Ruleset Update Summary - 2025/02/04 - v10852

Ruleset Updates
1

Summary:

15 new OPEN, 22 new PRO (15 + 7)

Added rules:

Open:

  • 2059874 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (alhocobser .digital) (malware.rules)
  • 2059875 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (alhocobser .digital in TLS SNI) (malware.rules)
  • 2059876 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (natureinspirged .top) (malware.rules)
  • 2059877 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (natureinspirged .top in TLS SNI) (malware.rules)
  • 2059878 - ET WEB_SPECIFIC_APPS QNAP Viostor server.cgi SPECIFIC_SERVER Parameter Command Injection Attempt (CVE-2023-47565) (web_specific_apps.rules)
  • 2059879 - ET WEB_SPECIFIC_APPS HPE Insights Remote Support XML External Entity Injection (CVE-2024-53675) (web_specific_apps.rules)
  • 2059880 - ET WEB_SPECIFIC_APPS Ivanti Avalanche SmartDeviceServer XML External Entity Injection (CVE-2024-38653) (web_specific_apps.rules)
  • 2059881 - ET WEB_SPECIFIC_APPS FXC AE1021 Series Router ntp.general.hostname Authenticated Command Injection Attempt (CVE-2023-49897) (web_specific_apps.rules)
  • 2059882 - ET PHISHING Tycoon2FA Phishing Kit Style Evasion (phishing.rules)
  • 2059883 - ET MALWARE SocGholish CnC Domain in DNS Lookup (newsite .iapmd .org) (malware.rules)
  • 2059884 - ET MALWARE SocGholish CnC Domain in TLS SNI (newsite .iapmd .org) (malware.rules)
  • 2059885 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (aecint .com) (exploit_kit.rules)
  • 2059886 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (aecint .com) (exploit_kit.rules)
  • 2059887 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aylingallery .shop) (exploit_kit.rules)
  • 2059888 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aylingallery .shop) (exploit_kit.rules)

Pro:

  • 2859891 - ETPRO PHISHING CoGUI Phish Landing Page 2025-02-04 (phishing.rules)
  • 2859892 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859893 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859894 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859895 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2859896 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859897 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)