Summary:
25 new OPEN, 30 new PRO (25 + 5)
Thanks @lontze71
Added rules:
Open:
- 2059611 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (adventurestoptop .top) (malware.rules)
- 2059612 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (adventurestoptop .top in TLS SNI) (malware.rules)
- 2059613 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bootstringjl .click) (malware.rules)
- 2059614 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bootstringjl .click in TLS SNI) (malware.rules)
- 2059615 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cuproomymis .top) (malware.rules)
- 2059616 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cuproomymis .top in TLS SNI) (malware.rules)
- 2059617 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offsetyofcre .bond) (malware.rules)
- 2059618 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offsetyofcre .bond in TLS SNI) (malware.rules)
- 2059619 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pluckgatterio .shop) (malware.rules)
- 2059620 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pluckgatterio .shop in TLS SNI) (malware.rules)
- 2059621 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pullynailksu .click) (malware.rules)
- 2059622 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pullynailksu .click in TLS SNI) (malware.rules)
- 2059623 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sizefixeds .icu) (malware.rules)
- 2059624 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sizefixeds .icu in TLS SNI) (malware.rules)
- 2059625 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (weighcobbweo .top) (malware.rules)
- 2059626 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (weighcobbweo .top in TLS SNI) (malware.rules)
- 2059627 - ET PHISHING Observed DNS Query to Scattered Spider Phishing Domain (okta-louisvuitton .com) (phishing.rules)
- 2059628 - ET PHISHING Observed Scattered Spider Domain (okta-louisvuitton .com in TLS SNI) (phishing.rules)
- 2059629 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cialispanettet .top) (exploit_kit.rules)
- 2059630 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cialispanettet .top) (exploit_kit.rules)
- 2059631 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (sinobz .com) (exploit_kit.rules)
- 2059632 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (sinobz .com) (exploit_kit.rules)
- 2059633 - ET MALWARE Lazarus APT Electron CnC Activity (GET) M1 (malware.rules)
- 2059634 - ET MALWARE Lazarus APT Electron CnC Activity (GET) M2 (malware.rules)
- 2059635 - ET MALWARE Lazarus APT Electron CnC Activity (GET) M3 (malware.rules)
Pro:
- 2859786 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2859787 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859788 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859789 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859790 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
Disabled and modified rules:
- 2044529 - ET MALWARE Observed DNS Query to NanoCore Domain (nanocore2023 .duckdns .org) (malware.rules)
- 2057791 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (assetoutdoor .shop) (exploit_kit.rules)
- 2057792 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (opporeno8 .com) (exploit_kit.rules)
- 2057793 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (reviewtypes .com) (exploit_kit.rules)
- 2057794 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (modandcrackedapk .com) (exploit_kit.rules)
- 2057795 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (assetoutdoor .shop) (exploit_kit.rules)
- 2057796 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (opporeno8 .com) (exploit_kit.rules)
- 2057797 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (reviewtypes .com) (exploit_kit.rules)
- 2057798 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (modandcrackedapk .com) (exploit_kit.rules)
- 2057799 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (codereviewerss .com) (exploit_kit.rules)
- 2057800 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (esaleerugs .com) (exploit_kit.rules)
- 2057801 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ilsotto .com) (exploit_kit.rules)
- 2057802 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (codereviewerss .com) (exploit_kit.rules)
- 2057803 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (esaleerugs .com) (exploit_kit.rules)
- 2057804 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ilsotto .com) (exploit_kit.rules)
- 2057810 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .lessons .southsidechurchofchristla .org) (malware.rules)
- 2057889 - ET MALWARE Observed DNS Query to RuPSRAT Domain (shopping-nice .com) (malware.rules)
- 2057890 - ET MALWARE Observed Payload Delivery Domain (shopping-nice .com in TLS SNI) (malware.rules)
- 2058271 - ET MALWARE Observed PUMAKIT Domain (sec .opsecurity1 .art in TLS SNI) (malware.rules)
- 2058272 - ET MALWARE Observed PUMAKIT Domain (rhel .opsecurity1 .art in TLS SNI) (malware.rules)
- 2059473 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
- 2059477 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
- 2059492 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .bnbchain .org) (info.rules)
- 2059493 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .nariox .org) (info.rules)
- 2059494 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .defibit .io) (info.rules)
- 2059495 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed .ninicoin .io) (info.rules)
- 2059496 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc .nodereal .io) (info.rules)
- 2059497 - ET INFO Observed Smart Chain Domain in DNS Lookup (bsc-dataseed-public .bnbchain .org) (info.rules)
- 2059498 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet-rpc .bnbchain .org) (info.rules)
- 2059499 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
- 2059500 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-mainnet .nodereal .io) (info.rules)
- 2059506 - ET INFO Observed Smart Chain Domain in DNS Lookup (greenfield .bnbchain .org) (info.rules)
- 2059520 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet-rpc .bnbchain .org) (info.rules)
- 2059521 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
- 2059522 - ET INFO Observed Smart Chain Domain in DNS Lookup (opbnb-testnet .nodereal .io) (info.rules)
- 2059526 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
- 2059530 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
- 2059545 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .bnbchain .org) (info.rules)
- 2059546 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .nariox .org) (info.rules)
- 2059547 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .defibit .io) (info.rules)
- 2059548 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed .ninicoin .io) (info.rules)
- 2059549 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc .nodereal .io) (info.rules)
- 2059550 - ET INFO Observed Smart Chain Domain in TLS SNI (bsc-dataseed-public .bnbchain .org) (info.rules)
- 2059551 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet-rpc .bnbchain .org) (info.rules)
- 2059552 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-mainnet .nodereal .io) (info.rules)
- 2059559 - ET INFO Observed Smart Chain Domain in TLS SNI (greenfield .bnbchain .org) (info.rules)
- 2059573 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet-rpc .bnbchain .org) (info.rules)
- 2059574 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)
- 2059575 - ET INFO Observed Smart Chain Domain in TLS SNI (opbnb-testnet .nodereal .io) (info.rules)