Summary:
23 new OPEN, 23 new PRO (23 + 0)
Added rules:
Open:
- 2052296 - ET MALWARE Observed Lumma Stealer Related Domain (tolerateilusidjukl .shop in TLS SNI) (malware.rules)
- 2052297 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (democraticseekysiwo .shop) (malware.rules)
- 2052298 - ET MALWARE Observed Lumma Stealer Related Domain (democraticseekysiwo .shop in TLS SNI) (malware.rules)
- 2052299 - ET INFO Observed DNS Over HTTPS Domain (dns .rbn .gr in TLS SNI) (info.rules)
- 2052300 - ET INFO Observed DNS Over HTTPS Domain (dns1 .in .newpangea .de in TLS SNI) (info.rules)
- 2052301 - ET INFO Observed DNS Over HTTPS Domain (dns1 .sg .newpangea .de in TLS SNI) (info.rules)
- 2052302 - ET INFO Observed DNS Over HTTPS Domain (dns1 .fi .newpangea .de in TLS SNI) (info.rules)
- 2052303 - ET INFO Observed DNS Over HTTPS Domain (dns1 .cl .newpangea .de in TLS SNI) (info.rules)
- 2052304 - ET INFO Observed DNS Over HTTPS Domain (dns1 .au .newpangea .de in TLS SNI) (info.rules)
- 2052305 - ET INFO Observed DNS Over HTTPS Domain (doh .archuser .org in TLS SNI) (info.rules)
- 2052306 - ET INFO Observed DNS Over HTTPS Domain (dns .kusoneko .moe in TLS SNI) (info.rules)
- 2052307 - ET INFO Observed DNS Over HTTPS Domain (dns1 .us .newpangea .de in TLS SNI) (info.rules)
- 2052308 - ET INFO Observed DNS Over HTTPS Domain (doh .kekew .info in TLS SNI) (info.rules)
- 2052309 - ET INFO Observed DNS Over HTTPS Domain (dns .seiffert .me in TLS SNI) (info.rules)
- 2052310 - ET INFO Observed DNS Over HTTPS Domain (adblockersite .com in TLS SNI) (info.rules)
- 2052311 - ET INFO Observed DNS Over HTTPS Domain (dns .technostriker .com in TLS SNI) (info.rules)
- 2052312 - ET MALWARE Cobalt Strike CnC Activity (GET) (malware.rules)
- 2052313 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dinets .best) (exploit_kit.rules)
- 2052314 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dinets .best) (exploit_kit.rules)
- 2052315 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (apidevwa .com) (exploit_kit.rules)
- 2052316 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (apidevwa .com) (exploit_kit.rules)
- 2052317 - ET EXPLOIT_KIT Parrot TDS Malicious Response M2 (exploit_kit.rules)
- 2052318 - ET EXPLOIT_KIT Parrot TDS Cleared Response M2 (exploit_kit.rules)
Disabled and modified rules:
- 2017694 - ET EXPLOIT_KIT Possible Magnitude IE EK Payload Nov 8 2013 (exploit_kit.rules)
- 2020708 - ET MALWARE Win32/Agent.WMN CnC Beacon (malware.rules)
- 2021160 - ET MALWARE Win32/Gatak.DR Payload Instructions (malware.rules)
- 2044386 - ET MALWARE Gamaredon APT Related Activity (GET) (malware.rules)
- 2050579 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (nationalistvetecanve .shop) (malware.rules)
- 2050580 - ET MALWARE Observed Lumma Stealer Related Domain (nationalistvetecanve .shop in TLS SNI) (malware.rules)
- 2050586 - ET MALWARE Observed Lumma Stealer Related Domain (cakecoldsplurgrewe .pw in TLS SNI) (malware.rules)
- 2050587 - ET MALWARE Observed Lumma Stealer Related Domain (bombertublestylebanws .fun in TLS SNI) (malware.rules)
- 2050588 - ET MALWARE Observed Lumma Stealer Related Domain (diagramfiremonkeyowwa .fun in TLS SNI) (malware.rules)
- 2050589 - ET MALWARE Observed Lumma Stealer Related Domain (dayfarrichjwclik .fun in TLS SNI) (malware.rules)
- 2050590 - ET MALWARE Observed Lumma Stealer Related Domain (ratefacilityframw .fun in TLS SNI) (malware.rules)
- 2050591 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (healthrankunderow .fun) (malware.rules)
- 2050592 - ET MALWARE Observed Lumma Stealer Related Domain (healthrankunderow .fun in TLS SNI) (malware.rules)
- 2050594 - ET MALWARE Observed Lumma Stealer Related Domain (cakecoldsplurgrewe .pw in TLS SNI) (malware.rules)
- 2050608 - ET INFO Observed DNS Over HTTPS Domain (tienpham .id .vn in TLS SNI) (info.rules)
- 2050610 - ET INFO Observed DNS Over HTTPS Domain in TLS SNI (info.rules)
- 2050615 - ET INFO Observed DNS Over HTTPS Domain (quic .lol in TLS SNI) (info.rules)
- 2050619 - ET INFO Observed DNS Over HTTPS Domain (www .chungocoai .name .vn in TLS SNI) (info.rules)
- 2050620 - ET INFO Observed DNS Over HTTPS Domain (takhtakh .domyah .net in TLS SNI) (info.rules)
- 2050622 - ET INFO Observed DNS Over HTTPS Domain (dns .skrep .in in TLS SNI) (info.rules)
- 2050627 - ET INFO Observed DNS Over HTTPS Domain (dns .354688 .xyz in TLS SNI) (info.rules)
- 2811905 - ETPRO MALWARE PhilBot/Toshliph POST CnC Beacon (malware.rules)
- 2815180 - ETPRO EXPLOIT_KIT Nuclear EK Landing URI struct Dec 03 2015 M1 (exploit_kit.rules)
- 2820517 - ETPRO MALWARE Win32/ExtenBro.ACE Activity (malware.rules)