Ruleset Update Summary - 2025/01/02 - v10822

Summary:

11 new OPEN, 18 new PRO (11 + 7)


Added rules:

Open:

  • 2058717 - ET MALWARE Earth Minotaur MOONSHINE Exploit Kit URI Struct Detected (malware.rules)
  • 2058718 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (mirugby .com) (exploit_kit.rules)
  • 2058719 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (mirugby .com) (exploit_kit.rules)
  • 2058720 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .slot .buyaiphoneonline .com) (malware.rules)
  • 2058721 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .slot .buyaiphoneonline .com) (malware.rules)
  • 2058722 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abberanteusz .click) (malware.rules)
  • 2058723 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (abberanteusz .click in TLS SNI) (malware.rules)
  • 2058724 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scirroscus .click) (malware.rules)
  • 2058725 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scirroscus .click in TLS SNI) (malware.rules)
  • 2058726 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (storyspaddr .click) (malware.rules)
  • 2058727 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (storyspaddr .click in TLS SNI) (malware.rules)

Pro:

  • 2859485 - ETPRO EXPLOIT_KIT Malicious ClickFix Scam Redirect Path (exploit_kit.rules)
  • 2859486 - ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound (malware.rules)
  • 2859487 - ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound (malware.rules)
  • 2859488 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859489 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859490 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859491 - ETPRO MALWARE HTTP Request to ClickFix Delivery Domain (GET) (malware.rules)

Modified inactive rules:

  • 2037041 - ET EXPLOIT Apache Tommcat/JBoss RCE Inbound (CVE-2013-4810) (exploit.rules)

Disabled and modified rules:

  • 2859379 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859390 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859391 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859392 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)