Ruleset Update Summary - 2024/02/14 - v10532

Ruleset Updates
1

Summary:

60 new OPEN, 60 new PRO (60 + 0)

Added rules:

Open:

  • 2050816 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bicyclesunhygenico .fun) (malware.rules)
  • 2050817 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (reechoingkaolizationp .fun) (malware.rules)
  • 2050818 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (antiuncontemporary .fun) (malware.rules)
  • 2050819 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pielumchalotpostwo .fun) (malware.rules)
  • 2050820 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (unexaminablespectrall .fun) (malware.rules)
  • 2050821 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (muggierdragstemmio .fun) (malware.rules)
  • 2050822 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fishboatnurrybeauti .fun) (malware.rules)
  • 2050823 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mazumaponyanthus .fun) (malware.rules)
  • 2050824 - ET MALWARE Observed Lumma Stealer Related Domain (bicyclesunhygenico .fun in TLS SNI) (malware.rules)
  • 2050825 - ET MALWARE Observed Lumma Stealer Related Domain (reechoingkaolizationp .fun in TLS SNI) (malware.rules)
  • 2050826 - ET MALWARE Observed Lumma Stealer Related Domain (antiuncontemporary .fun in TLS SNI) (malware.rules)
  • 2050827 - ET MALWARE Observed Lumma Stealer Related Domain (pielumchalotpostwo .fun in TLS SNI) (malware.rules)
  • 2050828 - ET MALWARE Observed Lumma Stealer Related Domain (unexaminablespectrall .fun in TLS SNI) (malware.rules)
  • 2050829 - ET MALWARE Observed Lumma Stealer Related Domain (muggierdragstemmio .fun in TLS SNI) (malware.rules)
  • 2050830 - ET MALWARE Observed Lumma Stealer Related Domain (fishboatnurrybeauti .fun in TLS SNI) (malware.rules)
  • 2050831 - ET MALWARE Observed Lumma Stealer Related Domain (mazumaponyanthus .fun in TLS SNI) (malware.rules)
  • 2050832 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bleednumberrottern .home) (malware.rules)
  • 2050833 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (brakesummitfiightre .pics) (malware.rules)
  • 2050834 - ET MALWARE Observed Lumma Stealer Related Domain (bleednumberrottern .home in TLS SNI) (malware.rules)
  • 2050835 - ET MALWARE Observed Lumma Stealer Related Domain (brakesummitfiightre .pics in TLS SNI) (malware.rules)
  • 2050836 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lawwormroleveinn .mom) (malware.rules)
  • 2050837 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (baresoakopiniocowe .fun) (malware.rules)
  • 2050838 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (baketransparentadw .pics) (malware.rules)
  • 2050839 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (legislationdictater .mom) (malware.rules)
  • 2050840 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mercyaloofprincipleo .pics) (malware.rules)
  • 2050841 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (developmentalveiop .home) (malware.rules)
  • 2050842 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (hunterstrawmersp .home) (malware.rules)
  • 2050843 - ET MALWARE Observed Lumma Stealer Related Domain (lawwormroleveinn .mom in TLS SNI) (malware.rules)
  • 2050844 - ET MALWARE Observed Lumma Stealer Related Domain (baresoakopiniocowe .fun in TLS SNI) (malware.rules)
  • 2050845 - ET MALWARE Observed Lumma Stealer Related Domain (baketransparentadw .pics in TLS SNI) (malware.rules)
  • 2050846 - ET MALWARE Observed Lumma Stealer Related Domain (legislationdictater .mom in TLS SNI) (malware.rules)
  • 2050847 - ET MALWARE Observed Lumma Stealer Related Domain (mercyaloofprincipleo .pics in TLS SNI) (malware.rules)
  • 2050848 - ET MALWARE Observed Lumma Stealer Related Domain (developmentalveiop .home in TLS SNI) (malware.rules)
  • 2050849 - ET MALWARE Observed Lumma Stealer Related Domain (hunterstrawmersp .home in TLS SNI) (malware.rules)
  • 2050850 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ironshottallinko .funu) (malware.rules)
  • 2050851 - ET MALWARE Observed Lumma Stealer Related Domain (ironshottallinko .funu in TLS SNI) (malware.rules)
  • 2050852 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lawwormroleveinn .momu) (malware.rules)
  • 2050853 - ET MALWARE Observed Lumma Stealer Related Domain (lawwormroleveinn .momu in TLS SNI) (malware.rules)
  • 2050854 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (scshemevalleywelferw .site) (malware.rules)
  • 2050855 - ET MALWARE Observed Lumma Stealer Related Domain (scshemevalleywelferw .site in TLS SNI) (malware.rules)
  • 2050856 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (snuggleapplicationswo .fun) (malware.rules)
  • 2050857 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (strainriskpropos .store) (malware.rules)
  • 2050858 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (theoryapparatusjuko .fun) (malware.rules)
  • 2050859 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (telephoneverdictyow .site) (malware.rules)
  • 2050860 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (punchtelephoneverdi .store) (malware.rules)
  • 2050861 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (smallrabbitcrossing .site) (malware.rules)
  • 2050862 - ET MALWARE Observed Lumma Stealer Related Domain (snuggleapplicationswo .fun in TLS SNI) (malware.rules)
  • 2050863 - ET MALWARE Observed Lumma Stealer Related Domain (strainriskpropos .store in TLS SNI) (malware.rules)
  • 2050864 - ET MALWARE Observed Lumma Stealer Related Domain (theoryapparatusjuko .fun in TLS SNI) (malware.rules)
  • 2050865 - ET MALWARE Observed Lumma Stealer Related Domain (telephoneverdictyow .site in TLS SNI) (malware.rules)
  • 2050866 - ET MALWARE Observed Lumma Stealer Related Domain (punchtelephoneverdi .store in TLS SNI) (malware.rules)
  • 2050867 - ET MALWARE Observed Lumma Stealer Related Domain (smallrabbitcrossing .site in TLS SNI) (malware.rules)
  • 2050868 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fossillandscapefewkew .site) (malware.rules)
  • 2050869 - ET MALWARE Observed Lumma Stealer Related Domain (fossillandscapefewkew .site in TLS SNI) (malware.rules)
  • 2050870 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (townsfolkhiwoeko .fun) (malware.rules)
  • 2050871 - ET MALWARE Observed Lumma Stealer Related Domain (townsfolkhiwoeko .fun in TLS SNI) (malware.rules)
  • 2050872 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (colonmoonmushroo .mom) (malware.rules)
  • 2050873 - ET MALWARE Observed Lumma Stealer Related Domain (colonmoonmushroo .mom in TLS SNI) (malware.rules)
  • 2050874 - ET MALWARE Pikabot Related Activity M5 (POST) (malware.rules)
  • 2050875 - ET MALWARE Possible PikaBot Java Loader CnC Checkin (malware.rules)

Modified inactive rules:

  • 2001267 - ET POLICY Weatherbug Activity (policy.rules)
  • 2008139 - ET MALWARE RhiFrem Trojan Activity - cmd (malware.rules)
  • 2008140 - ET MALWARE RhiFrem Trojan Activity - log (malware.rules)
  • 2008515 - ET MALWARE Hupigon.AZG Checkin (malware.rules)
  • 2011858 - ET MALWARE Likely Hostile HTTP Header GET structure (malware.rules)
  • 2012137 - ET MALWARE Storm/Waledac 3.0 Checkin 1 (malware.rules)
  • 2012517 - ET MALWARE Win32/Rimecud.B Activity (malware.rules)
  • 2012934 - ET MALWARE Generic adClicker Checkin (malware.rules)
  • 2014399 - ET MALWARE Trojan-Spy.Win32.Zbot.djrm Checkin (malware.rules)
  • 2800810 - ETPRO MALWARE Trojan.Win32.Chif.A Checkin (malware.rules)
  • 2800815 - ETPRO MALWARE Trojan.Win32.Slagent Checkin (malware.rules)
  • 2801173 - ETPRO MALWARE Trojan.Win32.VB.njz Checkin (malware.rules)
  • 2801308 - ETPRO MALWARE Trojan.Win32.Bohu.A check in (malware.rules)
  • 2801330 - ETPRO MALWARE Trojan.Win32.Delf.MW Checkin 2 (malware.rules)
  • 2801331 - ETPRO MALWARE Worm.Win32.Autorun.ABB checkin (malware.rules)
  • 2801367 - ETPRO MALWARE Backdoor.Win32.Talsab.B Checkin Request (malware.rules)
  • 2801389 - ETPRO MALWARE Trojan-Downloader.Win32.Redonc.A Checkin (malware.rules)
  • 2801423 - ETPRO MALWARE Trojan.Win32.OddJob.A Checkin 2 (malware.rules)
  • 2801677 - ETPRO MALWARE Trojan.Win32.Delftie.azqn Checkin (malware.rules)
  • 2801962 - ETPRO MALWARE Kryptik/CodecPack.amda/TROJ_RENOS.SM3 Checkin (malware.rules)
  • 2801987 - ETPRO EXPLOIT_KIT Stage 3 Indicator Black Hole Exploit Kit dropper (exploit_kit.rules)
  • 2802070 - ETPRO MALWARE Backdoor.Win32.Cyspetel.A Checkin (malware.rules)
  • 2802072 - ETPRO MALWARE Trojan.Win32.Carberp.C Checkin (malware.rules)
  • 2802098 - ETPRO MALWARE Trojan.MSIL.Qhost.ajb Activity (malware.rules)
  • 2802194 - ETPRO MALWARE Win32.Kifloo Checkin (malware.rules)
  • 2803098 - ETPRO MALWARE Win32.Rorpian.A Checkin 1 (malware.rules)
  • 2803209 - ETPRO MALWARE Trojan.Win32.Orsam Checkin Flowbit Set (malware.rules)
  • 2803441 - ETPRO MALWARE E-Surveiller.com Checkin (malware.rules)

Disabled and modified rules:

  • 2018033 - ET MALWARE Win32.Genome.boescz Checkin (malware.rules)
  • 2018102 - ET MALWARE W32/Woai.Dropper Config Request (malware.rules)
  • 2018148 - ET ADWARE_PUP W32/InstallMonetizer.Adware Beacon 1 (adware_pup.rules)
  • 2019201 - ET MALWARE Backdoor.Win32/PcClient.AA Checkin (malware.rules)
  • 2807579 - ETPRO MALWARE Backdoor/Win32.Hupigon Checkin (malware.rules)
  • 2807621 - ETPRO MALWARE Zegost.Gen CnC (OUTBOUND) (malware.rules)