
2057136 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lossycristi .cyou in TLS SNI) (malware.rules)
2057137 - ET WEB_SPECIFIC_APPS IBM Aspera Faspex Pre-Auth RCE Attempt (CVE-2022-47986) (web_specific_apps.rules)
2057138 - ET WEB_SPECIFIC_APPS Ivanti Cloud Service Appliance Authenticated Command Injection (CVE-2024-9380) (web_specific_apps.rules)
2057139 - ET INFO DYNAMIC_DNS Query to a * .jamesangel .com Domain (info.rules)
2057140 - ET INFO DYNAMIC_DNS HTTP Request to a * .jamesangel .com Domain (info.rules)
2057141 - ET MOBILE_MALWARE Android/TrickMo.Banker POST Request (mobile_malware.rules)
2057142 - ET MOBILE_MALWARE Android/TrickMo.Banker GET Config Request (mobile_malware.rules)
2057143 - ET MOBILE_MALWARE Android/TrickMo.Banker Config Response (mobile_malware.rules)
2057144 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (objmapper .com) (exploit_kit.rules)
2057145 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (variablescopetool .com) (exploit_kit.rules)
2057146 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (objmapper .com) (exploit_kit.rules)
2057147 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (variablescopetool .com) (exploit_kit.rules)
2057148 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hdlclub2 .cc) (exploit_kit.rules)
2057149 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hdlclub2 .cc) (exploit_kit.rules)

Pro:

2858828 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858829 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858830 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858831 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858832 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858833 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858834 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858842 - ETPRO MALWARE TA399/Sidewinder Domain in DNS Lookup (malware.rules)
2858843 - ETPRO MALWARE Observed TA399/Sidewinder Domain in TLS SNI (malware.rules)

Disabled and modified rules:

2055470 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (birddogerc .com) (exploit_kit.rules)
2055471 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (birddogerc .com) (exploit_kit.rules)
2055472 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (ajsdiaolke .shop) (exploit_kit.rules)
2055473 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (ajsdiaolke .shop) (exploit_kit.rules)
2055494 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .contest .printondemandmerchandise .com) (malware.rules)
2055495 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .contest .printondemandmerchandise .com) (malware.rules)
2055499 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckkystar .shop) (exploit_kit.rules)
2055500 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (selllify .shop) (exploit_kit.rules)
2055501 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artickon .shop) (exploit_kit.rules)
2055502 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (articon .website) (exploit_kit.rules)
2055503 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (seilsmart .shop) (exploit_kit.rules)
2055504 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (happyllfe .online) (exploit_kit.rules)
2055505 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckkystar .shop) (exploit_kit.rules)
2055506 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (selllify .shop) (exploit_kit.rules)
2055507 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artickon .shop) (exploit_kit.rules)
2055508 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (articon .website) (exploit_kit.rules)
2055509 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (seilsmart .shop) (exploit_kit.rules)
2055510 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (happyllfe .online) (exploit_kit.rules)
2055532 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (financialinvestmentsgrp .com) (exploit_kit.rules)
2055536 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (financialinvestmentsgrp .com) (exploit_kit.rules)
2055545 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (advertiq .shop) (exploit_kit.rules)
2055546 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (anontech .shop) (exploit_kit.rules)
2055547 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artistryhab .shop) (exploit_kit.rules)
2055548 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (chartismart .com) (exploit_kit.rules)
2055549 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (countora .shop) (exploit_kit.rules)
2055550 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (cssmagic .shop) (exploit_kit.rules)
2055551 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (desiqnia .shop) (exploit_kit.rules)
2055552 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphize .shop) (exploit_kit.rules)
2055553 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (joyfullday .shop) (exploit_kit.rules)
2055554 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckycharm .website) (exploit_kit.rules)
2055555 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (marketexpert .site) (exploit_kit.rules)
2055556 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (marketro .shop) (exploit_kit.rules)
2055557 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (metricsy .shop) (exploit_kit.rules)
2055558 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendori .shop) (exploit_kit.rules)
2055559 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (advertiq .shop) (exploit_kit.rules)
2055560 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (anontech .shop) (exploit_kit.rules)
2055561 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artistryhab .shop) (exploit_kit.rules)
2055562 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (chartismart .com) (exploit_kit.rules)
2055563 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (countora .shop) (exploit_kit.rules)
2055564 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (cssmagic .shop) (exploit_kit.rules)
2055565 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (desiqnia .shop) (exploit_kit.rules)
2055566 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphize .shop) (exploit_kit.rules)
2055567 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (joyfullday .shop) (exploit_kit.rules)
2055568 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckycharm .website) (exploit_kit.rules)
2055569 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (marketexpert .site) (exploit_kit.rules)
2055570 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (marketro .shop) (exploit_kit.rules)
2055571 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (metricsy .shop) (exploit_kit.rules)
2055572 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendori .shop) (exploit_kit.rules)
2055581 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (biginfo .xyz) (exploit_kit.rules)
2055582 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (biginfo .xyz) (exploit_kit.rules)
2055583 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (drmadhurao .com) (exploit_kit.rules)
2055584 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (drmadhurao .com) (exploit_kit.rules)
2055623 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (dealhunt .website) (exploit_kit.rules)
2055624 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (merchifly .shop) (exploit_kit.rules)
2055625 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (selloria .shop) (exploit_kit.rules)
2055626 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (designlq .com) (exploit_kit.rules)
2055627 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphlq .shop) (exploit_kit.rules)
2055628 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (javaninja .shop) (exploit_kit.rules)
2055629 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (creativeslim .com) (exploit_kit.rules)
2055630 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (dealhunt .website) (exploit_kit.rules)
2055631 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (merchifly .shop) (exploit_kit.rules)
2055632 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (selloria .shop) (exploit_kit.rules)
2055633 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (designlq .com) (exploit_kit.rules)
2055634 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphlq .shop) (exploit_kit.rules)
2055635 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (javaninja .shop) (exploit_kit.rules)
2055636 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (creativeslim .com) (exploit_kit.rules)
2055637 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (rentyrooms .com) (exploit_kit.rules)
2055638 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (rentyrooms .com) (exploit_kit.rules)
2055639 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (tayakay .com) (exploit_kit.rules)
2055640 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (tayakay .com) (exploit_kit.rules)
2055661 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (sofinefitness .com) (exploit_kit.rules)
2055662 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (genifyart .com) (exploit_kit.rules)
2055663 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (sofinefitness .com) (exploit_kit.rules)
2055664 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (genifyart .com) (exploit_kit.rules)
2055669 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (pixelia .shop) (exploit_kit.rules)
2055670 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (secunnet .shop) (exploit_kit.rules)
2055671 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (creatls .com) (exploit_kit.rules)
2055672 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (getstylify .com) (exploit_kit.rules)
2055673 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphiqsw .com) (exploit_kit.rules)
2055674 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (metricelevate .com) (exploit_kit.rules)
2055675 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (pixelia .shop) (exploit_kit.rules)
2055676 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (secunnet .shop) (exploit_kit.rules)
2055677 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (creatls .com) (exploit_kit.rules)
2055678 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (getstylify .com) (exploit_kit.rules)
2055679 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphiqsw .com) (exploit_kit.rules)
2055680 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (metricelevate .com) (exploit_kit.rules)
2057053 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arreggshow .cfd) (malware.rules)
2057054 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (arreggshow .cfd in TLS SNI) (malware.rules)
2057055 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wheatari .cyou) (malware.rules)
2057056 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wheatari .cyou in TLS SNI) (malware.rules)
2858679 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858680 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	83	November 12, 2024
Ruleset Update Summary - 2024/11/11 - v10739 Ruleset Updates	76	November 11, 2024
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	486	February 20, 2024
Ruleset Update Summary - 2024/05/20 - v10599 Ruleset Updates	150	May 20, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	932	March 11, 2024

Ruleset Update Summary - 2024/10/29 - v10730

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics