Ruleset Update Summary - 2025/01/10 - v10835

rulesbot · January 10, 2025, 9:24pm

Summary:

10 new OPEN, 15 new PRO (10 + 5)

2059117 - ET WEB_SPECIFIC_APPS Roundcube rcube_washtml.php SVG Cross-Site Scripting (CVE-2023-5631) (web_specific_apps.rules)
2059118 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (jumplilltk .cfd) (malware.rules)
2059119 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (jumplilltk .cfd in TLS SNI) (malware.rules)
2059120 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (letterdrive .shop) (malware.rules)
2059121 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (letterdrive .shop in TLS SNI) (malware.rules)
2059122 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (glccf .com) (exploit_kit.rules)
2059123 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (glccf .com) (exploit_kit.rules)
2059124 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (apex-shop .online) (exploit_kit.rules)
2059125 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (apex-shop .online) (exploit_kit.rules)
2059126 - ET INFO Outbound SMB2 NTLM Auth Attempt to Internal Address (info.rules)

2859560 - ETPRO MALWARE StrelaStealer CnC Activity - Requesting Decoy Payload (GET) (malware.rules)
2859561 - ETPRO MALWARE StrelaStealer CnC Exfil (POST) (malware.rules)
2859562 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859563 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859564 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

2056489 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (chartzend .com) (exploit_kit.rules)
2057331 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (junocis .com) (exploit_kit.rules)
2057332 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (junocis .com) (exploit_kit.rules)
2057380 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (culinarycanvasgrilling .com) (exploit_kit.rules)
2057381 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (culinarycanvasgrilling .com) (exploit_kit.rules)
2059092 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (chartzend .com) (exploit_kit.rules)
2859428 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859438 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859439 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859454 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859455 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859456 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/10/30 - v10731 Ruleset Updates	194	October 30, 2024
Ruleset Update Summary - 2024/12/31 - v10820 Ruleset Updates	58	December 31, 2024
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	80	December 26, 2024
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	315	March 25, 2024
Ruleset Update Summary - 2024/08/22 - v10672 Ruleset Updates	74	August 22, 2024