Ruleset Update Summary - 2024/11/08 - v10738

rulesbot · November 8, 2024, 9:51pm

Summary:

14 new OPEN, 31 new PRO (14 + 17)

2057320 - ET INFO DYNAMIC_DNS Query to a *.unitgrapigs .com domain (info.rules)
2057321 - ET INFO DYNAMIC_DNS HTTP Request to a *.unitgrapigs .com domain (info.rules)
2057322 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (boltycoupeln .cyou) (malware.rules)
2057323 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (boltycoupeln .cyou in TLS SNI) (malware.rules)
2057324 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (boys .terrifyenyb .icu) (malware.rules)
2057325 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (boys .terrifyenyb .icu in TLS SNI) (malware.rules)
2057326 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (travis .terrifyenyb .icu) (malware.rules)
2057327 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (travis .terrifyenyb .icu in TLS SNI) (malware.rules)
2057328 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (uniquedpieco .site) (malware.rules)
2057329 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (uniquedpieco .site in TLS SNI) (malware.rules)
2057330 - ET WEB_SPECIFIC_APPS D-Link NAS OS Command Injection in cgi_user_add Function (CVE-2024-10914) (web_specific_apps.rules)
2057331 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (junocis .com) (exploit_kit.rules)
2057332 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (junocis .com) (exploit_kit.rules)
2057333 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 (phishing.rules)

2858914 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858915 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858916 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858917 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858918 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858919 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858920 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858921 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2858922 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2858923 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2858924 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2858925 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2858926 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2858927 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2858928 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2858929 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2858930 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/11/11 - v10739 Ruleset Updates	79	November 11, 2024
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	93	November 12, 2024
Ruleset Update Summary - 2024/11/15 - v10743 Ruleset Updates	96	November 15, 2024
Ruleset Update Summary - 2024/03/08 - v10548 Ruleset Updates	239	March 8, 2024
Ruleset Update Summary - 2024/03/11 - v10549 Ruleset Updates	933	March 11, 2024