Ruleset Update Summary - 2024/11/01 - v10733

Summary:

18 new OPEN, 18 new PRO (18 + 0)

Thanks @israelgov


Added rules:

Open:

  • 2057180 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hornylught .cyou) (malware.rules)
  • 2057181 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hornylught .cyou in TLS SNI) (malware.rules)
  • 2057182 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (getstylify .com) (exploit_kit.rules)
  • 2057183 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (getstylify .com) (exploit_kit.rules)
  • 2057184 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (happyllfe .online) (exploit_kit.rules)
  • 2057185 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (happyllfe .online) (exploit_kit.rules)
  • 2057186 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (marketexpert .site) (exploit_kit.rules)
  • 2057187 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (marketexpert .site) (exploit_kit.rules)
  • 2057188 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (metricsy .shop) (exploit_kit.rules)
  • 2057189 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (metricsy .shop) (exploit_kit.rules)
  • 2057190 - ET MALWARE Observed DNS Query to BlackShadow Domain (rafaelsupport .com) (malware.rules)
  • 2057191 - ET MALWARE Observed DNS Query to BlackShadow Domain (vacationtogotravels .net) (malware.rules)
  • 2057192 - ET MALWARE Observed DNS Query to BlackShadow Domain (rafaelconnect .com) (malware.rules)
  • 2057193 - ET MALWARE Observed BlackShadow Domain (rafaelsupport .com in TLS SNI) (malware.rules)
  • 2057194 - ET MALWARE Observed BlackShadow Domain (vacationtogotravels .net in TLS SNI) (malware.rules)
  • 2057195 - ET MALWARE Observed BlackShadow Domain (rafaelconnect .com in TLS SNI) (malware.rules)
  • 2057196 - ET MALWARE Win32/BlackShadow Activity (GET) M1 (malware.rules)
  • 2057197 - ET PHISHING BlackShadow Raphael Company Impersonation Form Submission (phishing.rules)