Summary:
86 new OPEN, 108 new PRO (86 + 22)
Thanks JT
Added rules:
Open:
- 2059127 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dxkushha .com) (malware.rules)
- 2059128 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dxkushha .com in TLS SNI) (malware.rules)
- 2059129 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enthuasticsa .cyou) (malware.rules)
- 2059130 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enthuasticsa .cyou in TLS SNI) (malware.rules)
- 2059131 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fairiespar .cyou) (malware.rules)
- 2059132 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fairiespar .cyou in TLS SNI) (malware.rules)
- 2059133 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fraggielek .biz) (malware.rules)
- 2059134 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fraggielek .biz in TLS SNI) (malware.rules)
- 2059135 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grandiouseziu .biz) (malware.rules)
- 2059136 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grandiouseziu .biz in TLS SNI) (malware.rules)
- 2059137 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (littlenotii .biz) (malware.rules)
- 2059138 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (littlenotii .biz in TLS SNI) (malware.rules)
- 2059139 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mannydevelope .click) (malware.rules)
- 2059140 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mannydevelope .click in TLS SNI) (malware.rules)
- 2059141 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marketlumpe .biz) (malware.rules)
- 2059142 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (marketlumpe .biz in TLS SNI) (malware.rules)
- 2059143 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nuttyshopr .biz) (malware.rules)
- 2059144 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (nuttyshopr .biz in TLS SNI) (malware.rules)
- 2059145 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (punishzement .biz) (malware.rules)
- 2059146 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (punishzement .biz in TLS SNI) (malware.rules)
- 2059147 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (quantitypitt .click) (malware.rules)
- 2059148 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (quantitypitt .click in TLS SNI) (malware.rules)
- 2059149 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rampnatleadk .click) (malware.rules)
- 2059150 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rampnatleadk .click in TLS SNI) (malware.rules)
- 2059151 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spookycappy .biz) (malware.rules)
- 2059152 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spookycappy .biz in TLS SNI) (malware.rules)
- 2059153 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (truculengisau .biz) (malware.rules)
- 2059154 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (truculengisau .biz in TLS SNI) (malware.rules)
- 2059155 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (berserkyfir .click) (malware.rules)
- 2059156 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (berserkyfir .click in TLS SNI) (malware.rules)
- 2059157 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (charminammoc .cyou) (malware.rules)
- 2059158 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (charminammoc .cyou in TLS SNI) (malware.rules)
- 2059159 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (homelessdejs .cyou) (malware.rules)
- 2059160 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (homelessdejs .cyou in TLS SNI) (malware.rules)
- 2059161 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (migratteabid .click) (malware.rules)
- 2059162 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (migratteabid .click in TLS SNI) (malware.rules)
- 2059163 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (owerinternal .sbs) (malware.rules)
- 2059164 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (owerinternal .sbs in TLS SNI) (malware.rules)
- 2059165 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resonantpasot .icu) (malware.rules)
- 2059166 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resonantpasot .icu in TLS SNI) (malware.rules)
- 2059167 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wonderfulbelif .click) (malware.rules)
- 2059168 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wonderfulbelif .click in TLS SNI) (malware.rules)
- 2059169 - ET INFO Observed DNS Query to *.ngrok Domain (ngrok .pro) (info.rules)
- 2059170 - ET WEB_SPECIFIC_APPS Ivanti Connect Secure VPN IF-T/TLS HTTP Request (web_specific_apps.rules)
- 2059171 - ET EXPLOIT Ivanti Connect Secure VPN IF-T/TLS clientCapabilities Remote Code Execution (CVE-2025-0282) (exploit.rules)
- 2059172 - ET INFO Authoritative Nameservers in DNS Query Response (info.rules)
- 2059173 - ET WEB_SPECIFIC_APPS Aviatrix Controller Unauthenticated OS Command Injection (CVE-2024-50603) M1 (web_specific_apps.rules)
- 2059174 - ET WEB_SPECIFIC_APPS Aviatrix Controller Unauthenticated OS Command Injection (CVE-2024-50603) M2 (web_specific_apps.rules)
- 2059175 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (bapalal .com) (exploit_kit.rules)
- 2059176 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (bapalal .com) (exploit_kit.rules)
- 2059177 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (prpages .com) (exploit_kit.rules)
- 2059178 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (prpages .com) (exploit_kit.rules)
- 2059179 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (apex-shop .online) (exploit_kit.rules)
- 2059180 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (taymodel .top) (exploit_kit.rules)
- 2059181 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (apex-shop .online) (exploit_kit.rules)
- 2059182 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (taymodel .top) (exploit_kit.rules)
- 2059183 - ET INFO DYNAMIC_DNS Query to a *.j2e .nl domain (info.rules)
- 2059184 - ET INFO DYNAMIC_DNS HTTP Request to a *.j2e .nl domain (info.rules)
- 2059185 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .order .buyanemostatonline .com) (malware.rules)
- 2059186 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .order .buyanemostatonline .com) (malware.rules)
- 2059187 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (badgerkis .cam) (malware.rules)
- 2059188 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (badgerkis .cam in TLS SNI) (malware.rules)
- 2059189 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bloodyswif .lat) (malware.rules)
- 2059190 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bloodyswif .lat in TLS SNI) (malware.rules)
- 2059191 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (finickypwk .lat) (malware.rules)
- 2059192 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (finickypwk .lat in TLS SNI) (malware.rules)
- 2059193 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (goldyhanders .cyou) (malware.rules)
- 2059194 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (goldyhanders .cyou in TLS SNI) (malware.rules)
- 2059195 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (healthreiuvw .click) (malware.rules)
- 2059196 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (healthreiuvw .click in TLS SNI) (malware.rules)
- 2059197 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (jubbenjusk .biz) (malware.rules)
- 2059198 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (jubbenjusk .biz in TLS SNI) (malware.rules)
- 2059199 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (kickykiduz .lat) (malware.rules)
- 2059200 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (kickykiduz .lat in TLS SNI) (malware.rules)
- 2059201 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (leggelatez .lat) (malware.rules)
- 2059202 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (leggelatez .lat in TLS SNI) (malware.rules)
- 2059203 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (miniatureyu .lat) (malware.rules)
- 2059204 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (miniatureyu .lat in TLS SNI) (malware.rules)
- 2059205 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (motivatefaul .cyou) (malware.rules)
- 2059206 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (motivatefaul .cyou in TLS SNI) (malware.rules)
- 2059207 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (savorraiykj .lat) (malware.rules)
- 2059208 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (savorraiykj .lat in TLS SNI) (malware.rules)
- 2059209 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shoefeatthe .lat) (malware.rules)
- 2059210 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (shoefeatthe .lat in TLS SNI) (malware.rules)
- 2059211 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (washyceehsu .lat) (malware.rules)
- 2059212 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (washyceehsu .lat in TLS SNI) (malware.rules)
Pro:
- 2859565 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859566 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859567 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859568 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859569 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859570 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859571 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859572 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859573 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859574 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859575 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859576 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859577 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859578 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859579 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859580 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859581 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859582 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859583 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859584 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859585 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2859586 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)