Summary:
28 new OPEN, 37 new PRO (28 + 9)
Added rules:
Open:
- 2057382 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (300snails .sbs) (malware.rules)
- 2057383 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (300snails .sbs in TLS SNI) (malware.rules)
- 2057384 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (3xc1aimbl0w .sbs) (malware.rules)
- 2057385 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (3xc1aimbl0w .sbs in TLS SNI) (malware.rules)
- 2057386 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (automatic-meaty .sbs) (malware.rules)
- 2057387 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (automatic-meaty .sbs in TLS SNI) (malware.rules)
- 2057388 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bored-light .sbs) (malware.rules)
- 2057389 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bored-light .sbs in TLS SNI) (malware.rules)
- 2057390 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crib-endanger .sbs) (malware.rules)
- 2057391 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (crib-endanger .sbs in TLS SNI) (malware.rules)
- 2057392 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (faintbl0w .sbs) (malware.rules)
- 2057393 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (faintbl0w .sbs in TLS SNI) (malware.rules)
- 2057394 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fleez-inc .sbs) (malware.rules)
- 2057395 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fleez-inc .sbs in TLS SNI) (malware.rules)
- 2057396 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) (malware.rules)
- 2057397 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) (malware.rules)
- 2057398 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pull-trucker .sbs) (malware.rules)
- 2057399 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pull-trucker .sbs in TLS SNI) (malware.rules)
- 2057400 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (qualifiresui .cyou) (malware.rules)
- 2057401 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (qualifiresui .cyou in TLS SNI) (malware.rules)
- 2057402 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thicktoys .sbs) (malware.rules)
- 2057403 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thicktoys .sbs in TLS SNI) (malware.rules)
- 2057404 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (advertls .shop) (exploit_kit.rules)
- 2057405 - ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (advertls .shop) (exploit_kit.rules)
- 2057406 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (omenkid .top) (exploit_kit.rules)
- 2057407 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (omenkid .top) (exploit_kit.rules)
- 2057408 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fencingfriends .com) (exploit_kit.rules)
- 2057409 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fencingfriends .com) (exploit_kit.rules)
Pro:
- 2859007 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859008 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859009 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2859010 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2859011 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859012 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2859013 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859014 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2859015 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)