Ruleset Update Summary - 2025/01/31 - v10850

Ruleset Updates
1

Summary:

15 new OPEN, 26 new PRO (15 + 11)

Added rules:

Open:

  • 2059793 - ET WEB_SPECIFIC_APPS Qlik Sense Enterprise HTTP Request Tunneling Attempt (CVE-2023-48365) (web_specific_apps.rules)
  • 2059794 - ET COINMINER CoinMiner Exfiltration via IRC Config Inbound (Italian) (coinminer.rules)
  • 2059795 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (phobicharmno .shop) (malware.rules)
  • 2059796 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (phobicharmno .shop in TLS SNI) (malware.rules)
  • 2059797 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gameofthronesmemes .top) (exploit_kit.rules)
  • 2059798 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gameofthronesmemes .top) (exploit_kit.rules)
  • 2059799 - ET MALWARE SocGholish CnC Domain in DNS Lookup (cpanel .buyjlindustriesonline .com) (malware.rules)
  • 2059800 - ET MALWARE SocGholish CnC Domain in TLS SNI (cpanel .buyjlindustriesonline .com) (malware.rules)
  • 2059801 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (tacscc .com) (exploit_kit.rules)
  • 2059802 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (tacscc .com) (exploit_kit.rules)
  • 2059803 - ET MALWARE J-magic (nfsiod) Backdoor Magic Packet Inbound Request M1 (malware.rules)
  • 2059804 - ET MALWARE J-magic (nfsiod) Backdoor Magic Packet Inbound Request M2 (malware.rules)
  • 2059805 - ET MALWARE J-magic (nfsiod) Backdoor Magic Packet Inbound Request M3 (malware.rules)
  • 2059806 - ET MALWARE J-magic (nfsiod) Backdoor Magic Packet Inbound Request M4 (malware.rules)
  • 2059807 - ET MALWARE J-magic (nfsiod) Backdoor Magic Packet Inbound Request M5 (malware.rules)

Pro:

  • 2859851 - ETPRO MALWARE Observed TA582 CnC Activity (GET) (malware.rules)
  • 2859852 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2859853 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859854 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859855 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859856 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859857 - ETPRO MALWARE J-magic (mgmailerd) Backdoor Magic Packet Inbound Request M1 (malware.rules)
  • 2859858 - ETPRO MALWARE J-magic (mgmailerd) Backdoor Magic Packet Inbound Request M2 (malware.rules)
  • 2859859 - ETPRO MALWARE J-magic (mgmailerd) Backdoor Magic Packet Inbound Request M3 (malware.rules)
  • 2859860 - ETPRO MALWARE J-magic (mgmailerd) Backdoor Magic Packet Inbound Request M4 (malware.rules)
  • 2859861 - ETPRO MALWARE J-magic (mgmailerd) Backdoor Magic Packet Inbound Request M5 (malware.rules)

Disabled and modified rules:

  • 2033932 - ET MALWARE MSIL/Black Hat Worm Server Response (malware.rules)