Ruleset Update Summary - 2024/11/14 - v10742

Summary:

129 new OPEN, 131 new PRO (129 + 2)

Thanks @_CERT_UA


Added rules:

Open:

  • 2057440 - ET HUNTING HTTP Redirect Chain With Image Filetype in URI (hunting.rules)
  • 2057441 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mecrhacnbth .cyou) (malware.rules)
  • 2057442 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mecrhacnbth .cyou in TLS SNI) (malware.rules)
  • 2057443 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rel1gitiger .cyou) (malware.rules)
  • 2057444 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rel1gitiger .cyou in TLS SNI) (malware.rules)
  • 2057445 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (toleratedbaybo .cyou) (malware.rules)
  • 2057446 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (toleratedbaybo .cyou in TLS SNI) (malware.rules)
  • 2057447 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (leatherbook .org) (exploit_kit.rules)
  • 2057448 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (leatherbook .org) (exploit_kit.rules)
  • 2057449 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (yimuzds .com) (exploit_kit.rules)
  • 2057450 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ca-central-1.awsplatform.online In TLS RDP Traffic) (malware.rules)
  • 2057451 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (yimuzds .com) (exploit_kit.rules)
  • 2057452 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ca-west-1.mfa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057453 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (central-2-aws.ua-aws.army In TLS RDP Traffic) (malware.rules)
  • 2057454 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-central-1-aws.mfa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057455 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-central-1.mfa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057456 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-central-1.ukrtelecom.cloud In TLS RDP Traffic) (malware.rules)
  • 2057457 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-central-2-aws.ua-aws.army In TLS RDP Traffic) (malware.rules)
  • 2057458 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-north-1-aws.ua-energy.cloud In TLS RDP Traffic) (malware.rules)
  • 2057459 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-north-1-aws.ua-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057460 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-south-1-aws.mfa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057461 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-south-2-aws.mfa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057462 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws.gov-ua.cloud In TLS RDP Traffic) (malware.rules)
  • 2057463 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws.govtr.cloud In TLS RDP Traffic) (malware.rules)
  • 2057464 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eu-southeast-1-aws.zero-trust.solutions In TLS RDP Traffic) (malware.rules)
  • 2057465 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-east-1-aws.mfa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057466 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-east-2-aws.ua-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057467 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-east-console.awsplatform.online In TLS RDP Traffic) (malware.rules)
  • 2057468 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-1-amazon.ua-energy.cloud In TLS RDP Traffic) (malware.rules)
  • 2057469 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-1.aws-ukraine.cloud In TLS RDP Traffic) (malware.rules)
  • 2057470 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-1.ua-aws.army In TLS RDP Traffic) (malware.rules)
  • 2057471 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-1.ukrtelecom.cloud In TLS RDP Traffic) (malware.rules)
  • 2057472 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (us-west-2-aws.mfa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057473 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (zero-trust.solutions In TLS RDP Traffic) (malware.rules)
  • 2057474 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ukrtelecom.cloud In TLS RDP Traffic) (malware.rules)
  • 2057475 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (awsplatform.online In TLS RDP Traffic) (malware.rules)
  • 2057476 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-ukraine.cloud In TLS RDP Traffic) (malware.rules)
  • 2057477 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-s3.cloud In TLS RDP Traffic) (malware.rules)
  • 2057478 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-meet.cloud In TLS RDP Traffic) (malware.rules)
  • 2057479 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-il.cloud In TLS RDP Traffic) (malware.rules)
  • 2057480 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-data.cloud In TLS RDP Traffic) (malware.rules)
  • 2057481 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-meetings.cloud In TLS RDP Traffic) (malware.rules)
  • 2057482 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-secure.cloud In TLS RDP Traffic) (malware.rules)
  • 2057483 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-join.cloud In TLS RDP Traffic) (malware.rules)
  • 2057484 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (aws-online.cloud In TLS RDP Traffic) (malware.rules)
  • 2057485 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-au.cloud In TLS RDP Traffic) (malware.rules)
  • 2057486 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-aws.cloud In TLS RDP Traffic) (malware.rules)
  • 2057487 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-fi.cloud In TLS RDP Traffic) (malware.rules)
  • 2057488 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-gr.cloud In TLS RDP Traffic) (malware.rules)
  • 2057489 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-lt.cloud In TLS RDP Traffic) (malware.rules)
  • 2057490 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-lv.cloud In TLS RDP Traffic) (malware.rules)
  • 2057491 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-pl.cloud In TLS RDP Traffic) (malware.rules)
  • 2057492 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-sk.cloud In TLS RDP Traffic) (malware.rules)
  • 2057493 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-trust.cloud In TLS RDP Traffic) (malware.rules)
  • 2057494 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (gov-ua.cloud In TLS RDP Traffic) (malware.rules)
  • 2057495 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (govps.cloud In TLS RDP Traffic) (malware.rules)
  • 2057496 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (govtr.cloud In TLS RDP Traffic) (malware.rules)
  • 2057497 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (govua.cloud In TLS RDP Traffic) (malware.rules)
  • 2057498 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (eru-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057499 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (feedzai-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057500 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (md-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057501 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mf-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057502 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mo-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057503 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mpo-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057504 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mpsv-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057505 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (msmt-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057506 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mv-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057507 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (my-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057508 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mzd-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057509 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mze-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057510 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mzp-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057511 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mzv-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057512 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (nakit-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057513 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (nbu-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057514 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (nukib-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057515 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (police-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057516 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mmr-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057517 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (uohs-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057518 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (uoou-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057519 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (vlada-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057520 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (voa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057521 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mfa-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057522 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mfa-gov-il.cloud In TLS RDP Traffic) (malware.rules)
  • 2057523 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mfa-gov-tr.cloud In TLS RDP Traffic) (malware.rules)
  • 2057524 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mil-be.cloud In TLS RDP Traffic) (malware.rules)
  • 2057525 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mil-ee.cloud In TLS RDP Traffic) (malware.rules)
  • 2057526 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mil-pl.cloud In TLS RDP Traffic) (malware.rules)
  • 2057527 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mil-pt.cloud In TLS RDP Traffic) (malware.rules)
  • 2057528 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (mod-gov-il.cloud In TLS RDP Traffic) (malware.rules)
  • 2057529 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-acronis.cloud In TLS RDP Traffic) (malware.rules)
  • 2057530 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-army.cloud In TLS RDP Traffic) (malware.rules)
  • 2057531 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-atlassian.cloud In TLS RDP Traffic) (malware.rules)
  • 2057532 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-aws.cloud In TLS RDP Traffic) (malware.rules)
  • 2057533 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-bah.cloud In TLS RDP Traffic) (malware.rules)
  • 2057534 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-be.cloud In TLS RDP Traffic) (malware.rules)
  • 2057535 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-blackberry.cloud In TLS RDP Traffic) (malware.rules)
  • 2057536 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-csis.cloud In TLS RDP Traffic) (malware.rules)
  • 2057537 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-de.cloud In TLS RDP Traffic) (malware.rules)
  • 2057538 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-dgap.cloud In TLS RDP Traffic) (malware.rules)
  • 2057539 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-dk.cloud In TLS RDP Traffic) (malware.rules)
  • 2057540 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-dnc.cloud In TLS RDP Traffic) (malware.rules)
  • 2057541 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-esa.cloud In TLS RDP Traffic) (malware.rules)
  • 2057542 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-fbi.cloud In TLS RDP Traffic) (malware.rules)
  • 2057543 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-hudson.cloud In TLS RDP Traffic) (malware.rules)
  • 2057544 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-ida.cloud In TLS RDP Traffic) (malware.rules)
  • 2057545 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-iri.cloud In TLS RDP Traffic) (malware.rules)
  • 2057546 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-knowbe4.cloud In TLS RDP Traffic) (malware.rules)
  • 2057547 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-marcus.cloud In TLS RDP Traffic) (malware.rules)
  • 2057548 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-monitoring.cloud In TLS RDP Traffic) (malware.rules)
  • 2057549 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-nato.cloud In TLS RDP Traffic) (malware.rules)
  • 2057550 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-ned.cloud In TLS RDP Traffic) (malware.rules)
  • 2057551 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-nsa.cloud In TLS RDP Traffic) (malware.rules)
  • 2057552 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-proofpoint.cloud In TLS RDP Traffic) (malware.rules)
  • 2057553 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-pt.cloud In TLS RDP Traffic) (malware.rules)
  • 2057554 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-rackspace.cloud In TLS RDP Traffic) (malware.rules)
  • 2057555 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-rand.cloud In TLS RDP Traffic) (malware.rules)
  • 2057556 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-spacex.cloud In TLS RDP Traffic) (malware.rules)
  • 2057557 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-state.cloud In TLS RDP Traffic) (malware.rules)
  • 2057558 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-stig.cloud In TLS RDP Traffic) (malware.rules)
  • 2057559 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-ua.cloud In TLS RDP Traffic) (malware.rules)
  • 2057560 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-ucia.cloud In TLS RDP Traffic) (malware.rules)
  • 2057561 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (s3-zoho.cloud In TLS RDP Traffic) (malware.rules)
  • 2057562 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-aws.army In TLS RDP Traffic) (malware.rules)
  • 2057563 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-energy.cloud In TLS RDP Traffic) (malware.rules)
  • 2057564 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-gov.cloud In TLS RDP Traffic) (malware.rules)
  • 2057565 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-mil.cloud In TLS RDP Traffic) (malware.rules)
  • 2057566 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-sec.cloud In TLS RDP Traffic) (malware.rules)
  • 2057567 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-se.cloud In TLS RDP Traffic) (malware.rules)
  • 2057568 - ET MALWARE Observed Rogue RDP (UAC-0215) Domain (ua-sn.cloud In TLS RDP Traffic) (malware.rules)

Pro:

  • 2859025 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859026 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Modified inactive rules:

  • 2035966 - ET INFO DYNAMIC_DNS Query to a *.wikaba .com Domain (info.rules)
  • 2035967 - ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain (info.rules)
  • 2036077 - ET INFO DYNAMIC_DNS HTTP Request to a *.misecure .com Domain (info.rules)
  • 2036104 - ET INFO DYNAMIC_DNS Query to a *.dsmtp .com Domain (info.rules)
  • 2042685 - ET INFO DYNAMIC_DNS Query to a *.dyndns-at-home .com Domain (info.rules)
  • 2042805 - ET INFO DYNAMIC_DNS HTTP Request to a *.myftp .biz Domain (info.rules)
  • 2047657 - ET INFO DYNAMIC_DNS HTTP Request to a *.appia .com .au Domain (info.rules)
  • 2047658 - ET INFO DYNAMIC_DNS Query to a *.joseulloa .cl Domain (info.rules)
  • 2047659 - ET INFO DYNAMIC_DNS HTTP Request to a *.joseulloa .cl Domain (info.rules)
  • 2804809 - ETPRO INFO DYNAMIC_DNS Query to *.gicp.net Domain (info.rules)

Disabled and modified rules:

  • 2055795 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (moneymoj .com) (exploit_kit.rules)
  • 2055796 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ganharcomblog .com) (exploit_kit.rules)
  • 2055797 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (swiftflicks .com) (exploit_kit.rules)
  • 2055798 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (moneymoj .com) (exploit_kit.rules)
  • 2055799 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ganharcomblog .com) (exploit_kit.rules)
  • 2055800 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (swiftflicks .com) (exploit_kit.rules)
  • 2055803 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (quickresource .xyz) (exploit_kit.rules)
  • 2055804 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (quickresource .xyz) (exploit_kit.rules)
  • 2055816 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (north-residence .com) (exploit_kit.rules)
  • 2055817 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (north-residence .com) (exploit_kit.rules)
  • 2055822 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (simplymecosmetics .com) (exploit_kit.rules)
  • 2055823 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (simplymecosmetics .com) (exploit_kit.rules)
  • 2055836 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tatemosher .com) (exploit_kit.rules)
  • 2055837 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (zeleitex .com) (exploit_kit.rules)
  • 2055838 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tatemosher .com) (exploit_kit.rules)
  • 2055839 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (zeleitex .com) (exploit_kit.rules)
  • 2057433 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lossycristi .cyou) (malware.rules)
  • 2057434 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lossycristi .cyou in TLS SNI) (malware.rules)
  • 2858828 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858829 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858830 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858831 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858832 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2858833 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)