Ruleset Update Summary - 2024/11/06 - v10736

Ruleset Updates
1

Summary:

27 new OPEN, 27 new PRO (27 + 0)

Added rules:

Open:

  • 2057273 - ET PHISHING BULLSreCaptcha Credential Phish Landing Page M1 2024-10-17 (phishing.rules)
  • 2057274 - ET PHISHING Suspected BULLSreCaptcha Credential Phish Landing Page M2 2024-10-17 (phishing.rules)
  • 2057275 - ET PHISHING BULLSreCaptcha Credential Phish Landing Page M3 2024-10-17 (phishing.rules)
  • 2057276 - ET PHISHING BULLSreCaptcha Credential Phish - Request for Landing Page 2024-10-17 (phishing.rules)
  • 2057277 - ET PHISHING Suspected BULLSreCaptcha Credential Phish Landing Page 2024-10-18 (phishing.rules)
  • 2057278 - ET PHISHING Successful BULLSreCaptcha Credential Phish M1 2024-10-18 (phishing.rules)
  • 2057279 - ET PHISHING Successful BULLSreCaptcha Credential Phish M2 2024-10-18 (phishing.rules)
  • 2057280 - ET PHISHING Google Redirect to Generic Credential Phish Landing Page 2024-11-05 (phishing.rules)
  • 2057281 - ET WEB_SPECIFIC_APPS Microsoft Sharepoint BDCM File Creation (CVE-2023-24955) (web_specific_apps.rules)
  • 2057282 - ET WEB_SPECIFIC_APPS Microsoft Sharepoint BDCM Execution (CVE-2023-24955) (web_specific_apps.rules)
  • 2057283 - ET MALWARE HTTP Request to Remcos Payload M1 (malware.rules)
  • 2057284 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (knifedxejsu .cyou) (malware.rules)
  • 2057285 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (knifedxejsu .cyou in TLS SNI) (malware.rules)
  • 2057286 - ET WEB_SPECIFIC_APPS Microsoft Sharepoint BDCM File Creation (CVE-2024-38094) (web_specific_apps.rules)
  • 2057287 - ET INFO DYNAMIC_DNS Query to a * .fumoff .com Domain (info.rules)
  • 2057288 - ET INFO DYNAMIC_DNS HTTP Request to a * .fumoff .com Domain (info.rules)
  • 2057289 - ET INFO DYNAMIC_DNS Query to a * .motokultivator .net Domain (info.rules)
  • 2057290 - ET INFO DYNAMIC_DNS HTTP Request to a * .motokultivator .net Domain (info.rules)
  • 2057291 - ET WEB_SPECIFIC_APPS Microsoft Sharepoint BDCM Execution (CVE-2024-38094) (web_specific_apps.rules)
  • 2057292 - ET MALWARE HTTP Request to Remcos Payload M2 (malware.rules)
  • 2057293 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dailyfragrancedeals .com) (exploit_kit.rules)
  • 2057294 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (girlsgifs .com) (exploit_kit.rules)
  • 2057295 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dailyfragrancedeals .com) (exploit_kit.rules)
  • 2057296 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (girlsgifs .com) (exploit_kit.rules)
  • 2057297 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (vicrin .com) (exploit_kit.rules)
  • 2057298 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (vicrin .com) (exploit_kit.rules)
  • 2057299 - ET PHISHING Successful Generic Credential Phish 2024-11-06 (phishing.rules)

Disabled and modified rules:

  • 2050288 - ET MALWARE ScarCruft TA409 Domain in DNS Lookup (app .documentoffice .club) (malware.rules)
  • 2053802 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (interactiveuidevelopment .com) (exploit_kit.rules)
  • 2053803 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (interactiveuidevelopment .com) (exploit_kit.rules)
  • 2054029 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (cejecuu4 .xyz) (exploit_kit.rules)
  • 2054030 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (cejecuu4 .xyz) (exploit_kit.rules)
  • 2054113 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (daslkjfhi2 .shop) (exploit_kit.rules)
  • 2054114 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (daslkjfhi2 .shop) (exploit_kit.rules)
  • 2054196 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (frontendcodingtips .com) (exploit_kit.rules)
  • 2054197 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (frontendcodingtips .com) (exploit_kit.rules)
  • 2054219 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (jswebcloud .net) (exploit_kit.rules)
  • 2054220 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (jswebcloud .net) (exploit_kit.rules)
  • 2054221 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (speedchaoptimise .com) (exploit_kit.rules)
  • 2054222 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (speedchaoptimise .com) (exploit_kit.rules)
  • 2054378 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (filesoftdownload .shop) (exploit_kit.rules)
  • 2054379 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (filesoftdownload .shop) (exploit_kit.rules)
  • 2055682 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (creatlva .shop) (exploit_kit.rules)
  • 2055683 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (sellifypro .com) (exploit_kit.rules)
  • 2055684 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (creatlva .shop) (exploit_kit.rules)
  • 2055685 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (sellifypro .com) (exploit_kit.rules)
  • 2055686 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .podcast .lisameyerson .com) (malware.rules)
  • 2055687 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .podcast .lisameyerson .com) (malware.rules)
  • 2055688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (securityassociationgoa .com) (exploit_kit.rules)
  • 2055689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (securityassociationgoa .com) (exploit_kit.rules)
  • 2055707 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (southasianfitness .com) (exploit_kit.rules)
  • 2055708 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (villasara974 .com) (exploit_kit.rules)
  • 2055709 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (southasianfitness .com) (exploit_kit.rules)
  • 2055710 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (villasara974 .com) (exploit_kit.rules)
  • 2055711 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (novastraem .com) (exploit_kit.rules)
  • 2055712 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendgurupro .com) (exploit_kit.rules)
  • 2055713 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (advertispro .com) (exploit_kit.rules)
  • 2055714 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (graphisprintstudio .com) (exploit_kit.rules)
  • 2055715 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (techtnee .com) (exploit_kit.rules)
  • 2055716 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (brandilift .com) (exploit_kit.rules)
  • 2055717 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (novastraem .com) (exploit_kit.rules)
  • 2055718 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendgurupro .com) (exploit_kit.rules)
  • 2055719 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (advertispro .com) (exploit_kit.rules)
  • 2055720 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (graphisprintstudio .com) (exploit_kit.rules)
  • 2055721 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (techtnee .com) (exploit_kit.rules)
  • 2055722 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (brandilift .com) (exploit_kit.rules)
  • 2055729 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statspots .com) (exploit_kit.rules)
  • 2055730 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (horlzonhub .com) (exploit_kit.rules)
  • 2055731 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statspots .com) (exploit_kit.rules)
  • 2055732 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (horlzonhub .com) (exploit_kit.rules)
  • 2055733 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kineticrockburgers .com) (exploit_kit.rules)
  • 2055734 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theonerealsolution .com) (exploit_kit.rules)
  • 2055735 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kineticrockburgers .com) (exploit_kit.rules)
  • 2055736 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theonerealsolution .com) (exploit_kit.rules)
  • 2055756 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (analytisweb .com) (exploit_kit.rules)
  • 2055757 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (analytisweb .com) (exploit_kit.rules)
  • 2055758 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theapplefix .com) (exploit_kit.rules)
  • 2055759 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theapplefix .com) (exploit_kit.rules)
  • 2055766 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (menucore .com) (exploit_kit.rules)
  • 2055767 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (menucore .com) (exploit_kit.rules)
  • 2856349 - ETPRO EXPLOIT_KIT ZPHP Lure Request M5 (exploit_kit.rules)
  • 2856410 - ETPRO EXPLOIT_KIT ZPHP Lure Request M6 (exploit_kit.rules)
  • 2856411 - ETPRO EXPLOIT_KIT ZPHP Lure Request M7 (exploit_kit.rules)
  • 2856505 - ETPRO EXPLOIT_KIT Malicious Keitaro TDS Domain in DNS Lookup (exploit_kit.rules)
  • 2856506 - ETPRO EXPLOIT_KIT Malicious Keitaro TDS Domain in TLS SNI (exploit_kit.rules)
  • 2857740 - ETPRO EXPLOIT_KIT Notification Scam Domain in DNS Lookup (exploit_kit.rules)
  • 2857741 - ETPRO EXPLOIT_KIT Notification Scam Domain in TLS SNI (exploit_kit.rules)
  • 2858710 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858738 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858739 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858740 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858793 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Removed rules:

  • 2858711 - ETPRO PHISHING BULLSreCaptcha Credential Phish Landing Page M1 2024-10-17 (phishing.rules)
  • 2858712 - ETPRO PHISHING Suspected BULLSreCaptcha Credential Phish Landing Page M2 2024-10-17 (phishing.rules)
  • 2858713 - ETPRO PHISHING BULLSreCaptcha Credential Phish Landing Page M3 2024-10-17 (phishing.rules)
  • 2858714 - ETPRO PHISHING BULLSreCaptcha Credential Phish - Request for Landing Page 2024-10-17 (phishing.rules)
  • 2858734 - ETPRO PHISHING Suspected BULLSreCaptcha Credential Phish Landing Page 2024-10-18 (phishing.rules)
  • 2858735 - ETPRO PHISHING Successful BULLSreCaptcha Credential Phish M1 2024-10-18 (phishing.rules)
  • 2858736 - ETPRO PHISHING Successful BULLSreCaptcha Credential Phish M2 2024-10-18 (phishing.rules)
  • 2858896 - ETPRO PHISHING Google Redirect to Generic Credential Phish Landing Page 2024-11-05 (phishing.rules)