Summary:
20 new OPEN, 22 new PRO (20 + 2)
Added rules:
Open:
- 2058516 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (we-careu .xyz) (exploit_kit.rules)
- 2058517 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (haimasher .xyz) (exploit_kit.rules)
- 2058518 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (suclub .xyz) (exploit_kit.rules)
- 2058519 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (we-careu .xyz) (exploit_kit.rules)
- 2058520 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (haimasher .xyz) (exploit_kit.rules)
- 2058521 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (suclub .xyz) (exploit_kit.rules)
- 2058522 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (dhusch .com) (exploit_kit.rules)
- 2058523 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (dhusch .com) (exploit_kit.rules)
- 2058524 - ET INFO DYNAMIC_DNS Query to a *.karsten .com .mx domain (info.rules)
- 2058525 - ET INFO DYNAMIC_DNS HTTP Request to a *.karsten .com .mx domain (info.rules)
- 2058526 - ET INFO DYNAMIC_DNS Query to a *.record-point .com .au domain (info.rules)
- 2058527 - ET INFO DYNAMIC_DNS HTTP Request to a *.record-point .com .au domain (info.rules)
- 2058528 - ET INFO DYNAMIC_DNS Query to a *.hitam .id domain (info.rules)
- 2058529 - ET INFO DYNAMIC_DNS HTTP Request to a *.hitam .id domain (info.rules)
- 2058530 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (erectystickj .click) (malware.rules)
- 2058531 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (erectystickj .click in TLS SNI) (malware.rules)
- 2058532 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marrieddinn .click) (malware.rules)
- 2058533 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (marrieddinn .click in TLS SNI) (malware.rules)
- 2058534 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (volcanohushe .click) (malware.rules)
- 2058535 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (volcanohushe .click in TLS SNI) (malware.rules)
Pro:
- 2859428 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859429 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)