Summary:
13 new OPEN, 14 new PRO (13 + 1)
Added rules:
Open:
- 2057778 - ET WEB_SPECIFIC_APPS SAP BusinessObjects Business Intelligence Platform Authentication Bypass Attempt (CVE-2024-41730) (web_specific_apps.rules)
- 2057779 - ET ATTACK_RESPONSE Clickfix Payload Inbound (Portuguese) (attack_response.rules)
- 2057780 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (16october-etmdeposit329 .top) (exploit_kit.rules)
- 2057781 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (jaipurraj .com) (exploit_kit.rules)
- 2057782 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (16october-etmdeposit329 .top) (exploit_kit.rules)
- 2057783 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (jaipurraj .com) (exploit_kit.rules)
- 2057784 - ET MALWARE Glove Stealer CnC Domain in DNS Lookup (master .hdsjfkgsadoghdsiougds .space) (malware.rules)
- 2057785 - ET MALWARE Glove Stealer CnC Domain in DNS Lookup (master .volt-texs .online) (malware.rules)
- 2057786 - ET MALWARE Observed Glove Stealer Domain (master .hdsjfkgsadoghdsiougds .space) in TLS SNI (malware.rules)
- 2057787 - ET MALWARE Observed Glove Stealer Domain (master .volt-texs .online) in TLS SNI (malware.rules)
- 2057788 - ET MALWARE Clickfix Style Post-Infection CnC Request (GET) (malware.rules)
- 2057789 - ET MALWARE Glove Stealer C2 Response (malware.rules)
- 2057790 - ET MALWARE Glove Stealer Data Exfiltration Attempt (malware.rules)
Pro:
- 2859129 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
Modified inactive rules:
- 2035803 - ET MALWARE Observed DNS Query to TA455 Domain (careers-finder .com) (malware.rules)
- 2035805 - ET MALWARE Observed DNS Query to TA455 Domain (supportskype .com) (malware.rules)
- 2035807 - ET MALWARE Observed DNS Query to TA455 Domain (cortanaupdate .co) (malware.rules)
- 2035808 - ET MALWARE Observed DNS Query to TA455 Domain (cortanaservice .com) (malware.rules)
- 2035809 - ET MALWARE Observed DNS Query to TA455 Domain (cloudgoogle .co) (malware.rules)
- 2035810 - ET MALWARE Observed DNS Query to TA455 Domain (onedrivelive .me) (malware.rules)
- 2035811 - ET MALWARE Observed DNS Query to TA455 Domain (edge-cloudservices .com) (malware.rules)
- 2035812 - ET MALWARE Observed DNS Query to TA455 Domain (online-audible .com) (malware.rules)
- 2035813 - ET MALWARE Observed DNS Query to TA455 Domain (updatedefender .net) (malware.rules)
- 2035814 - ET MALWARE Observed DNS Query to TA455 Domain (sparrowsgroup .org) (malware.rules)
- 2035815 - ET MALWARE Observed DNS Query to TA455 Domain (helpdesk-product .com) (malware.rules)
- 2035816 - ET MALWARE Observed DNS Query to TA455 Domain (defenderupdate .ddns .net) (malware.rules)
- 2035817 - ET MALWARE Observed DNS Query to TA455 Domain (enerflex .ddns .net) (malware.rules)
- 2035819 - ET MALWARE Observed DNS Query to TA455 Domain (khaleejtimes .co) (malware.rules)
- 2035820 - ET MALWARE Observed DNS Query to TA455 Domain (microsoftdefender .info) (malware.rules)
- 2035821 - ET MALWARE Observed DNS Query to TA455 Domain (outlookde .live) (malware.rules)
- 2035822 - ET MALWARE Observed DNS Query to TA455 Domain (lukoil .in) (malware.rules)
- 2035824 - ET MALWARE Observed DNS Query to TA455 Domain (online-chess .live) (malware.rules)
- 2035825 - ET MALWARE Observed DNS Query to TA455 Domain (exprogroup .org) (malware.rules)
- 2035826 - ET MALWARE Observed DNS Query to TA455 Domain (saipem .org) (malware.rules)
- 2035827 - ET MALWARE Observed DNS Query to TA455 Domain (mastergatevpn .com) (malware.rules)
- 2035828 - ET MALWARE Observed DNS Query to TA455 Domain (sauditourismguide .com) (malware.rules)
- 2035829 - ET MALWARE Observed DNS Query to TA455 Domain (listen-books .com) (malware.rules)
- 2035830 - ET MALWARE Observed DNS Query to TA455 Domain (updateservices .co) (malware.rules)
- 2035831 - ET MALWARE Observed DNS Query to TA455 Domain (microsoftcdn .co) (malware.rules)
- 2035832 - ET MALWARE Observed DNS Query to TA455 Domain (office-shop .me) (malware.rules)
- 2035833 - ET MALWARE Observed DNS Query to TA455 Domain (sharepointnotify .com) (malware.rules)
- 2035834 - ET MALWARE Observed DNS Query to TA455 Domain (globaltalent .in) (malware.rules)
- 2035835 - ET MALWARE Observed DNS Query to TA455 Domain (savemoneytrick .com) (malware.rules)
- 2035836 - ET MALWARE Observed DNS Query to TA455 Domain (microsoftedgesh .info) (malware.rules)
- 2035837 - ET MALWARE Observed DNS Query to TA455 Domain (outlookdelivery .com) (malware.rules)
- 2035838 - ET MALWARE Observed DNS Query to TA455 Domain (remgrogroup .com) (malware.rules)
- 2035839 - ET MALWARE Observed DNS Query to TA455 Domain (onedriveupdate .net) (malware.rules)
- 2035840 - ET MALWARE Observed DNS Query to TA455 Domain (getadobe .ddns .net) (malware.rules)
- 2035841 - ET MALWARE Observed DNS Query to TA455 Domain (googleservices .co) (malware.rules)
- 2035842 - ET MALWARE Observed DNS Query to TA455 Domain (librarycollection .org) (malware.rules)
- 2035843 - ET MALWARE Observed DNS Query to TA455 Domain (freechess .live) (malware.rules)
- 2035844 - ET MALWARE Observed DNS Query to TA455 Domain (elecresearch .org) (malware.rules)
- 2035845 - ET MALWARE Observed DNS Query to TA455 Domain (applytalents .com) (malware.rules)
- 2035846 - ET MALWARE Observed DNS Query to TA455 Domain (updateddns .ddns .net) (malware.rules)
- 2035847 - ET MALWARE Observed DNS Query to TA455 Domain (mideasthiring .com) (malware.rules)
- 2035848 - ET MALWARE Observed DNS Query to TA455 Domain (appslocallogin .online) (malware.rules)
- 2035849 - ET MALWARE Observed DNS Query to TA455 Domain (apply-jobs .com) (malware.rules)
- 2035850 - ET MALWARE Observed DNS Query to TA455 Domain (funnychess .online) (malware.rules)
- 2035851 - ET MALWARE Observed DNS Query to TA455 Domain (talent-recruitment .org) (malware.rules)
- 2035853 - ET MALWARE Observed DNS Query to TA455 Domain (updatedns .ddns .net) (malware.rules)
- 2035854 - ET MALWARE Observed DNS Query to TA455 Domain (thefreemovies .net) (malware.rules)
- 2035855 - ET MALWARE Observed DNS Query to TA455 Domain (talktalky .azurewebsites .net) (malware.rules)
- 2035856 - ET MALWARE Observed DNS Query to TA455 Domain (etisalatonline .com) (malware.rules)
- 2049921 - ET MALWARE Observed Lumma Stealer Related Domain (playerweighmailydailew .pw in TLS SNI) (malware.rules)
- 2051553 - ET MALWARE Observed Lumma Stealer Related Domain (lighterepisodeheighte .funs in TLS SNI) (malware.rules)
- 2051554 - ET MALWARE Observed Lumma Stealer Related Domain (superemeboxlogosites .pro in TLS SNI) (malware.rules)
- 2051555 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .funs in TLS SNI) (malware.rules)
- 2051556 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pww in TLS SNI) (malware.rules)
- 2051589 - ET MALWARE Observed Lumma Stealer Related Domain (edurestunningcrackyow .fung in TLS SNI) (malware.rules)
- 2051590 - ET MALWARE Observed Lumma Stealer Related Domain (pooreveningfuseor .pwq in TLS SNI) (malware.rules)
- 2053723 - ET INFO DYNAMIC_DNS Query to a *.dyndns-at-home .com Domain (info.rules)
- 2053724 - ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-at-home .com Domain (info.rules)
Disabled and modified rules:
- 2054585 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (chhimi .com) (exploit_kit.rules)
- 2054586 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (chhimi .com) (exploit_kit.rules)
- 2055869 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (smolcatkgi .shop) (exploit_kit.rules)
- 2055870 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (smolcatkgi .shop) (exploit_kit.rules)
- 2055875 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (whizability .com) (exploit_kit.rules)
- 2055876 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (whizability .com) (exploit_kit.rules)
- 2055901 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (uniquetouniquetechnicalservices .com) (exploit_kit.rules)
- 2055902 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (uniquetouniquetechnicalservices .com) (exploit_kit.rules)
- 2055920 - ET EXPLOIT_KIT Fake Browser Update Domain in DNS Lookup (updatechrllom .com) (exploit_kit.rules)
- 2055921 - ET EXPLOIT_KIT Fake Browser Update Domain in TLS SNI (updatechrllom .com) (exploit_kit.rules)
- 2055922 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (notablelibrary .com) (exploit_kit.rules)
- 2055923 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (notablelibrary .com) (exploit_kit.rules)
- 2055975 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (theaeroescorts .com) (exploit_kit.rules)
- 2055976 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (theaeroescorts .com) (exploit_kit.rules)
- 2055978 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chefspavilion .com) (exploit_kit.rules)
- 2055979 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chefspavilion .com) (exploit_kit.rules)
- 2055996 - ET EXPLOIT_KIT Fake Java Update Domain in DNS Lookup (javadevssdk .com) (exploit_kit.rules)
- 2055997 - ET EXPLOIT_KIT Fake Java Update Domain in TLS SNI (javadevssdk .com) (exploit_kit.rules)
- 2055998 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mtpolice2030 .com) (exploit_kit.rules)
- 2055999 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (mtpolice2030 .com) (exploit_kit.rules)
- 2056029 - ET EXPLOIT_KIT Fake Java Update Domain in DNS Lookup (mozilaupgrade .com) (exploit_kit.rules)
- 2056030 - ET EXPLOIT_KIT Fake Java Update Domain in TLS SNI (mozilaupgrade .com) (exploit_kit.rules)
- 2056082 - ET EXPLOIT_KIT Fake Java Update Domain in DNS Lookup (edgeupgrade .com) (exploit_kit.rules)
- 2056083 - ET EXPLOIT_KIT Fake Java Update Domain in TLS SNI (edgeupgrade .com) (exploit_kit.rules)
- 2056084 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (virtana-tech .com) (exploit_kit.rules)
- 2056085 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (virtana-tech .com) (exploit_kit.rules)
- 2858870 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858871 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858872 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858873 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858874 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858875 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858876 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858877 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858930 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)