Ruleset Update Summary - 2024/11/07 - v10737

Ruleset Updates
1

Summary:

20 new OPEN, 37 new PRO (20 + 17)

Added rules:

Open:

  • 2057300 - ET PHISHING DadSec Credential Phish Landing Page 2024-11-07 (phishing.rules)
  • 2057301 - ET PHISHING Generic Credential Phish Landing Page with Explicit Cloudflare Turnstile Rendering 2024-11-07 (phishing.rules)
  • 2057302 - ET PHISHING Generic Credential Phish Landing Page with Implicit Cloudflare Turnstile Rendering 2024-11-07 (phishing.rules)
  • 2057303 - ET INFO DYNAMIC_DNS Query to a *.raporlar .com domain (info.rules)
  • 2057304 - ET INFO DYNAMIC_DNS HTTP Request to a *.raporlar .com domain (info.rules)
  • 2057305 - ET INFO DYNAMIC_DNS Query to a *.daustin .com domain (info.rules)
  • 2057306 - ET INFO DYNAMIC_DNS HTTP Request to a *.daustin .com domain (info.rules)
  • 2057307 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elitedwari .cyou) (malware.rules)
  • 2057308 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (elitedwari .cyou in TLS SNI) (malware.rules)
  • 2057309 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ironadminz .cyou) (malware.rules)
  • 2057310 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ironadminz .cyou in TLS SNI) (malware.rules)
  • 2057311 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (passtyannyb .icu) (malware.rules)
  • 2057312 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (passtyannyb .icu in TLS SNI) (malware.rules)
  • 2057313 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wanderlust-gadgetnews .shop) (malware.rules)
  • 2057314 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wanderlust-gadgetnews .shop in TLS SNI) (malware.rules)
  • 2057315 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (compugest .com) (exploit_kit.rules)
  • 2057316 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (compugest .com) (exploit_kit.rules)
  • 2057317 - ET WEB_SPECIFIC_APPS D-Link DWL-2600AP Command Injection Attempt (CVE-2019-20499, CVE-2019-20500, CVE-2019-20501) (web_specific_apps.rules)
  • 2057318 - ET WEB_SPECIFIC_APPS Arris TR3300 user.cgi Command Injection Attempt (CVE-2022-27002) (web_specific_apps.rules)
  • 2057319 - ET WEB_SPECIFIC_APPS Tenda HG9 Router Command Injection Attempt (CVE-2022-30023) (web_specific_apps.rules)

Pro:

  • 2858897 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858898 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858899 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2858900 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2858901 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858902 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858903 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2858904 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858905 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2858906 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2858907 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2858908 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2858909 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2858910 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2858911 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2858912 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2858913 - ETPRO MALWARE PhoneLink CnC Exfiltration (POST) (malware.rules)