Ruleset Update Summary - 2024/11/13 - v10741

Ruleset Updates
1

Summary:

30 new OPEN, 33 new PRO (30 + 3)

Added rules:

Open:

  • 2057410 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (netwrokenb .cyou) (malware.rules)
  • 2057411 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (netwrokenb .cyou in TLS SNI) (malware.rules)
  • 2057412 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stupid-edsee .cyou) (malware.rules)
  • 2057413 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stupid-edsee .cyou in TLS SNI) (malware.rules)
  • 2057414 - ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340) (web_specific_apps.rules)
  • 2057415 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marshal-zhukov .com) (malware.rules)
  • 2057416 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (marshal-zhukov .com in TLS SNI) (malware.rules)
  • 2057417 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (approvfoor .com) (malware.rules)
  • 2057418 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (approvfoor .com in TLS SNI) (malware.rules)
  • 2057419 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (approvedne .fun) (malware.rules)
  • 2057420 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (approvedne .fun in TLS SNI) (malware.rules)
  • 2057421 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (actgrievny .fun) (malware.rules)
  • 2057422 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (actgrievny .fun in TLS SNI) (malware.rules)
  • 2057423 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ignofinisheui .icu) (malware.rules)
  • 2057424 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ignofinisheui .icu in TLS SNI) (malware.rules)
  • 2057425 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (quiantiaj .icu) (malware.rules)
  • 2057426 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (quiantiaj .icu in TLS SNI) (malware.rules)
  • 2057427 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dismissanw .icu) (malware.rules)
  • 2057428 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dismissanw .icu in TLS SNI) (malware.rules)
  • 2057429 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (packagednyb .cyou) (malware.rules)
  • 2057430 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (packagednyb .cyou in TLS SNI) (malware.rules)
  • 2057431 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (villagedguy .cyou) (malware.rules)
  • 2057432 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (villagedguy .cyou in TLS SNI) (malware.rules)
  • 2057433 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lossycristi .cyou) (malware.rules)
  • 2057434 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lossycristi .cyou in TLS SNI) (malware.rules)
  • 2057435 - ET WEB_SPECIFIC_APPS Citrix Session Recording Remote Code Execution (CVE-2024-8069) (web_specific_apps.rules)
  • 2057436 - ET WEB_SPECIFIC_APPS Mura CMS SQL Injection via processAsyncObject API Method (CVE-2024-32640) (web_specific_apps.rules)
  • 2057437 - ET WEB_SPECIFIC_APPS NGINX UI Authenticated Remote Command Execution in logrotate (CVE-2024-49368) (web_specific_apps.rules)
  • 2057438 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (xcdd1003 .com) (exploit_kit.rules)
  • 2057439 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (xcdd1003 .com) (exploit_kit.rules)

Pro:

  • 2859018 - ETPRO EXPLOIT NTLM Hash Disclosure via InternetShortcut File Inbound (CVE-2024-43451) (exploit.rules)
  • 2859019 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859020 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)