Ruleset Update Summary - 2024/11/21 - v10747

rulesbot · November 21, 2024, 9:41pm

Summary:

37 new OPEN, 41 new PRO (37 + 4)

Thanks @ESET, @RecordedFuture

Added rules:

Open:

2057741 - ET MALWARE TA582 CnC Checkin (malware.rules)
2057742 - ET MALWARE TA426/Zebrocy Hatvibe CnC Server Response M1 (malware.rules)
2057743 - ET MALWARE TA582 CnC Checkin (malware.rules)
2057744 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram (malware.rules)
2057745 - ET INFO DNS Query to Cloudflare Page Developer Domain (pages .dev) (info.rules)
2057746 - ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI) (info.rules)
2057747 - ET WEB_SPECIFIC_APPS Fortra FileCatalyst Workflow Unauthenticated SQLi (CVE-2024-5276) (web_specific_apps.rules)
2057748 - ET MALWARE Gelsemium APT Related Domain in DNS Lookup (dsdsei .com) (malware.rules)
2057749 - ET MALWARE Gelsemium APT Related Domain in DNS Lookup (asidomain .com) (malware.rules)
2057750 - ET INFO DYNAMIC_DNS Query to a *.nutripunctureasia .com domain (info.rules)
2057751 - ET INFO DYNAMIC_DNS HTTP Request to a *.nutripunctureasia .com domain (info.rules)
2057752 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (steep-number .cyou) (malware.rules)
2057753 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (steep-number .cyou in TLS SNI) (malware.rules)
2057754 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (telemetry-network .com) (malware.rules)
2057755 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (experience-improvement .com) (malware.rules)
2057756 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (errorreporting .net) (malware.rules)
2057757 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (lanmangraphics .com) (malware.rules)
2057758 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (tieringservice .com) (malware.rules)
2057759 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (internalsecurity .us) (malware.rules)
2057760 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (game-wins .com) (malware.rules)
2057761 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (retaildemo .info) (malware.rules)
2057762 - ET MALWARE TA426/Zebrocy Related Domain in DNS Lookup (shared-rss .info) (malware.rules)
2057763 - ET MALWARE Observed TA426/Zebrocy Domain (telemetry-network .com) in TLS SNI (malware.rules)
2057764 - ET MALWARE Observed TA426/Zebrocy Domain (experience-improvement .com) in TLS SNI (malware.rules)
2057765 - ET MALWARE Observed TA426/Zebrocy Domain (errorreporting .net) in TLS SNI (malware.rules)
2057766 - ET MALWARE Observed TA426/Zebrocy Domain (lanmangraphics .com) in TLS SNI (malware.rules)
2057767 - ET MALWARE Observed TA426/Zebrocy Domain (tieringservice .com) in TLS SNI (malware.rules)
2057768 - ET MALWARE Observed TA426/Zebrocy Domain (internalsecurity .us) in TLS SNI (malware.rules)
2057769 - ET MALWARE Observed TA426/Zebrocy Domain (game-wins .com) in TLS SNI (malware.rules)
2057770 - ET MALWARE Observed TA426/Zebrocy Domain (retaildemo .info) in TLS SNI (malware.rules)
2057771 - ET MALWARE Observed TA426/Zebrocy Domain (shared-rss .info) in TLS SNI (malware.rules)
2057772 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (swaceapp .com) (exploit_kit.rules)
2057773 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (swaceapp .com) (exploit_kit.rules)
2057774 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (elizgallery .com) (exploit_kit.rules)
2057775 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (elizgallery .com) (exploit_kit.rules)
2057776 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cases .pcohenlaw .com) (malware.rules)
2057777 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .cases .pcohenlaw .com) (malware.rules)

Pro:

2859125 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859126 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859127 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859128 - ETPRO EXPLOIT Windows SMB Denial of Service Attempt Inbound (CVE-2024-43642) (exploit.rules)

Modified inactive rules:

2044888 - ET MALWARE Snake Keylogger Domain in DNS Lookup (xfl .mooo .com) (malware.rules)

Disabled and modified rules:

2057063 - ET MALWARE Mints.Loader CnC Activity (GET) (malware.rules)
2057710 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (bytesbazar .com) (exploit_kit.rules)

Removed rules:

2856654 - ETPRO MALWARE TA582 CnC Checkin (malware.rules)
2858291 - ETPRO MALWARE TA582 CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/10/28 - v10729 Ruleset Updates	79	October 28, 2024
Ruleset Update Summary - 2024/01/25 - v10514 Ruleset Updates	336	January 25, 2024
Ruleset Update Summary - 2024/01/10 - v10503 Ruleset Updates	412	January 10, 2024
Ruleset Update Summary - 2023/07/18 - v10374 Ruleset Updates	230	July 18, 2023
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	488	February 20, 2024

Ruleset Update Summary - 2024/11/21 - v10747

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Disabled and modified rules:

Removed rules:

Related topics