Ruleset Update Summary - 2024/11/04 - v10734

rulesbot · November 4, 2024, 8:48pm

Summary:

48 new OPEN, 78 new PRO (48 + 30)

Thanks @GreyNoiseIO

Added rules:

Open:

2057198 - ET INFO DYNAMIC_DNS Query to a *.parisweb .it domain (info.rules)
2057199 - ET INFO DYNAMIC_DNS HTTP Request to a *.parisweb .it domain (info.rules)
2057200 - ET INFO DYNAMIC_DNS Query to a *.thebrittainlawfirm .com domain (info.rules)
2057201 - ET INFO DYNAMIC_DNS HTTP Request to a *.thebrittainlawfirm .com domain (info.rules)
2057202 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (computeryrati .site) (malware.rules)
2057203 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (computeryrati .site in TLS SNI) (malware.rules)
2057204 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drinkyresule .cyou) (malware.rules)
2057205 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drinkyresule .cyou in TLS SNI) (malware.rules)
2057206 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (herroassebm .cyou) (malware.rules)
2057207 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (herroassebm .cyou in TLS SNI) (malware.rules)
2057208 - ET INFO DYNAMIC_DNS Query to a *.rustyfoundation .com domain (info.rules)
2057209 - ET INFO DYNAMIC_DNS HTTP Request to a *.rustyfoundation .com domain (info.rules)
2057210 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (perfomnjshin .cyou) (malware.rules)
2057211 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (perfomnjshin .cyou in TLS SNI) (malware.rules)
2057212 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (proggresinvj .cyou) (malware.rules)
2057213 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (proggresinvj .cyou in TLS SNI) (malware.rules)
2057214 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (mercro .com) (exploit_kit.rules)
2057215 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (mercro .com) (exploit_kit.rules)
2057216 - ET EXPLOIT PTZOptics PT30X Authentication Bypass Attempt Inbound (CVE-2024-8956) (exploit.rules)
2057217 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mundiprep .com) (exploit_kit.rules)
2057218 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vinsaca .com) (exploit_kit.rules)
2057219 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (asianchow .com) (exploit_kit.rules)
2057220 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mundiprep .com) (exploit_kit.rules)
2057221 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vinsaca .com) (exploit_kit.rules)
2057222 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (asianchow .com) (exploit_kit.rules)
2057223 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (busineratty .cyou) (malware.rules)
2057224 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (busineratty .cyou in TLS SNI) (malware.rules)
2057225 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (joymagnutwy .cyou) (malware.rules)
2057226 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (joymagnutwy .cyou in TLS SNI) (malware.rules)
2057227 - ET EXPLOIT PTZOptics PT30X Successful Authentication Bypass (CVE-2024-8956) (exploit.rules)
2057228 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .strategies .mvpstrat .com) (malware.rules)
2057229 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .strategies .mvpstrat .com) (malware.rules)
2057230 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (uppermixturyz .site) (malware.rules)
2057231 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (uppermixturyz .site in TLS SNI) (malware.rules)
2057232 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bringlanejk .site) (malware.rules)
2057233 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bringlanejk .site in TLS SNI) (malware.rules)
2057234 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (honerstyzu .site) (malware.rules)
2057235 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (honerstyzu .site in TLS SNI) (malware.rules)
2057236 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plaintifuf .site) (malware.rules)
2057237 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plaintifuf .site in TLS SNI) (malware.rules)
2057238 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moeventmynz .site) (malware.rules)
2057239 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (moeventmynz .site in TLS SNI) (malware.rules)
2057240 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (unityshootsz .site) (malware.rules)
2057241 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (unityshootsz .site in TLS SNI) (malware.rules)
2057242 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (monopuncdz .site) (malware.rules)
2057243 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (monopuncdz .site in TLS SNI) (malware.rules)
2057244 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinfomarbke .site) (malware.rules)
2057245 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinfomarbke .site in TLS SNI) (malware.rules)

Pro:

2858858 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858859 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858860 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858861 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858862 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858863 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858864 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858865 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2858866 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2858867 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2858868 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2858869 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2858870 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858871 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858872 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858873 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858874 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858875 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858876 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858877 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858878 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2858879 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2858880 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2858881 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2858882 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2858883 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2858884 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2858885 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2858886 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2858887 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	938	March 11, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	344	January 25, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	241	March 8, 2024
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	112	November 12, 2024
Ruleset Update Summary - 2024/07/08 - v10640 Ruleset Updates	144	July 8, 2024

Ruleset Update Summary - 2024/11/04 - v10734

Summary:

Added rules:

Open:

Pro:

Related topics