Ruleset Update Summary - 2025/01/28 - v10847

rulesbot · January 28, 2025, 9:19pm

Summary:

20 new OPEN, 29 new PRO (20 + 9)

Added rules:

Open:

2059720 - ET HUNTING Legacy HTTP Cookie Observed ($Version) (hunting.rules)
2059721 - ET WEB_SPECIFIC_APPS CyberPanel getresetstatus statusfile Parameter Command Injection Attempt (CVE-2024-51378) (web_specific_apps.rules)
2059722 - ET EXPLOIT_KIT Fake ClickFix Domain in DNS Lookup (statswp .org) (exploit_kit.rules)
2059723 - ET EXPLOIT_KIT Fake ClickFix Domain in TLS SNI (statswp .org) (exploit_kit.rules)
2059724 - ET MALWARE SocGholish CnC Domain in DNS Lookup (subscribe .bigeznola .com) (malware.rules)
2059725 - ET MALWARE SocGholish CnC Domain in TLS SNI (subscribe .bigeznola .com) (malware.rules)
2059726 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (sesraw .com) (exploit_kit.rules)
2059727 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (sesraw .com) (exploit_kit.rules)
2059728 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (wxhqyfpygelt .shop) (exploit_kit.rules)
2059729 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (wxhqyfpygelt .shop) (exploit_kit.rules)
2059730 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grapeprivatter .cyou) (malware.rules)
2059731 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grapeprivatter .cyou in TLS SNI) (malware.rules)
2059732 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (naturelovetop .top) (malware.rules)
2059733 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (naturelovetop .top in TLS SNI) (malware.rules)
2059734 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thehealthylifesstop .top) (malware.rules)
2059735 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thehealthylifesstop .top in TLS SNI) (malware.rules)
2059736 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (uniquetopstop .top) (malware.rules)
2059737 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (uniquetopstop .top in TLS SNI) (malware.rules)
2059738 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wellnessretreatstop .top) (malware.rules)
2059739 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wellnessretreatstop .top in TLS SNI) (malware.rules)

Pro:

2859821 - ETPRO MALWARE Observed DNS Query to TA456 Domain (malware.rules)
2859822 - ETPRO MALWARE Observed DNS Query to TA456 Domain (malware.rules)
2859823 - ETPRO MALWARE Observed TA456 Domain in TLS SNI (malware.rules)
2859824 - ETPRO MALWARE Observed TA456 Domain in TLS SNI (malware.rules)
2859825 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859826 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859827 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2859828 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859829 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/10/21 - v10724 Ruleset Updates	114	October 21, 2024
Ruleset Update Summary - 2025/01/21 - v10842 Ruleset Updates	207	January 21, 2025
Ruleset Update Summary - 2025/01/02 - v10822 Ruleset Updates	42	January 2, 2025
Ruleset Update Summary - 2024/12/10 - v10795 Ruleset Updates	116	December 10, 2024
Ruleset Update Summary - 2024/11/20 - v10746 Ruleset Updates	85	November 20, 2024

Ruleset Update Summary - 2025/01/28 - v10847

Summary:

Added rules:

Open:

Pro:

Related topics