Ruleset Update Summary - 2024/11/29 - v10761

rulesbot · November 29, 2024, 9:43pm

Summary:

18 new OPEN, 23 new PRO (18 + 5)

Added rules:

Open:

2057903 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (copper-replace .sbs) (malware.rules)
2057904 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (copper-replace .sbs in TLS SNI) (malware.rules)
2057905 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (looky-marked .sbs) (malware.rules)
2057906 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (looky-marked .sbs in TLS SNI) (malware.rules)
2057907 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lumdreamyskies .shop) (malware.rules)
2057908 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lumdreamyskies .shop in TLS SNI) (malware.rules)
2057909 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plastic-mitten .sbs) (malware.rules)
2057910 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plastic-mitten .sbs in TLS SNI) (malware.rules)
2057911 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (preside-comforter .sbs) (malware.rules)
2057912 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (preside-comforter .sbs in TLS SNI) (malware.rules)
2057913 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (record-envyp .sbs) (malware.rules)
2057914 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (record-envyp .sbs in TLS SNI) (malware.rules)
2057915 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (savvy-steereo .sbs) (malware.rules)
2057916 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (savvy-steereo .sbs in TLS SNI) (malware.rules)
2057917 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slam-whipp .sbs) (malware.rules)
2057918 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (slam-whipp .sbs in TLS SNI) (malware.rules)
2057919 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrench-creter .sbs) (malware.rules)
2057920 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrench-creter .sbs in TLS SNI) (malware.rules)

Pro:

2859209 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859210 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859211 - ETPRO MOBILE_MALWARE Android/Spy.Agent.BPN TLS SNI (mobile_malware.rules)
2859212 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Mamont.f TLS SNI (mobile_malware.rules)
2859213 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.NGate.a TLS SNI (mobile_malware.rules)

Modified inactive rules:

2043783 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (sagutxustech .com) (info.rules)
2043797 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (firewall .darknet .bg) (info.rules)
2043811 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .alloxr .info) (info.rules)
2043834 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pcornet .freeboxos .fr) (info.rules)
2043837 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .luan .contact) (info.rules)
2043839 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns .techcpu .net) (info.rules)
2043867 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dns1 .adrianion .eu) (info.rules)
2043869 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .beliefanx .cn) (info.rules)
2043884 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (vpn-tw .teng .sh) (info.rules)
2043892 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard .mulu .at) (info.rules)
2043899 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (pihole .datamatter .co .za) (info.rules)
2043904 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (dart .kpsn .org) (info.rules)
2043940 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (myhottiemama .de) (info.rules)
2043942 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (addns .jpr .space) (info.rules)
2043957 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (admin .dotls .org) (info.rules)
2043966 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (adguard1 .kapuyhome .hu) (info.rules)
2043985 - ET INFO Observed DNS over HTTPS Domain in TLS SNI (bcandrade .ml) (info.rules)
2050610 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (info.rules)
2844703 - ETPRO INFO Observed DNS over HTTPS Domain in TLS SNI (doh .dns .sb) (info.rules)
2858884 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2858886 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	117	November 12, 2024
Ruleset Update Summary - 2024/10/29 - v10730 Ruleset Updates	85	October 29, 2024
Ruleset Update Summary - 2024/11/11 - v10739 Ruleset Updates	97	November 11, 2024
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	56	December 26, 2024
Ruleset Update Summary - 2024/12/23 - v10813 Ruleset Updates	63	December 23, 2024

Ruleset Update Summary - 2024/11/29 - v10761

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics