Ruleset Update Summary - 2025/03/06 - v10873

Summary:

22 new OPEN, 24 new PRO (22 + 2)


Added rules:

Open:

  • 2060649 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (rzegzwre .top) (malware.rules)
  • 2060650 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (rzegzwre .top) (malware.rules)
  • 2060651 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (klmnnilmahlkcje .top) (malware.rules)
  • 2060652 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (klmnnilmahlkcje .top) (malware.rules)
  • 2060653 - ET MALWARE AsyncRAT CnC Domain in DNS Lookup (ga1yo3wu78v48hh .top) (malware.rules)
  • 2060654 - ET MALWARE AsyncRAT CnC Domain in TLS SNI (ga1yo3wu78v48hh .top) (malware.rules)
  • 2060655 - ET INFO Data-Public-Key and Data-Blocked-Page in HTTP Response (info.rules)
  • 2060656 - ET INFO HTTP API Request to Events Endpoint with X-Public-Key header (info.rules)
  • 2060657 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (agroecologyguide .digital) (malware.rules)
  • 2060658 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (agroecologyguide .digital) in TLS SNI (malware.rules)
  • 2060659 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cropcircleforum .today) (malware.rules)
  • 2060660 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cropcircleforum .today) in TLS SNI (malware.rules)
  • 2060661 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drunkeflavorz .pw) (malware.rules)
  • 2060662 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drunkeflavorz .pw) in TLS SNI (malware.rules)
  • 2060663 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (farfinable .top) (malware.rules)
  • 2060664 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (farfinable .top) in TLS SNI (malware.rules)
  • 2060665 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (seedsxouts .shop) (malware.rules)
  • 2060666 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (seedsxouts .shop) in TLS SNI (malware.rules)
  • 2060667 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wriggleregisterycos .pw) (malware.rules)
  • 2060668 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wriggleregisterycos .pw) in TLS SNI (malware.rules)
  • 2060669 - ET MALWARE AsyncRAT Installer Payload Request (malware.rules)
  • 2060670 - ET MALWARE AsyncRAT Victim Checkin (malware.rules)

Pro:

  • 2860577 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2860578 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)