Ruleset Update Summary - 2025/01/15 - v10838

rulesbot · January 15, 2025, 9:51pm

Summary:

27 new OPEN, 33 new PRO (27 + 6)

Thanks @gmcirt

Added rules:

Open:

2059254 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (efffe .top) (exploit_kit.rules)
2059255 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (rentenfonds .top) (exploit_kit.rules)
2059256 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (efffe .top) (exploit_kit.rules)
2059257 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (rentenfonds .top) (exploit_kit.rules)
2059258 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (comtekinc .com) (exploit_kit.rules)
2059259 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (comtekinc .com) (exploit_kit.rules)
2059260 - ET MALWARE Obfuscated Clickfix Javascript Payload Inbound (malware.rules)
2059261 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (burnressert .shop) (malware.rules)
2059262 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (burnressert .shop in TLS SNI) (malware.rules)
2059263 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (buynostopliik .shop) (malware.rules)
2059264 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (buynostopliik .shop in TLS SNI) (malware.rules)
2059265 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cabbagebettys .shop) (malware.rules)
2059266 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cabbagebettys .shop in TLS SNI) (malware.rules)
2059267 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cultureddirtys .click) (malware.rules)
2059268 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cultureddirtys .click in TLS SNI) (malware.rules)
2059269 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (getflashygai .shop) (malware.rules)
2059270 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (getflashygai .shop in TLS SNI) (malware.rules)
2059271 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (latyoutw .cyou) (malware.rules)
2059272 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (latyoutw .cyou in TLS SNI) (malware.rules)
2059273 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mittensootsjz .cyou) (malware.rules)
2059274 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mittensootsjz .cyou in TLS SNI) (malware.rules)
2059275 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plodnittpw .lat) (malware.rules)
2059276 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plodnittpw .lat in TLS SNI) (malware.rules)
2059277 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sobrattyeu .bond) (malware.rules)
2059278 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sobrattyeu .bond in TLS SNI) (malware.rules)
2059279 - ET INFO URL Shortener Domain in DNS Lookup (url .rw) (info.rules)
2059280 - ET INFO Observed URL Shortener Domain (url .rw in TLS SNI) (info.rules)

Pro:

2859606 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859607 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859608 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859609 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2859610 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2859611 - ETPRO INFO Fake 404 Landing Page from Anti-DDoS Lua Script Challenge (info.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/01/06 - v10830 Ruleset Updates	92	January 6, 2025
Ruleset Update Summary - 2024/07/05 - v10639 Ruleset Updates	144	July 5, 2024
Ruleset Update Summary - 2025/01/09 - v10834 Ruleset Updates	97	January 9, 2025
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	180	July 15, 2024
Ruleset Update Summary - 2024/12/10 - v10795 Ruleset Updates	95	December 10, 2024

Ruleset Update Summary - 2025/01/15 - v10838

Summary:

Added rules:

Open:

Pro:

Related topics