Ruleset Update Summary - 2024/12/31 - v10820

rulesbot · December 31, 2024, 8:51pm

Summary:

11 new OPEN, 12 new PRO (11 + 1)

Added rules:

Open:

2058670 - ET MALWARE Observed Malicious User-Agent (UNK_FlappyBird) (malware.rules)
2058707 - ET SCAN ELF/Mirai Variant UDP (Inbound) M1 (scan.rules)
2058708 - ET SCAN ELF/Mirai Variant UDP (Inbound) M2 (scan.rules)
2058709 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aliveindu .click) (malware.rules)
2058710 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aliveindu .click in TLS SNI) (malware.rules)
2058711 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chokedetailke .click) (malware.rules)
2058712 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (chokedetailke .click in TLS SNI) (malware.rules)
2058713 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (learningypr .click) (malware.rules)
2058714 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (learningypr .click in TLS SNI) (malware.rules)
2058715 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mooncobudy .click) (malware.rules)
2058716 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mooncobudy .click in TLS SNI) (malware.rules)

Pro:

2859483 - ETPRO EXPLOIT_KIT Evil Keitaro Set-Cookie Inbound (exploit_kit.rules)

Disabled and modified rules:

2057113 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (prepare2swim .com) (exploit_kit.rules)
2057118 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (prepare2swim .com) (exploit_kit.rules)
2057148 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hdlclub2 .cc) (exploit_kit.rules)
2057149 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hdlclub2 .cc) (exploit_kit.rules)
2057157 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (omegaarea .site) (exploit_kit.rules)
2057159 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (omegaarea .site) (exploit_kit.rules)
2057165 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (becreativemind .com) (exploit_kit.rules)
2057168 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (becreativemind .com) (exploit_kit.rules)
2057983 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) (malware.rules)
2058671 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) (malware.rules)
2058672 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (impend-differ .biz in TLS SNI) (malware.rules)
2058673 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) (malware.rules)
2058674 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (print-vexer .biz in TLS SNI) (malware.rules)
2058675 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) (malware.rules)
2058676 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (covery-mover .biz in TLS SNI) (malware.rules)
2058677 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) (malware.rules)
2058678 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dare-curbys .biz in TLS SNI) (malware.rules)
2058679 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) (malware.rules)
2058680 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (formy-spill .biz in TLS SNI) (malware.rules)
2058681 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) (malware.rules)
2058682 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dwell-exclaim .biz in TLS SNI) (malware.rules)
2058683 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) (malware.rules)
2058684 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zinc-sneark .biz in TLS SNI) (malware.rules)
2058686 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (se-blurry .biz in TLS SNI) (malware.rules)
2058687 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lumdexibuy .shop) (malware.rules)
2058688 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lumdexibuy .shop in TLS SNI) (malware.rules)
2058689 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (preside-comforter .sbs) (malware.rules)
2058690 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (preside-comforter .sbs in TLS SNI) (malware.rules)
2058691 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (savvy-steereo .sbs) (malware.rules)
2058692 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (savvy-steereo .sbs in TLS SNI) (malware.rules)
2058693 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (copper-replace .sbs) (malware.rules)
2058694 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (copper-replace .sbs in TLS SNI) (malware.rules)
2058695 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (record-envyp .sbs) (malware.rules)
2058696 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (record-envyp .sbs in TLS SNI) (malware.rules)
2058697 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slam-whipp .sbs) (malware.rules)
2058698 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (slam-whipp .sbs in TLS SNI) (malware.rules)
2058699 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrench-creter .sbs) (malware.rules)
2058700 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrench-creter .sbs in TLS SNI) (malware.rules)
2058701 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (looky-marked .sbs) (malware.rules)
2058702 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (looky-marked .sbs in TLS SNI) (malware.rules)
2058703 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plastic-mitten .sbs) (malware.rules)
2058704 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plastic-mitten .sbs in TLS SNI) (malware.rules)
2058705 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (petited-hulking .cyou) (malware.rules)
2058706 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (petited-hulking .cyou in TLS SNI) (malware.rules)
2859357 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859358 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859359 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859360 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859361 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859362 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859368 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859369 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859370 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859371 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859374 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859375 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859376 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Removed rules:

2058670 - ET USER_AGENTS Observed Malicious User-Agent (UNK_FlappyBird) (user_agents.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/12/23 - v10813 Ruleset Updates	86	December 23, 2024
Ruleset Update Summary - 2024/11/11 - v10739 Ruleset Updates	99	November 11, 2024
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	315	March 25, 2024
Ruleset Update Summary - 2024/11/29 - v10761 Ruleset Updates	37	November 29, 2024
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	77	December 26, 2024

Ruleset Update Summary - 2024/12/31 - v10820

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Removed rules:

Related topics