Ruleset Update Summary - 2025/03/06 - v10873

rulesbot · March 6, 2025, 9:14pm

Summary:

22 new OPEN, 24 new PRO (22 + 2)

Added rules:

Open:

2060649 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (rzegzwre .top) (malware.rules)
2060650 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (rzegzwre .top) (malware.rules)
2060651 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (klmnnilmahlkcje .top) (malware.rules)
2060652 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (klmnnilmahlkcje .top) (malware.rules)
2060653 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (ga1yo3wu78v48hh .top) (malware.rules)
2060654 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (ga1yo3wu78v48hh .top) (malware.rules)
2060655 - ET INFO Data-Public-Key and Data-Blocked-Page in HTTP Response (info.rules)
2060656 - ET INFO HTTP API Request to Events Endpoint with X-Public-Key header (info.rules)
2060657 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (agroecologyguide .digital) (malware.rules)
2060658 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (agroecologyguide .digital) in TLS SNI (malware.rules)
2060659 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cropcircleforum .today) (malware.rules)
2060660 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cropcircleforum .today) in TLS SNI (malware.rules)
2060661 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drunkeflavorz .pw) (malware.rules)
2060662 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drunkeflavorz .pw) in TLS SNI (malware.rules)
2060663 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (farfinable .top) (malware.rules)
2060664 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (farfinable .top) in TLS SNI (malware.rules)
2060665 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (seedsxouts .shop) (malware.rules)
2060666 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (seedsxouts .shop) in TLS SNI (malware.rules)
2060667 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wriggleregisterycos .pw) (malware.rules)
2060668 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wriggleregisterycos .pw) in TLS SNI (malware.rules)
2060669 - ET MALWARE AsyncRAT Installer Payload Request (malware.rules)
2060670 - ET MALWARE AsyncRAT Victim Checkin (malware.rules)

Pro:

2860577 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2860578 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/02/20 - v10536 Ruleset Updates	505	February 20, 2024
Ruleset Update Summary - 2025/02/03 - v10851 Ruleset Updates	109	February 3, 2025
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	120	November 12, 2024
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	84	December 26, 2024
Ruleset Update Summary - 2024/11/15 - v10743 Ruleset Updates	129	November 15, 2024

Ruleset Update Summary - 2025/03/06 - v10873

Summary:

Added rules:

Open:

Pro:

Related topics