Summary:
30 new OPEN, 125 new PRO (30 + 95)
Added rules:
Open:
- 2059332 - ET INFO DYNAMIC_DNS Query to a *.safira .com .my domain (info.rules)
- 2059333 - ET INFO DYNAMIC_DNS HTTP Request to a *.safira .com .my domain (info.rules)
- 2059334 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (actleavejr .shop) (malware.rules)
- 2059335 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (actleavejr .shop in TLS SNI) (malware.rules)
- 2059336 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (contractsmell .cyou) (malware.rules)
- 2059337 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (contractsmell .cyou in TLS SNI) (malware.rules)
- 2059338 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (givecuubys .click) (malware.rules)
- 2059339 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (givecuubys .click in TLS SNI) (malware.rules)
- 2059340 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sailstrangej .cyou) (malware.rules)
- 2059341 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sailstrangej .cyou in TLS SNI) (malware.rules)
- 2059342 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (skistarteriz .bond) (malware.rules)
- 2059343 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (skistarteriz .bond in TLS SNI) (malware.rules)
- 2059344 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (testylaughge .top) (malware.rules)
- 2059345 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (testylaughge .top in TLS SNI) (malware.rules)
- 2059346 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (twigbestug .shop) (malware.rules)
- 2059347 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (twigbestug .shop in TLS SNI) (malware.rules)
- 2059348 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordemnyauop .shop) (malware.rules)
- 2059349 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wordemnyauop .shop in TLS SNI) (malware.rules)
- 2059350 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (yokecarvekio .cyou) (malware.rules)
- 2059351 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (yokecarvekio .cyou in TLS SNI) (malware.rules)
- 2059352 - ET INFO DYNAMIC_DNS Query to a *.masdiseno .com domain (info.rules)
- 2059353 - ET INFO DYNAMIC_DNS HTTP Request to a *.masdiseno .com domain (info.rules)
- 2059354 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (craveinjuur .shop) (malware.rules)
- 2059355 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (craveinjuur .shop in TLS SNI) (malware.rules)
- 2059356 - ET INFO DYNAMIC_DNS Query to a *.astraltech .org domain (info.rules)
- 2059357 - ET INFO DYNAMIC_DNS HTTP Request to a *.astraltech .org domain (info.rules)
- 2059358 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .trial .buyintercomsonline .com) (malware.rules)
- 2059359 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .trial .buyintercomsonline .com) (malware.rules)
- 2059360 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (supplyedtwoz .click) (malware.rules)
- 2059361 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (supplyedtwoz .click in TLS SNI) (malware.rules)
Pro:
- 2859637 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859638 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859639 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859640 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859641 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859642 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
- 2859643 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2859644 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
- 2859645 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
- 2859646 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859647 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2859648 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859649 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2859650 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859651 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859652 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2859653 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859654 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859655 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859656 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859657 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859658 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859659 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
- 2859660 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2859661 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
- 2859662 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
- 2859663 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859664 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2859665 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859666 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2859667 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859668 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859669 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2859670 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859671 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859672 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859673 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859674 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859675 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859676 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
- 2859677 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2859678 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
- 2859679 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
- 2859680 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859681 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2859682 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859683 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2859684 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859685 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859686 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2859687 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859688 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859689 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859690 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859691 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859692 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859693 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859694 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859695 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859696 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859697 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859698 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859699 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859700 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859701 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
- 2859702 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2859703 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
- 2859704 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
- 2859705 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859706 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2859707 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859708 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2859709 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859710 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859711 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2859712 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859713 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859714 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859715 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859716 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859717 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859718 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859719 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859720 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859721 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2859722 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2859723 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
- 2859724 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2859725 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
- 2859726 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2859727 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
- 2859728 - ETPRO MALWARE Trojan-Banker.AndroidOS.Banbra.ak Domain (malware.rules)
- 2859729 - ETPRO MALWARE Backdoor.AndroidOS.Brata.a Domain (malware.rules)
- 2859730 - ETPRO MALWARE Android/Spy.Banker.CEC Domain (malware.rules)
- 2859731 - ETPRO MALWARE Android/Spy.Banker.BDB Domain (malware.rules)