Summary:
146 new OPEN, 157 new PRO (146 + 11)
Thanks @Unit42_Intel
Added rules:
Open:
- 2059465 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (creativemindtop .top) (malware.rules)
- 2059466 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (creativemindtop .top in TLS SNI) (malware.rules)
- 2059467 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rystrom .com) (exploit_kit.rules)
- 2059468 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rystrom .com) (exploit_kit.rules)
- 2059469 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kuishei .top) (exploit_kit.rules)
- 2059470 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kuishei .top) (exploit_kit.rules)
- 2059471 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet-rpc .bnbchain .org) (info.rules)
- 2059472 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
- 2059473 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
- 2059474 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .publicnode .com) (info.rules)
- 2059475 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet-rpc .bnbchain .org) (info.rules)
- 2059476 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
- 2059477 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
- 2059478 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb .publicnode .com) (info.rules)
- 2059479 - ET INFO Observed Smart Chain Domain in DNS Lookup (nodereal .io) (info.rules)
- 2059480 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-chain-ap .bnbchain .org) (info.rules)
- 2059481 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-chain-us .bnbchain .org) (info.rules)
- 2059482 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-chain-eu .bnbchain .org) (info.rules)
- 2059483 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-chain .bnbchain .org) (info.rules)
- 2059484 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield .bnbchain .org) (info.rules)
- 2059485 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-sp .bnbchain .org) (info.rules)
- 2059486 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-sp .nodereal .io) (info.rules)
- 2059487 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-sp .ninicoin .io) (info.rules)
- 2059488 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-sp .defibit .io) (info.rules)
- 2059489 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-sp .nariox .org) (info.rules)
- 2059490 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-sp .lumibot .org) (info.rules)
- 2059491 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield-sp .voltbot .io) (info.rules)
- 2059492 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .bnbchain .org) (info.rules)
- 2059493 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .nariox .org) (info.rules)
- 2059494 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .defibit .io) (info.rules)
- 2059495 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .ninicoin .io) (info.rules)
- 2059496 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .nodereal .io) (info.rules)
- 2059497 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed-public .bnbchain .org) (info.rules)
- 2059498 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet-rpc .bnbchain .org) (info.rules)
- 2059499 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
- 2059500 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
- 2059501 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-blobhub .bnbchain .org) (info.rules)
- 2059502 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-blobhub-bsc .bnbchain .org) (info.rules)
- 2059503 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-bsc-archiver-mainnet .bnbchain .org) (info.rules)
- 2059504 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-fullnode-tendermint-us .bnbchain .org) (info.rules)
- 2059505 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-fullnode-tendermint-ap .bnbchain .org) (info.rules)
- 2059506 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield .bnbchain .org) (info.rules)
- 2059507 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-sp1 .bnbchain .org) (info.rules)
- 2059508 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-sp2 .bnbchain .org) (info.rules)
- 2059509 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-sp3 .bnbchain .org) (info.rules)
- 2059510 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-sp4 .bnbchain .org) (info.rules)
- 2059511 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-sp1 .nodereal .io) (info.rules)
- 2059512 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-sp2 .nodereal .io) (info.rules)
- 2059513 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-testnet-sp3 .nodereal .io) (info.rules)
- 2059514 - ET INFO Observed Smart Chain Domain in DNS Lookup (data-seed-prebsc-1-s1 .bnbchain .org) (info.rules)
- 2059515 - ET INFO Observed Smart Chain Domain in DNS Lookup (data-seed-prebsc-2-s1 .bnbchain .org) (info.rules)
- 2059516 - ET INFO Observed Smart Chain Domain in DNS Lookup (data-seed-prebsc-1-s2 .bnbchain .org) (info.rules)
- 2059517 - ET INFO Observed Smart Chain Domain in DNS Lookup (data-seed-prebsc-2-s2 .bnbchain .org) (info.rules)
- 2059518 - ET INFO Observed Smart Chain Domain in DNS Lookup (data-seed-prebsc-1-s3 .bnbchain .org) (info.rules)
- 2059519 - ET INFO Observed Smart Chain Domain in DNS Lookup (data-seed-prebsc-2-s3 .bnbchain .org) (info.rules)
- 2059520 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet-rpc .bnbchain .org) (info.rules)
- 2059521 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
- 2059522 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
- 2059523 - ET INFO Observed Smart Chain Domain in DNS Lookup (gnfd-bsc-archiver-testnet .bnbchain .org) (info.rules)
- 2059524 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet-rpc .bnbchain .org) (info.rules)
- 2059525 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
- 2059526 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
- 2059527 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .publicnode .com) (info.rules)
- 2059528 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet-rpc .bnbchain .org) (info.rules)
- 2059529 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
- 2059530 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
- 2059531 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb .publicnode .com) (info.rules)
- 2059532 - ET INFO Observed Smart Chain Domain in TLS SNI (nodereal .io) (info.rules)
- 2059533 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-chain-ap .bnbchain .org) (info.rules)
- 2059534 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-chain-us .bnbchain .org) (info.rules)
- 2059535 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-chain-eu .bnbchain .org) (info.rules)
- 2059536 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-chain .bnbchain .org) (info.rules)
- 2059537 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield .bnbchain .org) (info.rules)
- 2059538 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-sp .bnbchain .org) (info.rules)
- 2059539 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-sp .nodereal .io) (info.rules)
- 2059540 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-sp .ninicoin .io) (info.rules)
- 2059541 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-sp .defibit .io) (info.rules)
- 2059542 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-sp .nariox .org) (info.rules)
- 2059543 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-sp .lumibot .org) (info.rules)
- 2059544 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield-sp .voltbot .io) (info.rules)
- 2059545 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .bnbchain .org) (info.rules)
- 2059546 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .nariox .org) (info.rules)
- 2059547 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .defibit .io) (info.rules)
- 2059548 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .ninicoin .io) (info.rules)
- 2059549 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .nodereal .io) (info.rules)
- 2059550 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed-public .bnbchain .org) (info.rules)
- 2059551 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet-rpc .bnbchain .org) (info.rules)
- 2059552 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
- 2059553 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
- 2059554 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-blobhub .bnbchain .org) (info.rules)
- 2059555 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-blobhub-bsc .bnbchain .org) (info.rules)
- 2059556 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-bsc-archiver-mainnet .bnbchain .org) (info.rules)
- 2059557 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-fullnode-tendermint-us .bnbchain .org) (info.rules)
- 2059558 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-fullnode-tendermint-ap .bnbchain .org) (info.rules)
- 2059559 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield .bnbchain .org) (info.rules)
- 2059560 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-sp1 .bnbchain .org) (info.rules)
- 2059561 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-sp2 .bnbchain .org) (info.rules)
- 2059562 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-sp3 .bnbchain .org) (info.rules)
- 2059563 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-sp4 .bnbchain .org) (info.rules)
- 2059564 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-sp1 .nodereal .io) (info.rules)
- 2059565 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-sp2 .nodereal .io) (info.rules)
- 2059566 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-testnet-sp3 .nodereal .io) (info.rules)
- 2059567 - ET INFO Observed Smart Chain Domain in TLS SNI (data-seed-prebsc-1-s1 .bnbchain .org) (info.rules)
- 2059568 - ET INFO Observed Smart Chain Domain in TLS SNI (data-seed-prebsc-2-s1 .bnbchain .org) (info.rules)
- 2059569 - ET INFO Observed Smart Chain Domain in TLS SNI (data-seed-prebsc-1-s2 .bnbchain .org) (info.rules)
- 2059570 - ET INFO Observed Smart Chain Domain in TLS SNI (data-seed-prebsc-2-s2 .bnbchain .org) (info.rules)
- 2059571 - ET INFO Observed Smart Chain Domain in TLS SNI (data-seed-prebsc-1-s3 .bnbchain .org) (info.rules)
- 2059572 - ET INFO Observed Smart Chain Domain in TLS SNI (data-seed-prebsc-2-s3 .bnbchain .org) (info.rules)
- 2059573 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet-rpc .bnbchain .org) (info.rules)
- 2059574 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
- 2059575 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
- 2059576 - ET INFO Observed Smart Chain Domain in TLS SNI (gnfd-bsc-archiver-testnet .bnbchain .org) (info.rules)
- 2059577 - ET INFO DYNAMIC_DNS Query to a *.drosenbloom .com domain (info.rules)
- 2059578 - ET INFO DYNAMIC_DNS HTTP Request to a *.drosenbloom .com domain (info.rules)
- 2059579 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (amazingmassivei .shop) (malware.rules)
- 2059580 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (amazingmassivei .shop in TLS SNI) (malware.rules)
- 2059581 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (apparatusblez .top) (malware.rules)
- 2059582 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (apparatusblez .top in TLS SNI) (malware.rules)
- 2059583 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (beevasyeip .bond) (malware.rules)
- 2059584 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (beevasyeip .bond in TLS SNI) (malware.rules)
- 2059585 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (broadecatez .bond) (malware.rules)
- 2059586 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (broadecatez .bond in TLS SNI) (malware.rules)
- 2059587 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drainytwiggy .shop) (malware.rules)
- 2059588 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drainytwiggy .shop in TLS SNI) (malware.rules)
- 2059589 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (factlosserk .click) (malware.rules)
- 2059590 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (factlosserk .click in TLS SNI) (malware.rules)
- 2059591 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (granystearr .bond) (malware.rules)
- 2059592 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (granystearr .bond in TLS SNI) (malware.rules)
- 2059593 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (longingfluffyr .cyou) (malware.rules)
- 2059594 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (longingfluffyr .cyou in TLS SNI) (malware.rules)
- 2059595 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mannelaeksug .top) (malware.rules)
- 2059596 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mannelaeksug .top in TLS SNI) (malware.rules)
- 2059597 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (measlyrefusz .biz) (malware.rules)
- 2059598 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (measlyrefusz .biz in TLS SNI) (malware.rules)
- 2059599 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (quarrelepek .bond) (malware.rules)
- 2059600 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (quarrelepek .bond in TLS SNI) (malware.rules)
- 2059601 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rockemineu .bond) (malware.rules)
- 2059602 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rockemineu .bond in TLS SNI) (malware.rules)
- 2059603 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tranuqlekper .bond) (malware.rules)
- 2059604 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tranuqlekper .bond in TLS SNI) (malware.rules)
- 2059605 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (unicorntop .top) (malware.rules)
- 2059606 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (unicorntop .top in TLS SNI) (malware.rules)
- 2059607 - ET MALWARE Fake Microsoft Teams CnC Payload Request (GET) (malware.rules)
- 2059608 - ET MALWARE Fake Microsoft Teams VBS Payload Inbound (malware.rules)
- 2059609 - ET MALWARE SocGholish CnC Domain in DNS Lookup (customer .aaddigitalstrategies .com) (malware.rules)
- 2059610 - ET MALWARE SocGholish CnC Domain in TLS SNI (customer .aaddigitalstrategies .com) (malware.rules)
Pro:
- 2859775 - ETPRO MALWARE Trojan-Dropper.AndroidOS.Hqwar.df DNS Lookup (malware.rules)
- 2859776 - ETPRO HUNTING PDF Launch Action File Spec Contains Domain-Like Value (hunting.rules)
- 2859777 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859778 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859779 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859780 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859781 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859782 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859783 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859784 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859785 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
Disabled and modified rules:
- 2048471 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .live) (malware.rules)
- 2048472 - ET MALWARE Malicious Domain in DNS Lookup (cloudjs .live) (malware.rules)
- 2048473 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .ink) (malware.rules)
- 2048474 - ET MALWARE Malicious Domain in DNS Lookup (jscloud .biz) (malware.rules)
- 2048475 - ET MALWARE Malicious Domain in DNS Lookup (jscdn .biz) (malware.rules)
- 2048479 - ET MALWARE Observed Malicious Domain (jscloud .live in TLS SNI) (malware.rules)
- 2048480 - ET MALWARE Observed Malicious Domain (cloudjs .live in TLS SNI) (malware.rules)
- 2048481 - ET MALWARE Observed Malicious Domain (jscloud .ink in TLS SNI) (malware.rules)
- 2048482 - ET MALWARE Observed Malicious Domain (jscloud .biz in TLS SNI) (malware.rules)
- 2048483 - ET MALWARE Observed Malicious Domain (jscdn .biz in TLS SNI) (malware.rules)
- 2048484 - ET MALWARE DNS Query to Ursnif Domain (communicalink .com) (malware.rules)
- 2048486 - ET MALWARE DNS Query to Ursnif Domain (mifrutty .com) (malware.rules)
- 2048487 - ET MALWARE Observed Ursnif Domain (mifrutty .com in TLS SNI) (malware.rules)
- 2059086 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .static .buyweatherstriponline .com) (malware.rules)
- 2059087 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .static .buyweatherstriponline .com) (malware.rules)
- 2059419 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immolatechallen .bond) (malware.rules)
- 2855320 - ETPRO PHISHING DNS Query to TOAD Domain (phishing.rules)
- 2855321 - ETPRO PHISHING Observed TOAD Domain in TLS SNI (phishing.rules)
- 2855334 - ETPRO MALWARE Malicious Domain in DNS Lookup (malware.rules)
- 2855335 - ETPRO MALWARE Observed Malicious Domain in TLS SNI (malware.rules)