Ruleset Update Summary - 2024/10/31 - v10732

rulesbot · October 31, 2024, 6:50pm

Summary:

18 new OPEN, 32 new PRO (18 + 14)

Thanks @_CERT_UA

Added rules:

Open:

2057162 - ET HUNTING Symbolic Link (SLK) Excel XLM Macro (hunting.rules)
2057163 - ET INFO DNS Query to Abused File Sharing Service (qaz .is) (info.rules)
2057164 - ET INFO Observed Abused File Sharing Service Domain (qaz .is in TLS SNI) (info.rules)
2057165 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (becreativemind .com) (exploit_kit.rules)
2057166 - ET MALWARE Observed DNS Query to UAC-0050 Domain (dpsu-gov-ua .com) (malware.rules)
2057167 - ET MALWARE Observed DNS Query to UAC-0050 Domain (tax-gov-ua .com) (malware.rules)
2057168 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (becreativemind .com) (exploit_kit.rules)
2057169 - ET MALWARE Observed UAC-0050 Domain (dpsu-gov-ua .com in TLS SNI) (malware.rules)
2057170 - ET MALWARE Observed UAC-0050 Domain (tax-gov-ua .com in TLS SNI) (malware.rules)
2057171 - ET MALWARE Observed UAC-0050 CnC Activity (malware.rules)
2057172 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (countymushroom .cyou) (malware.rules)
2057173 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (countymushroom .cyou in TLS SNI) (malware.rules)
2057174 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (forbidstow .site) (malware.rules)
2057175 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (forbidstow .site in TLS SNI) (malware.rules)
2057176 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hurlywolky .cyou) (malware.rules)
2057177 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hurlywolky .cyou in TLS SNI) (malware.rules)
2057178 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatmentyj .cyou) (malware.rules)
2057179 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (treatmentyj .cyou in TLS SNI) (malware.rules)

Pro:

2858844 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858845 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858846 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858847 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858848 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2858849 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858850 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2858851 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858852 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2858853 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858854 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858855 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2858856 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2858857 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/01/06 - v10830 Ruleset Updates	160	January 6, 2025
Ruleset Update Summary - 2024/07/05 - v10639 Ruleset Updates	144	July 5, 2024
Ruleset Update Summary - 2024/07/11 - v10643 Ruleset Updates	96	July 11, 2024
Ruleset Update Summary - 2024/01/08 - v10501 Ruleset Updates	578	January 8, 2024
Ruleset Update Summary - 2024/08/22 - v10672 Ruleset Updates	80	August 22, 2024

Ruleset Update Summary - 2024/10/31 - v10732

Summary:

Added rules:

Open:

Pro:

Related topics