Summary:
30 new OPEN, 54 new PRO (30 + 24)
Added rules:
Open:
- 2058536 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (beefshooti .click) (malware.rules)
- 2058537 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (beefshooti .click in TLS SNI) (malware.rules)
- 2058538 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bithithol .click) (malware.rules)
- 2058539 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bithithol .click in TLS SNI) (malware.rules)
- 2058540 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cheapptaxysu .click) (malware.rules)
- 2058541 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cheapptaxysu .click in TLS SNI) (malware.rules)
- 2058542 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fannleadyn .click) (malware.rules)
- 2058543 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fannleadyn .click in TLS SNI) (malware.rules)
- 2058544 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (observerfry .lat) (malware.rules)
- 2058545 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (observerfry .lat in TLS SNI) (malware.rules)
- 2058546 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (obtainableruun .click) (malware.rules)
- 2058547 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (obtainableruun .click in TLS SNI) (malware.rules)
- 2058548 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (throushgje .click) (malware.rules)
- 2058549 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (throushgje .click in TLS SNI) (malware.rules)
- 2058550 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (undesirabkel .click) (malware.rules)
- 2058551 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (undesirabkel .click in TLS SNI) (malware.rules)
- 2058552 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (volcanoyev .click) (malware.rules)
- 2058553 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (volcanoyev .click in TLS SNI) (malware.rules)
- 2058554 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (fastard .com) (exploit_kit.rules)
- 2058555 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (enethost .com) (exploit_kit.rules)
- 2058556 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (fastard .com) (exploit_kit.rules)
- 2058557 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (enethost .com) (exploit_kit.rules)
- 2058558 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .stock .letsgoautomotive .com) (malware.rules)
- 2058559 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .stock .letsgoautomotive .com) (malware.rules)
- 2058560 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (markydinnt .lat) (malware.rules)
- 2058561 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (markydinnt .lat in TLS SNI) (malware.rules)
- 2058562 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thingssalver .click) (malware.rules)
- 2058563 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thingssalver .click in TLS SNI) (malware.rules)
- 2058564 - ET PHISHING Transit Scam Domain in DNS Lookup (phishing.rules)
- 2058565 - ET PHISHING Observed Transit Scams Domain in TLS SNI (phishing.rules)
Pro:
- 2859430 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859431 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859432 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859433 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859434 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859435 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859436 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859437 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859438 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859439 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859440 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859441 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859442 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859443 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859444 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2859445 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859446 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2859447 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859448 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2859449 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859450 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859451 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2859452 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859453 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
Disabled and modified rules:
- 2053494 - ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (jswebcache .com) (exploit_kit.rules)
- 2053495 - ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (jswebcache .com) (exploit_kit.rules)
- 2054721 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .living .miraclesofeucharisticjesus .org) (malware.rules)
- 2054867 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .donors .eucharisticjesus .net) (malware.rules)
- 2055223 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .guide .borden-carleton .ca) (malware.rules)
- 2055316 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sponsor .printondemandagency .com) (malware.rules)
- 2055361 - ET MALWARE Lumma Stealer Domain in DNS Lookup (drinnkysoapmzv .shop) (malware.rules)
- 2055362 - ET MALWARE Lumma Stealer Domain in DNS Lookup (spoortsiso .shop) (malware.rules)
- 2055363 - ET MALWARE Lumma Stealer Domain in DNS Lookup (uttercarrigsno .shop) (malware.rules)
- 2055364 - ET MALWARE Lumma Stealer Domain in TLS SNI (drinnkysoapmzv .shop) (malware.rules)
- 2055365 - ET MALWARE Lumma Stealer Domain in TLS SNI (spoortsiso .shop) (malware.rules)
- 2055366 - ET MALWARE Lumma Stealer Domain in TLS SNI (uttercarrigsno .shop) (malware.rules)
- 2055439 - ET MALWARE Lumma Stealer Domain in DNS Lookup (fictionnykwop .shop) (malware.rules)
- 2055440 - ET MALWARE Lumma Stealer Domain in TLS SNI (fictionnykwop .shop) (malware.rules)
- 2055770 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .benefits .melanatedbloodlinesrestoration .com) (malware.rules)
- 2055868 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .therapy .emergencepsychservices .com) (malware.rules)
- 2056033 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .free .thebitmeister .com) (malware.rules)
- 2056322 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .shades .whatisaweekend .com) (malware.rules)
- 2056555 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .outfit .dianamercer .com) (malware.rules)
- 2056734 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (srftjwrty6kew .shop) (exploit_kit.rules)
- 2056735 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (srftjwrty6kew .shop) (exploit_kit.rules)
- 2056740 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (dareka4te .shop) (exploit_kit.rules)
- 2056741 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (dareka4te .shop) (exploit_kit.rules)
- 2056742 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .house .zionanakwenze .com) (malware.rules)
- 2056743 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .house .zionanakwenze .com) (malware.rules)
- 2056769 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (saveourmalta .com) (exploit_kit.rules)
- 2056770 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (deltaldcenter .com) (exploit_kit.rules)
- 2056771 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (saveourmalta .com) (exploit_kit.rules)
- 2056772 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (deltaldcenter .com) (exploit_kit.rules)
- 2057029 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (solcongeneral .com) (exploit_kit.rules)
- 2057030 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (solcongeneral .com) (exploit_kit.rules)
- 2057038 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (adullamglobal .com) (exploit_kit.rules)
- 2057039 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (adullamglobal .com) (exploit_kit.rules)
- 2057040 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cuansurga .cam) (exploit_kit.rules)
- 2057041 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cuansurga .cam) (exploit_kit.rules)
- 2057058 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arubapalmrealtor .com) (exploit_kit.rules)
- 2057059 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arubapalmrealtor .com) (exploit_kit.rules)
- 2057060 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cosdfdfrefdch .best) (exploit_kit.rules)
- 2057061 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cosdfdfrefdch .best) (exploit_kit.rules)
- 2858208 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
- 2859259 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859260 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859264 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859322 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859323 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859324 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859342 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859343 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)