Summary:
22 new OPEN, 24 new PRO (22 + 2)
Added rules:
Open:
- 2060649 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (rzegzwre .top) (malware.rules)
- 2060650 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (rzegzwre .top) (malware.rules)
- 2060651 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (klmnnilmahlkcje .top) (malware.rules)
- 2060652 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (klmnnilmahlkcje .top) (malware.rules)
- 2060653 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (ga1yo3wu78v48hh .top) (malware.rules)
- 2060654 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (ga1yo3wu78v48hh .top) (malware.rules)
- 2060655 - ET INFO Data-Public-Key and Data-Blocked-Page in HTTP Response (info.rules)
- 2060656 - ET INFO HTTP API Request to Events Endpoint with X-Public-Key header (info.rules)
- 2060657 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (agroecologyguide .digital) (malware.rules)
- 2060658 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (agroecologyguide .digital) in TLS SNI (malware.rules)
- 2060659 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cropcircleforum .today) (malware.rules)
- 2060660 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cropcircleforum .today) in TLS SNI (malware.rules)
- 2060661 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drunkeflavorz .pw) (malware.rules)
- 2060662 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drunkeflavorz .pw) in TLS SNI (malware.rules)
- 2060663 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (farfinable .top) (malware.rules)
- 2060664 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (farfinable .top) in TLS SNI (malware.rules)
- 2060665 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (seedsxouts .shop) (malware.rules)
- 2060666 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (seedsxouts .shop) in TLS SNI (malware.rules)
- 2060667 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wriggleregisterycos .pw) (malware.rules)
- 2060668 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wriggleregisterycos .pw) in TLS SNI (malware.rules)
- 2060669 - ET MALWARE AsyncRAT Installer Payload Request (malware.rules)
- 2060670 - ET MALWARE AsyncRAT Victim Checkin (malware.rules)
Pro:
- 2860577 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2860578 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)