Ruleset Update Summary - 2024/11/28 - v10760

Summary:

6 new OPEN, 7 new PRO (6 + 1)


Added rules:

Open:

  • 2057897 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .studio .lacrenshawcrossing .com) (malware.rules)
  • 2057898 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .studio .lacrenshawcrossing .com) (malware.rules)
  • 2057899 - ET INFO DYNAMIC_DNS Query to a *.extremelyorange .com domain (info.rules)
  • 2057900 - ET INFO DYNAMIC_DNS HTTP Request to a *.extremelyorange .com domain (info.rules)
  • 2057901 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (teentyinch .fun) (malware.rules)
  • 2057902 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (teentyinch .fun in TLS SNI) (malware.rules)

Pro:

  • 2859208 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)