Summary:
30 new OPEN, 34 new PRO (30 + 4)
Added rules:
Open:
- 2058566 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (discoves .com) (exploit_kit.rules)
- 2058567 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (discoves .com) (exploit_kit.rules)
- 2058568 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (amcikressimleri .xyz) (exploit_kit.rules)
- 2058569 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (amcikressimleri .xyz) (exploit_kit.rules)
- 2058570 - ET INFO DYNAMIC_DNS Query to a *.port82 .net domain (info.rules)
- 2058571 - ET INFO DYNAMIC_DNS HTTP Request to a *.port82 .net domain (info.rules)
- 2058572 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) (malware.rules)
- 2058573 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (appliacnesot .buzz in TLS SNI) (malware.rules)
- 2058574 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (brokenmatte .click) (malware.rules)
- 2058575 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (brokenmatte .click in TLS SNI) (malware.rules)
- 2058576 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) (malware.rules)
- 2058577 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cashfuzysao .buzz in TLS SNI) (malware.rules)
- 2058578 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) (malware.rules)
- 2058579 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hummskitnj .buzz in TLS SNI) (malware.rules)
- 2058580 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) (malware.rules)
- 2058581 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (inherineau .buzz in TLS SNI) (malware.rules)
- 2058582 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz) (malware.rules)
- 2058583 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mindhandru .buzz in TLS SNI) (malware.rules)
- 2058584 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) (malware.rules)
- 2058585 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (prisonyfork .buzz in TLS SNI) (malware.rules)
- 2058586 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) (malware.rules)
- 2058587 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rebuildeso .buzz in TLS SNI) (malware.rules)
- 2058588 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) (malware.rules)
- 2058589 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scentniej .buzz in TLS SNI) (malware.rules)
- 2058590 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) (malware.rules)
- 2058591 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (screwamusresz .buzz in TLS SNI) (malware.rules)
- 2058592 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slimmybearz .click) (malware.rules)
- 2058593 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (slimmybearz .click in TLS SNI) (malware.rules)
- 2058594 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tackybrushz .click) (malware.rules)
- 2058595 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tackybrushz .click in TLS SNI) (malware.rules)
Pro:
- 2859454 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859455 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859456 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859457 - ETPRO MALWARE Trojan-Banker.AndroidOS.BRats.d CnC Domain in DNS Lookup (malware.rules)
Modified inactive rules:
- 2027729 - ET MALWARE Windigo SSH Connection Received (Ebury < 1.7.0) (malware.rules)
- 2027730 - ET MALWARE Windigo SSH Connection Received (Ebury > 1.7.0) (malware.rules)
- 2836269 - ETPRO MALWARE QuasarRAT C2 KeepAlive (malware.rules)