Ruleset Update Summary - 2024/05/13 - v10594

Summary:

43 new OPEN, 44 new PRO (43 + 1)

Thanks @Unit42_Intel, @kevross33


Added rules:

Open:

  • 2052537 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (headraisepresidensu .shop) (malware.rules)
  • 2052538 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (smallelementyjdui .shop) (malware.rules)
  • 2052539 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tendencyportionjsuk .shop) (malware.rules)
  • 2052540 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sofaprivateawarderysj .shop) (malware.rules)
  • 2052541 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sloganprogrevidefkso .shop) (malware.rules)
  • 2052542 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (appetitesallooonsj .shop) (malware.rules)
  • 2052543 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lineagelasserytailsd .shop) (malware.rules)
  • 2052544 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (prideconstituiiosjk .shop) (malware.rules)
  • 2052545 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (minorittyeffeoos .shop) (malware.rules)
  • 2052546 - ET MALWARE Observed Lumma Stealer Related Domain (headraisepresidensu .shop in TLS SNI) (malware.rules)
  • 2052547 - ET MALWARE Observed Lumma Stealer Related Domain (smallelementyjdui .shop in TLS SNI) (malware.rules)
  • 2052548 - ET MALWARE Observed Lumma Stealer Related Domain (tendencyportionjsuk .shop in TLS SNI) (malware.rules)
  • 2052549 - ET MALWARE Observed Lumma Stealer Related Domain (sofaprivateawarderysj .shop in TLS SNI) (malware.rules)
  • 2052550 - ET MALWARE Observed Lumma Stealer Related Domain (sloganprogrevidefkso .shop in TLS SNI) (malware.rules)
  • 2052551 - ET MALWARE Observed Lumma Stealer Related Domain (appetitesallooonsj .shop in TLS SNI) (malware.rules)
  • 2052552 - ET MALWARE Observed Lumma Stealer Related Domain (lineagelasserytailsd .shop in TLS SNI) (malware.rules)
  • 2052553 - ET MALWARE Observed Lumma Stealer Related Domain (prideconstituiiosjk .shop in TLS SNI) (malware.rules)
  • 2052554 - ET MALWARE Observed Lumma Stealer Related Domain (minorittyeffeoos .shop in TLS SNI) (malware.rules)
  • 2052555 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (roleprofittypleasw .shop) (malware.rules)
  • 2052556 - ET MALWARE Observed Lumma Stealer Related Domain (roleprofittypleasw .shop in TLS SNI) (malware.rules)
  • 2052557 - ET MALWARE W32/Badspace.Backdoor CnC Activity (GET) (malware.rules)
  • 2052558 - ET MALWARE W32/Badspace.Backdoor CnC Activity (POST) (malware.rules)
  • 2052559 - ET MALWARE Possible XWorm Payload Downloaded via Powershell (malware.rules)
  • 2052560 - ET MALWARE Trkcdn Domain in DNS Lookup (simitor .com) (malware.rules)
  • 2052561 - ET MALWARE Trkcdn Domain in DNS Lookup (vitrfar .info) (malware.rules)
  • 2052562 - ET MALWARE Trkcdn Domain in DNS Lookup (pordasa .info) (malware.rules)
  • 2052563 - ET MALWARE Trkcdn Domain in DNS Lookup (vibnere .com) (malware.rules)
  • 2052564 - ET MALWARE Trkcdn Domain in DNS Lookup (edrefo .com) (malware.rules)
  • 2052565 - ET MALWARE Trkcdn Domain in DNS Lookup (frotel .info) (malware.rules)
  • 2052566 - ET MALWARE SpamTracker Domain in DNS Lookup (epyujbhfhbs35j .com) (malware.rules)
  • 2052567 - ET MALWARE SpamTracker Domain in DNS Lookup (cgb488dixfxjw7 .com) (malware.rules)
  • 2052568 - ET MALWARE SpamTracker Domain in DNS Lookup (8egub9e7s6cz7n .com) (malware.rules)
  • 2052569 - ET MALWARE SpamTracker Domain in DNS Lookup (hjmpfsamfkj5m5 .com) (malware.rules)
  • 2052570 - ET MALWARE SpamTracker Domain in DNS Lookup (uxjxfg2ui8k5zk .com) (malware.rules)
  • 2052571 - ET MALWARE SecShow Domain DNS Lookup (secshow .net) (malware.rules)
  • 2052572 - ET MALWARE SecShow Domain DNS Lookup (secshow .online) (malware.rules)
  • 2052573 - ET MALWARE SecShow Domain DNS Lookup (secdns .site) (malware.rules)
  • 2052574 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (firstaischool .com) (exploit_kit.rules)
  • 2052575 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (veniam-veritatis .site) (exploit_kit.rules)
  • 2052576 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (firstaischool .com) (exploit_kit.rules)
  • 2052577 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (veniam-veritatis .site) (exploit_kit.rules)
  • 2052578 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .location .oysterfloats .us) (malware.rules)
  • 2052579 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .location .oysterfloats .us) (malware.rules)

Pro:

  • 2856951 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)