Ruleset Update Summary - 2025/03/07 - v10874

rulesbot · March 7, 2025, 9:21pm

Summary:

19 new OPEN, 19 new PRO (19 + 0)

Added rules:

Open:

2060671 - ET WEB_SPECIFIC_APPS Cisco ASA/FTD Memory Leak Attempt (CVE-2020-3259) (web_specific_apps.rules)
2060672 - ET ATTACK_RESPONSE ClickFix MSHTA Command Inbound (attack_response.rules)
2060673 - ET MALWARE Observed POST to ClickFix Style URI M1 (malware.rules)
2060674 - ET ATTACK_RESPONSE ClickFix CnC Response (Click Logged Successfully) (attack_response.rules)
2060675 - ET MALWARE Observed GET to ClickFix Style URI M1 (malware.rules)
2060676 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (medicamentsbonmarche .top) (exploit_kit.rules)
2060677 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (medicamentsbonmarche .top) (exploit_kit.rules)
2060678 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (mallternet .com) (exploit_kit.rules)
2060679 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (mallternet .com) (exploit_kit.rules)
2060680 - ET MALWARE Observed DNS Query to ClickFix Domain (lydbonkersbimpjc .blogspot .com) (malware.rules)
2060681 - ET MALWARE Observed DNS Query to ClickFix Domain (bookimanagerev .com) (malware.rules)
2060682 - ET MALWARE Observed DNS Query to ClickFix Domain (cpth-cant .com) (malware.rules)
2060683 - ET MALWARE Observed ClickFix Domain (lydbonkersbimpjc .blogspot .com in TLS SNI) (malware.rules)
2060684 - ET MALWARE Observed ClickFix Domain (bookimanagerev .com in TLS SNI) (malware.rules)
2060685 - ET MALWARE Observed ClickFix Domain (cpth-cant .com in TLS SNI) (malware.rules)
2060686 - ET INFO DYNAMIC_DNS Query to a *.komodojantan .com domain (info.rules)
2060687 - ET INFO DYNAMIC_DNS HTTP Request to a *.komodojantan .com domain (info.rules)
2060688 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (hrewsburysocialclub .org) (malware.rules)
2060689 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (hrewsburysocialclub .org) (malware.rules)

Disabled and modified rules:

2054280 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (unwielldyzpwo .shop) (malware.rules)
2054282 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (stationacutwo .shop) (malware.rules)
2054284 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (invisibledovereats .shop) (malware.rules)
2054366 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (arritswpoewroso .shop) (malware.rules)
2054368 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (dancecmapleadsjwk .shop) (malware.rules)
2054370 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (gogobad .fun) (malware.rules)
2054372 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (curtainjors .fun) (malware.rules)
2054374 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (civilizzzationo .shop) (malware.rules)
2054376 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (citizencenturygoodwk .shop) (malware.rules)
2054467 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (applyzxcksdia .shop) (malware.rules)
2054469 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (arriveoxpzxo .shop) (malware.rules)
2054471 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bindceasdiwozx .shop) (malware.rules)
2054473 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (catchddkxozvp .shop) (malware.rules)
2054475 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (conformfucdioz .shop) (malware.rules)
2054477 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (contemplateodszsv .shop) (malware.rules)
2054479 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (declaredczxi .shop) (malware.rules)
2054481 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (excellentdiwdu .shop) (malware.rules)
2054483 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (handyxczos .shop) (malware.rules)
2054485 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (piedsiggnycliquieaw .shop) (malware.rules)
2054487 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (replacedoxcjzp .shop) (malware.rules)
2054489 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (respectabledpcs .shop) (malware.rules)
2054496 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (requestyex .shop) (malware.rules)
2054627 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (freezetdopzx .shop) (malware.rules)
2054628 - ET MALWARE Observed Lumma Stealer Related Domain (freezetdopzx .shop in TLS SNI) (malware.rules)
2054629 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (hookybeamngwskow .xyz) (malware.rules)
2054630 - ET MALWARE Observed Lumma Stealer Related Domain (hookybeamngwskow .xyz in TLS SNI) (malware.rules)
2054631 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (nobledpcowep .shop) (malware.rules)
2054632 - ET MALWARE Observed Lumma Stealer Related Domain (nobledpcowep .shop in TLS SNI) (malware.rules)
2054669 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (importancedopz .shop) (malware.rules)
2054670 - ET MALWARE Observed Lumma Stealer Related Domain (importancedopz .shop in TLS SNI) (malware.rules)
2054671 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (spliceszongsop .shop) (malware.rules)
2054672 - ET MALWARE Observed Lumma Stealer Related Domain (spliceszongsop .shop in TLS SNI) (malware.rules)
2054673 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (warrantelespsz .shop) (malware.rules)
2054674 - ET MALWARE Observed Lumma Stealer Related Domain (warrantelespsz .shop in TLS SNI) (malware.rules)
2054675 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bravedreacisopm .shop) (malware.rules)
2054676 - ET MALWARE Observed Lumma Stealer Related Domain (bravedreacisopm .shop in TLS SNI) (malware.rules)
2054677 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (shellfyyousdjz .shop) (malware.rules)
2054678 - ET MALWARE Observed Lumma Stealer Related Domain (shellfyyousdjz .shop in TLS SNI) (malware.rules)
2054679 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (broccoltisop .shop) (malware.rules)
2054680 - ET MALWARE Observed Lumma Stealer Related Domain (broccoltisop .shop in TLS SNI) (malware.rules)
2054681 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (grassytaisol .shop) (malware.rules)
2054682 - ET MALWARE Observed Lumma Stealer Related Domain (grassytaisol .shop in TLS SNI) (malware.rules)
2054683 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (stimultaionsppzv .shop) (malware.rules)
2054684 - ET MALWARE Observed Lumma Stealer Related Domain (stimultaionsppzv .shop in TLS SNI) (malware.rules)
2054685 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (parntorpkxzlp .shop) (malware.rules)
2054686 - ET MALWARE Observed Lumma Stealer Related Domain (parntorpkxzlp .shop in TLS SNI) (malware.rules)
2054687 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (effectivedoxzj .shop) (malware.rules)
2054688 - ET MALWARE Observed Lumma Stealer Related Domain (effectivedoxzj .shop in TLS SNI) (malware.rules)
2054689 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (horizonvxjis .shop) (malware.rules)
2054690 - ET MALWARE Observed Lumma Stealer Related Domain (horizonvxjis .shop in TLS SNI) (malware.rules)
2054691 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (disappearsodsz .shop) (malware.rules)
2054692 - ET MALWARE Observed Lumma Stealer Related Domain (disappearsodsz .shop in TLS SNI) (malware.rules)
2054693 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (teentytinyjeo .shop) (malware.rules)
2054694 - ET MALWARE Observed Lumma Stealer Related Domain (teentytinyjeo .shop in TLS SNI) (malware.rules)
2054695 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (advertisedszp .shop) (malware.rules)
2054696 - ET MALWARE Observed Lumma Stealer Related Domain (advertisedszp .shop in TLS SNI) (malware.rules)
2054705 - ET MALWARE SocGholish Domain in DNS Lookup (books .friendsofthefolsomlibrary .org) (malware.rules)
2054722 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (kaminiasbbefow .shop) (malware.rules)
2054723 - ET MALWARE Observed Lumma Stealer Related Domain (kaminiasbbefow .shop in TLS SNI) (malware.rules)
2054724 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (oventoolyeditiiow .xyz) (malware.rules)
2054725 - ET MALWARE Observed Lumma Stealer Related Domain (oventoolyeditiiow .xyz in TLS SNI) (malware.rules)
2054757 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (dividenntyss .shop) (malware.rules)
2054758 - ET MALWARE Observed Lumma Stealer Related Domain (dividenntyss .shop in TLS SNI) (malware.rules)
2054759 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (paradexjdoa .shop) (malware.rules)
2054760 - ET MALWARE Observed Lumma Stealer Related Domain (paradexjdoa .shop in TLS SNI) (malware.rules)
2054761 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ammycanedpors .shop) (malware.rules)
2054762 - ET MALWARE Observed Lumma Stealer Related Domain (ammycanedpors .shop in TLS SNI) (malware.rules)
2054763 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (egorepetiiiosn .shop) (malware.rules)
2054764 - ET MALWARE Observed Lumma Stealer Related Domain (egorepetiiiosn .shop in TLS SNI) (malware.rules)
2054765 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (faceddullinhs .shop) (malware.rules)
2054766 - ET MALWARE Observed Lumma Stealer Related Domain (faceddullinhs .shop in TLS SNI) (malware.rules)
2054767 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (shootydowtqosm .shop) (malware.rules)
2054768 - ET MALWARE Observed Lumma Stealer Related Domain (shootydowtqosm .shop in TLS SNI) (malware.rules)
2054769 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (triallyforwhgh .shop) (malware.rules)
2054770 - ET MALWARE Observed Lumma Stealer Related Domain (triallyforwhgh .shop in TLS SNI) (malware.rules)
2054771 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (illnesmunxkza .shop) (malware.rules)
2054772 - ET MALWARE Observed Lumma Stealer Related Domain (illnesmunxkza .shop in TLS SNI) (malware.rules)
2054773 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (chequedxmznp .shop) (malware.rules)
2054774 - ET MALWARE Observed Lumma Stealer Related Domain (chequedxmznp .shop in TLS SNI) (malware.rules)
2054775 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (shelterryujxo .shop) (malware.rules)
2054776 - ET MALWARE Observed Lumma Stealer Related Domain (shelterryujxo .shop in TLS SNI) (malware.rules)
2054777 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (supportyattraos .shop) (malware.rules)
2054778 - ET MALWARE Observed Lumma Stealer Related Domain (supportyattraos .shop in TLS SNI) (malware.rules)
2054786 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (celosiapatroen .shop) (malware.rules)
2054787 - ET MALWARE Observed Lumma Stealer Related Domain (celosiapatroen .shop in TLS SNI) (malware.rules)
2054788 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (flyyedreplacodp .shop) (malware.rules)
2054789 - ET MALWARE Observed Lumma Stealer Related Domain (flyyedreplacodp .shop in TLS SNI) (malware.rules)
2054790 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (weaknessmznxo .shop) (malware.rules)
2054791 - ET MALWARE Observed Lumma Stealer Related Domain (weaknessmznxo .shop in TLS SNI) (malware.rules)
2054868 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (assumedtribsosp .shop) (malware.rules)
2054869 - ET MALWARE Observed Lumma Stealer Related Domain (assumedtribsosp .shop in TLS SNI) (malware.rules)
2054870 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (boattyownerwrv .shop) (malware.rules)
2054871 - ET MALWARE Observed Lumma Stealer Related Domain (boattyownerwrv .shop in TLS SNI) (malware.rules)
2054872 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (budgetttysnzm .shop) (malware.rules)
2054873 - ET MALWARE Observed Lumma Stealer Related Domain (budgetttysnzm .shop in TLS SNI) (malware.rules)
2054874 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (chippyfroggsyhz .shop) (malware.rules)
2054875 - ET MALWARE Observed Lumma Stealer Related Domain (chippyfroggsyhz .shop in TLS SNI) (malware.rules)
2054876 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (creepydxzoxmj .shop) (malware.rules)
2054877 - ET MALWARE Observed Lumma Stealer Related Domain (creepydxzoxmj .shop in TLS SNI) (malware.rules)
2054878 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (definitonizmnx .shop) (malware.rules)
2054879 - ET MALWARE Observed Lumma Stealer Related Domain (definitonizmnx .shop in TLS SNI) (malware.rules)
2054880 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (empiredzmwnx .shop) (malware.rules)
2054881 - ET MALWARE Observed Lumma Stealer Related Domain (empiredzmwnx .shop in TLS SNI) (malware.rules)
2054882 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (occurrmensipz .shop) (malware.rules)
2054883 - ET MALWARE Observed Lumma Stealer Related Domain (occurrmensipz .shop in TLS SNI) (malware.rules)
2054884 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (outfittydadop .shop) (malware.rules)
2054885 - ET MALWARE Observed Lumma Stealer Related Domain (outfittydadop .shop in TLS SNI) (malware.rules)
2054886 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (rainbowmynsjn .shop) (malware.rules)
2054887 - ET MALWARE Observed Lumma Stealer Related Domain (rainbowmynsjn .shop in TLS SNI) (malware.rules)
2054888 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sulphurhsum .shop) (malware.rules)
2054889 - ET MALWARE Observed Lumma Stealer Related Domain (sulphurhsum .shop in TLS SNI) (malware.rules)
2054941 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (clouddycuiomsnz .shop) (malware.rules)
2054942 - ET MALWARE Observed Lumma Stealer Related Domain (clouddycuiomsnz .shop in TLS SNI) (malware.rules)
2054950 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (quialitsuzoxm .shop) (malware.rules)
2054951 - ET MALWARE Observed Lumma Stealer Related Domain (quialitsuzoxm .shop in TLS SNI) (malware.rules)
2054952 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (complaintsipzzx .shop) (malware.rules)
2054953 - ET MALWARE Observed Lumma Stealer Related Domain (complaintsipzzx .shop in TLS SNI) (malware.rules)
2054954 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (languagedscie .shop) (malware.rules)
2054955 - ET MALWARE Observed Lumma Stealer Related Domain (languagedscie .shop in TLS SNI) (malware.rules)
2054956 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mennyudosirso .shop) (malware.rules)
2054957 - ET MALWARE Observed Lumma Stealer Related Domain (mennyudosirso .shop in TLS SNI) (malware.rules)
2054958 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bassizcellskz .shop) (malware.rules)
2054959 - ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI) (malware.rules)
2054960 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deallerospfosu .shop) (malware.rules)
2054961 - ET MALWARE Observed Lumma Stealer Related Domain (deallerospfosu .shop in TLS SNI) (malware.rules)
2054962 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (writerospzm .shop) (malware.rules)
2054963 - ET MALWARE Observed Lumma Stealer Related Domain (writerospzm .shop in TLS SNI) (malware.rules)
2054964 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (celebratioopz .shop) (malware.rules)
2054965 - ET MALWARE Observed Lumma Stealer Related Domain (celebratioopz .shop in TLS SNI) (malware.rules)
2054966 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pieddfreedinsu .shop) (malware.rules)
2054967 - ET MALWARE Observed Lumma Stealer Related Domain (pieddfreedinsu .shop in TLS SNI) (malware.rules)
2054993 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ballottynsjm .shop) (malware.rules)
2054994 - ET MALWARE Observed Lumma Stealer Related Domain (ballottynsjm .shop in TLS SNI) (malware.rules)
2054995 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (demandlinzei .shop) (malware.rules)
2054996 - ET MALWARE Observed Lumma Stealer Related Domain (demandlinzei .shop in TLS SNI) (malware.rules)
2054997 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (technologggisp .shop) (malware.rules)
2054998 - ET MALWARE Observed Lumma Stealer Related Domain (technologggisp .shop in TLS SNI) (malware.rules)
2054999 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (whimiscallysmmzn .shop) (malware.rules)
2055000 - ET MALWARE Observed Lumma Stealer Related Domain (whimiscallysmmzn .shop in TLS SNI) (malware.rules)
2055068 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (stomachoverwis .shop) (malware.rules)
2055069 - ET MALWARE Observed Lumma Stealer Related Domain (stomachoverwis .shop in TLS SNI) (malware.rules)
2055201 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (berserkydosom .shop) (malware.rules)
2055202 - ET MALWARE Observed Lumma Stealer Related Domain (berserkydosom .shop in TLS SNI) (malware.rules)
2055203 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (clearrypalsidn .shop) (malware.rules)
2055204 - ET MALWARE Observed Lumma Stealer Related Domain (clearrypalsidn .shop in TLS SNI) (malware.rules)
2055205 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (negotationpxczp .shop) (malware.rules)
2055206 - ET MALWARE Observed Lumma Stealer Related Domain (negotationpxczp .shop in TLS SNI) (malware.rules)
2055228 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cancedhoeysopzv .shop) (malware.rules)
2055229 - ET MALWARE Observed Lumma Stealer Related Domain (cancedhoeysopzv .shop in TLS SNI) (malware.rules)
2055230 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (enthusiandsi .shop) (malware.rules)
2055231 - ET MALWARE Observed Lumma Stealer Related Domain (enthusiandsi .shop in TLS SNI) (malware.rules)
2055276 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (roundpleaddso .shop) (malware.rules)
2055277 - ET MALWARE Observed Lumma Stealer Related Domain (roundpleaddso .shop in TLS SNI) (malware.rules)
2055278 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (slamcopynammeks .shop) (malware.rules)
2055279 - ET MALWARE Observed Lumma Stealer Related Domain (slamcopynammeks .shop in TLS SNI) (malware.rules)
2055291 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cagedwifedsozm .shop) (malware.rules)
2055292 - ET MALWARE Observed Lumma Stealer Related Domain (cagedwifedsozm .shop in TLS SNI) (malware.rules)
2055293 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (charecteristicdxp .shop) (malware.rules)
2055294 - ET MALWARE Observed Lumma Stealer Related Domain (charecteristicdxp .shop in TLS SNI) (malware.rules)
2055295 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (consciousourwi .shop) (malware.rules)
2055296 - ET MALWARE Observed Lumma Stealer Related Domain (consciousourwi .shop in TLS SNI) (malware.rules)
2055297 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deicedosmzj .shop) (malware.rules)
2055298 - ET MALWARE Observed Lumma Stealer Related Domain (deicedosmzj .shop in TLS SNI) (malware.rules)
2055299 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (interactiedovspm .shop) (malware.rules)
2055300 - ET MALWARE Observed Lumma Stealer Related Domain (interactiedovspm .shop in TLS SNI) (malware.rules)
2055301 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (potentioallykeos .shop) (malware.rules)
2055302 - ET MALWARE Observed Lumma Stealer Related Domain (potentioallykeos .shop in TLS SNI) (malware.rules)
2055303 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (southedhiscuso .shop) (malware.rules)
2055304 - ET MALWARE Observed Lumma Stealer Related Domain (southedhiscuso .shop in TLS SNI) (malware.rules)
2055305 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (torubleeodsmzo .shop) (malware.rules)
2055306 - ET MALWARE Observed Lumma Stealer Related Domain (torubleeodsmzo .shop in TLS SNI) (malware.rules)
2055307 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (weiggheticulop .shop) (malware.rules)
2055308 - ET MALWARE Observed Lumma Stealer Related Domain (weiggheticulop .shop in TLS SNI) (malware.rules)
2055319 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (abandonnyskop .shop) (malware.rules)
2055320 - ET MALWARE Observed Lumma Stealer Related Domain (abandonnyskop .shop in TLS SNI) (malware.rules)
2055321 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (beatablydoxzcop .shop) (malware.rules)
2055322 - ET MALWARE Observed Lumma Stealer Related Domain (beatablydoxzcop .shop in TLS SNI) (malware.rules)
2055323 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (episodepspzmp .shop) (malware.rules)
2055324 - ET MALWARE Observed Lumma Stealer Related Domain (episodepspzmp .shop in TLS SNI) (malware.rules)
2055325 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (futureddospzmvq .shop) (malware.rules)
2055326 - ET MALWARE Observed Lumma Stealer Related Domain (futureddospzmvq .shop in TLS SNI) (malware.rules)
2055327 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (guuynsqpwsima .shop) (malware.rules)
2055328 - ET MALWARE Observed Lumma Stealer Related Domain (guuynsqpwsima .shop in TLS SNI) (malware.rules)
2055329 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (polyctendizxcop .shop) (malware.rules)
2055330 - ET MALWARE Observed Lumma Stealer Related Domain (polyctendizxcop .shop in TLS SNI) (malware.rules)
2055331 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (revivewronggykwos .xyz) (malware.rules)
2055332 - ET MALWARE Observed Lumma Stealer Related Domain (revivewronggykwos .xyz in TLS SNI) (malware.rules)
2055333 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sensitivyitszv .shop) (malware.rules)
2055334 - ET MALWARE Observed Lumma Stealer Related Domain (sensitivyitszv .shop in TLS SNI) (malware.rules)
2055335 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (solutionpxmuzo .shop) (malware.rules)
2055336 - ET MALWARE Observed Lumma Stealer Related Domain (solutionpxmuzo .shop in TLS SNI) (malware.rules)
2055377 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (miracledzmnqwui .shop) (malware.rules)
2055378 - ET MALWARE Observed Lumma Stealer Related Domain (miracledzmnqwui .shop in TLS SNI) (malware.rules)
2055387 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (paperryszjxuo .shop) (malware.rules)
2055388 - ET MALWARE Observed Lumma Stealer Related Domain (paperryszjxuo .shop in TLS SNI) (malware.rules)
2055389 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (riffledopspzio .shop) (malware.rules)
2055390 - ET MALWARE Observed Lumma Stealer Related Domain (riffledopspzio .shop in TLS SNI) (malware.rules)
2055526 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (onionoowzwqm .shop) (malware.rules)
2055527 - ET MALWARE Observed Lumma Stealer Related Domain (onionoowzwqm .shop in TLS SNI) (malware.rules)
2055528 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (upsettymsnqwk .shop) (malware.rules)
2055529 - ET MALWARE Observed Lumma Stealer Related Domain (upsettymsnqwk .shop in TLS SNI) (malware.rules)
2055575 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (awwardwiqi .shop) (malware.rules)
2055576 - ET MALWARE Observed Lumma Stealer Related Domain (awwardwiqi .shop in TLS SNI) (malware.rules)
2055577 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (glisteniingwiw .shop) (malware.rules)
2055578 - ET MALWARE Observed Lumma Stealer Related Domain (glisteniingwiw .shop in TLS SNI) (malware.rules)
2055579 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (insistytriro .shop) (malware.rules)
2055580 - ET MALWARE Observed Lumma Stealer Related Domain (insistytriro .shop in TLS SNI) (malware.rules)
2055602 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (assumptionflattyou .shop) (malware.rules)
2055603 - ET MALWARE Observed Lumma Stealer Related Domain (assumptionflattyou .shop in TLS SNI) (malware.rules)
2055604 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deteriotraiwo .shop) (malware.rules)
2055605 - ET MALWARE Observed Lumma Stealer Related Domain (deteriotraiwo .shop in TLS SNI) (malware.rules)
2055606 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (diamonykeqpwm .shop) (malware.rules)
2055607 - ET MALWARE Observed Lumma Stealer Related Domain (diamonykeqpwm .shop in TLS SNI) (malware.rules)
2055608 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (excavtaionps .shop) (malware.rules)
2055609 - ET MALWARE Observed Lumma Stealer Related Domain (excavtaionps .shop in TLS SNI) (malware.rules)
2055642 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (approoverowps .shop) (malware.rules)
2055643 - ET MALWARE Observed Lumma Stealer Related Domain (approoverowps .shop in TLS SNI) (malware.rules)
2055698 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (applieddyooqnz .shop) (malware.rules)
2055699 - ET MALWARE Observed Lumma Stealer Related Domain (applieddyooqnz .shop in TLS SNI) (malware.rules)
2055700 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ensuredqsnjqk .shop) (malware.rules)
2055701 - ET MALWARE Observed Lumma Stealer Related Domain (ensuredqsnjqk .shop in TLS SNI) (malware.rules)
2055702 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (iserjpcektoq .shop) (malware.rules)
2055703 - ET MALWARE Observed Lumma Stealer Related Domain (iserjpcektoq .shop in TLS SNI) (malware.rules)
2055704 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tibedowqmwo .shop) (malware.rules)
2055705 - ET MALWARE Observed Lumma Stealer Related Domain (tibedowqmwo .shop in TLS SNI) (malware.rules)
2055742 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bassicnuadnwi .shop) (malware.rules)
2055743 - ET MALWARE Observed Lumma Stealer Related Domain (bassicnuadnwi .shop in TLS SNI) (malware.rules)
2055744 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (extorteauhhwigw .shop) (malware.rules)
2055745 - ET MALWARE Observed Lumma Stealer Related Domain (extorteauhhwigw .shop in TLS SNI) (malware.rules)
2055746 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (femininedspzmhu .shop) (malware.rules)
2055747 - ET MALWARE Observed Lumma Stealer Related Domain (femininedspzmhu .shop in TLS SNI) (malware.rules)
2055748 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (limitadmitiwo .shop) (malware.rules)
2055749 - ET MALWARE Observed Lumma Stealer Related Domain (limitadmitiwo .shop in TLS SNI) (malware.rules)
2055750 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (tiggerstrhekk .shop) (malware.rules)
2055751 - ET MALWARE Observed Lumma Stealer Related Domain (tiggerstrhekk .shop in TLS SNI) (malware.rules)
2055752 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (unawaredfostwp .shop) (malware.rules)
2055753 - ET MALWARE Observed Lumma Stealer Related Domain (unawaredfostwp .shop in TLS SNI) (malware.rules)
2055762 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (circullateiosn .shop) (malware.rules)
2055763 - ET MALWARE Observed Lumma Stealer Related Domain (circullateiosn .shop in TLS SNI) (malware.rules)
2055764 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (powderquattterwso .shop) (malware.rules)
2055765 - ET MALWARE Observed Lumma Stealer Related Domain (powderquattterwso .shop in TLS SNI) (malware.rules)
2055771 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (druggywuop .shop) (malware.rules)
2055772 - ET MALWARE Observed Lumma Stealer Related Domain (druggywuop .shop in TLS SNI) (malware.rules)
2055775 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (commisionipwn .shop) (malware.rules)
2055776 - ET MALWARE Observed Lumma Stealer Related Domain (commisionipwn .shop in TLS SNI) (malware.rules)
2055777 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ignoracndwko .shop) (malware.rules)
2055778 - ET MALWARE Observed Lumma Stealer Related Domain (ignoracndwko .shop in TLS SNI) (malware.rules)
2055779 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (grassemenwji .shop) (malware.rules)
2055780 - ET MALWARE Observed Lumma Stealer Related Domain (grassemenwji .shop in TLS SNI) (malware.rules)
2055781 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (stitchmiscpaew .shop) (malware.rules)
2055782 - ET MALWARE Observed Lumma Stealer Related Domain (stitchmiscpaew .shop in TLS SNI) (malware.rules)
2055783 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (charistmatwio .shop) (malware.rules)
2055784 - ET MALWARE Observed Lumma Stealer Related Domain (charistmatwio .shop in TLS SNI) (malware.rules)
2055785 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (basedsymsotp .shop) (malware.rules)
2055786 - ET MALWARE Observed Lumma Stealer Related Domain (basedsymsotp .shop in TLS SNI) (malware.rules)
2055787 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (complainnykso .shop) (malware.rules)
2055788 - ET MALWARE Observed Lumma Stealer Related Domain (complainnykso .shop in TLS SNI) (malware.rules)
2055789 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (preachstrwnwjw .shop) (malware.rules)
2055790 - ET MALWARE Observed Lumma Stealer Related Domain (preachstrwnwjw .shop in TLS SNI) (malware.rules)
2055791 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (obstacleosdsapq .shop) (malware.rules)
2055792 - ET MALWARE Observed Lumma Stealer Related Domain (obstacleosdsapq .shop in TLS SNI) (malware.rules)
2055793 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (predatowpmn .shop) (malware.rules)
2055794 - ET MALWARE Observed Lumma Stealer Related Domain (predatowpmn .shop in TLS SNI) (malware.rules)
2055812 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (glassestacwop .shop) (malware.rules)
2055813 - ET MALWARE Observed Lumma Stealer Related Domain (glassestacwop .shop in TLS SNI) (malware.rules)
2055826 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absentcurtaino .shop) (malware.rules)
2055827 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (absentcurtaino .shop in TLS SNI) (malware.rules)
2055834 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sentistivowmi .shop) (malware.rules)
2055835 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sentistivowmi .shop in TLS SNI) (malware.rules)
2055857 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eggyosmdqnjo .shop) (malware.rules)
2055858 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eggyosmdqnjo .shop in TLS SNI) (malware.rules)
2055859 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hennyrelatie .shop) (malware.rules)
2055860 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hennyrelatie .shop in TLS SNI) (malware.rules)
2055861 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (planntyitemiw .shop) (malware.rules)
2055862 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (planntyitemiw .shop in TLS SNI) (malware.rules)
2055863 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (proffoduwnuq .shop) (malware.rules)
2055864 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (proffoduwnuq .shop in TLS SNI) (malware.rules)
2055865 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrappyprotesp .shop) (malware.rules)
2055866 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrappyprotesp .shop in TLS SNI) (malware.rules)
2055879 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop) (malware.rules)
2055880 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI) (malware.rules)
2055881 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (keennylrwmqlw .shop) (malware.rules)
2055882 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (keennylrwmqlw .shop in TLS SNI) (malware.rules)
2055883 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licenseodqwmqn .shop) (malware.rules)
2055884 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (licenseodqwmqn .shop in TLS SNI) (malware.rules)
2055885 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reggwardssdqw .shop) (malware.rules)
2055886 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reggwardssdqw .shop in TLS SNI) (malware.rules)
2055887 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (relaxatinownio .shop) (malware.rules)
2055888 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (relaxatinownio .shop in TLS SNI) (malware.rules)
2055889 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (salvaitoynwo .shop) (malware.rules)
2055890 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (salvaitoynwo .shop in TLS SNI) (malware.rules)
2055891 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tendencctywop .shop) (malware.rules)
2055892 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tendencctywop .shop in TLS SNI) (malware.rules)
2055893 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tesecuuweqo .shop) (malware.rules)
2055894 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tesecuuweqo .shop in TLS SNI) (malware.rules)
2055895 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tryyudjasudqo .shop) (malware.rules)
2055896 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tryyudjasudqo .shop in TLS SNI) (malware.rules)
2055910 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (analystuysowp .shop) (malware.rules)
2055911 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (analystuysowp .shop in TLS SNI) (malware.rules)
2055912 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (empiredmnuowq .shop) (malware.rules)
2055913 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (empiredmnuowq .shop in TLS SNI) (malware.rules)
2055914 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tropicalironexpressiw .shop) (malware.rules)
2055915 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tropicalironexpressiw .shop in TLS SNI) (malware.rules)
2055985 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (liversymbwqp .shop) (malware.rules)
2055986 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (liversymbwqp .shop in TLS SNI) (malware.rules)
2055987 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (polishuwqiwom .shop) (malware.rules)
2055988 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (polishuwqiwom .shop in TLS SNI) (malware.rules)
2056004 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (achievenmtynwjq .shop) (malware.rules)
2056005 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (achievenmtynwjq .shop in TLS SNI) (malware.rules)
2056006 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (carrtychaintnyw .shop) (malware.rules)
2056007 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (carrtychaintnyw .shop in TLS SNI) (malware.rules)
2056008 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chickerkuso .shop) (malware.rules)
2056009 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (chickerkuso .shop in TLS SNI) (malware.rules)
2056010 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (contractowno .shop) (malware.rules)
2056011 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (contractowno .shop in TLS SNI) (malware.rules)
2056012 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dumpliportiwo .shop) (malware.rules)
2056013 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dumpliportiwo .shop in TLS SNI) (malware.rules)
2056014 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (metallygaricwo .shop) (malware.rules)
2056015 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (metallygaricwo .shop in TLS SNI) (malware.rules)
2056016 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (milldymarskwom .shop) (malware.rules)
2056017 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (milldymarskwom .shop in TLS SNI) (malware.rules)
2056018 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (opponnentduei .shop) (malware.rules)
2056019 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (opponnentduei .shop in TLS SNI) (malware.rules)
2056020 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (puredoffustow .shop) (malware.rules)
2056021 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (puredoffustow .shop in TLS SNI) (malware.rules)
2056022 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionmwq .shop) (malware.rules)
2056023 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionmwq .shop in TLS SNI) (malware.rules)
2056024 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (quotamkdsdqo .shop) (malware.rules)
2056025 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (quotamkdsdqo .shop in TLS SNI) (malware.rules)
2056036 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appleboltelwk .shop) (malware.rules)
2056037 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (appleboltelwk .shop in TLS SNI) (malware.rules)
2056038 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bearrytankkewo .shop) (malware.rules)
2056039 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bearrytankkewo .shop in TLS SNI) (malware.rules)
2056040 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (captainynfanw .shop) (malware.rules)
2056041 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (captainynfanw .shop in TLS SNI) (malware.rules)
2056042 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (coursedonnyre .shop) (malware.rules)
2056043 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (coursedonnyre .shop in TLS SNI) (malware.rules)
2056044 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discoveriwm .shop) (malware.rules)
2056045 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discoveriwm .shop in TLS SNI) (malware.rules)
2056046 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fossillargeiw .shop) (malware.rules)
2056047 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fossillargeiw .shop in TLS SNI) (malware.rules)
2056048 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lootebarrkeyn .shop) (malware.rules)
2056049 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lootebarrkeyn .shop in TLS SNI) (malware.rules)
2056050 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pilotyiess .shop) (malware.rules)
2056051 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pilotyiess .shop in TLS SNI) (malware.rules)
2056052 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (strappystyio .shop) (malware.rules)
2056053 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (strappystyio .shop in TLS SNI) (malware.rules)
2056054 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (surveriysiop .shop) (malware.rules)
2056055 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (surveriysiop .shop in TLS SNI) (malware.rules)
2056056 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tearrybyiwo .shop) (malware.rules)
2056057 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tearrybyiwo .shop in TLS SNI) (malware.rules)
2056058 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tendencerangej .shop) (malware.rules)
2056059 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tendencerangej .shop in TLS SNI) (malware.rules)
2056060 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trolleyrreiwn .shop) (malware.rules)
2056061 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (trolleyrreiwn .shop in TLS SNI) (malware.rules)
2056062 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vannysiidwq .shop) (malware.rules)
2056063 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vannysiidwq .shop in TLS SNI) (malware.rules)
2056064 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (surroundeocw .shop) (malware.rules)
2056065 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (surroundeocw .shop in TLS SNI) (malware.rules)
2056066 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covvercilverow .shop) (malware.rules)
2056067 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (covvercilverow .shop in TLS SNI) (malware.rules)
2056068 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abortinoiwiam .shop) (malware.rules)
2056069 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (abortinoiwiam .shop in TLS SNI) (malware.rules)
2056070 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pumpkinkwquo .shop) (malware.rules)
2056071 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pumpkinkwquo .shop in TLS SNI) (malware.rules)
2056072 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (priooozekw .shop) (malware.rules)
2056073 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (priooozekw .shop in TLS SNI) (malware.rules)
2056074 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deallyharvenw .shop) (malware.rules)
2056075 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deallyharvenw .shop in TLS SNI) (malware.rules)
2056076 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (defenddsouneuw .shop) (malware.rules)
2056077 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (defenddsouneuw .shop in TLS SNI) (malware.rules)
2056078 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (racedsuitreow .shop) (malware.rules)
2056079 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (racedsuitreow .shop in TLS SNI) (malware.rules)
2056099 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (admissionfaccen .shop) (malware.rules)
2056100 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (admissionfaccen .shop in TLS SNI) (malware.rules)
2056101 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mizzerablekmo .shop) (malware.rules)
2056102 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mizzerablekmo .shop in TLS SNI) (malware.rules)
2056150 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) (malware.rules)
2056151 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) (malware.rules)
2056152 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) (malware.rules)
2056153 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) (malware.rules)
2056154 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) (malware.rules)
2056155 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) (malware.rules)
2056156 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) (malware.rules)
2056157 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) (malware.rules)
2056158 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) (malware.rules)
2056159 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) (malware.rules)
2056160 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) (malware.rules)
2056161 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) (malware.rules)
2056162 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) (malware.rules)
2056163 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) (malware.rules)
2056164 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) (malware.rules)
2056165 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) (malware.rules)
2056168 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (literacyhangwk .shop) (malware.rules)
2056169 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (literacyhangwk .shop in TLS SNI) (malware.rules)
2056170 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (roaddrermncomplai .shop) (malware.rules)
2056171 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (roaddrermncomplai .shop in TLS SNI) (malware.rules)
2056172 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tiddymarktwo .shop) (malware.rules)
2056173 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tiddymarktwo .shop in TLS SNI) (malware.rules)
2056174 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trustterwowqm .shop) (malware.rules)
2056175 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (trustterwowqm .shop in TLS SNI) (malware.rules)
2056176 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wallkedsleeoi .shop) (malware.rules)
2056177 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wallkedsleeoi .shop in TLS SNI) (malware.rules)
2056185 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (liedshorqwi .shop) (malware.rules)
2056186 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (liedshorqwi .shop in TLS SNI) (malware.rules)
2056187 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moduledfahhhiov .shop) (malware.rules)
2056188 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (moduledfahhhiov .shop in TLS SNI) (malware.rules)
2056189 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (punisshepuredo .shop) (malware.rules)
2056190 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (punisshepuredo .shop in TLS SNI) (malware.rules)
2056191 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (teenylogicod .shop) (malware.rules)
2056192 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (teenylogicod .shop in TLS SNI) (malware.rules)
2056193 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tenseddrywsqio .shop) (malware.rules)
2056194 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tenseddrywsqio .shop in TLS SNI) (malware.rules)
2056195 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (videobenefdii .shop) (malware.rules)
2056196 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (videobenefdii .shop in TLS SNI) (malware.rules)
2056311 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resstyeggeuo .shop) (malware.rules)
2056312 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resstyeggeuo .shop in TLS SNI) (malware.rules)
2056313 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (riderratttinow .shop) (malware.rules)
2056314 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (riderratttinow .shop in TLS SNI) (malware.rules)
2056324 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (agentyanlark .site) (malware.rules)
2056325 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (agentyanlark .site in TLS SNI) (malware.rules)
2056326 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (annthostiledm .shop) (malware.rules)
2056327 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (annthostiledm .shop in TLS SNI) (malware.rules)
2056328 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellykmrebk .site) (malware.rules)
2056329 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bellykmrebk .site in TLS SNI) (malware.rules)
2056330 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bundledborne .shop) (malware.rules)
2056331 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bundledborne .shop in TLS SNI) (malware.rules)
2056332 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (candleduseiwo .shop) (malware.rules)
2056333 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (candleduseiwo .shop in TLS SNI) (malware.rules)
2056334 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (commandejorsk .site) (malware.rules)
2056335 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (commandejorsk .site in TLS SNI) (malware.rules)
2056336 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (delaylacedmn .site) (malware.rules)
2056337 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (delaylacedmn .site in TLS SNI) (malware.rules)
2056338 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (famikyjdiag .site) (malware.rules)
2056339 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (famikyjdiag .site in TLS SNI) (malware.rules)
2056340 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (possiwreeste .site) (malware.rules)
2056341 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (possiwreeste .site in TLS SNI) (malware.rules)
2056342 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (termyfencdw .site) (malware.rules)
2056343 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (termyfencdw .site in TLS SNI) (malware.rules)
2056344 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (underlinemdsj .site) (malware.rules)
2056345 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (underlinemdsj .site in TLS SNI) (malware.rules)
2056346 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (writekdmsnu .site) (malware.rules)
2056347 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (writekdmsnu .site in TLS SNI) (malware.rules)
2056367 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diskegraciw .online) (malware.rules)
2056368 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (diskegraciw .online in TLS SNI) (malware.rules)
2056369 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (framedui .store) (malware.rules)
2056370 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (framedui .store in TLS SNI) (malware.rules)
2056392 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site) (malware.rules)
2056393 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (abnomalrkmu .site in TLS SNI) (malware.rules)
2056394 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site) (malware.rules)
2056395 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (absorptioniw .site in TLS SNI) (malware.rules)
2056396 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site) (malware.rules)
2056397 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (chorusarorp .site in TLS SNI) (malware.rules)
2056398 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (consumptiy .site) (malware.rules)
2056399 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (consumptiy .site in TLS SNI) (malware.rules)
2056400 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site) (malware.rules)
2056401 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mysterisop .site in TLS SNI) (malware.rules)
2056402 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store) (malware.rules)
2056403 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (questionsmw .store in TLS SNI) (malware.rules)
2056404 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (remembkreom .xyz) (malware.rules)
2056405 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (remembkreom .xyz in TLS SNI) (malware.rules)
2056406 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site) (malware.rules)
2056407 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (snarlypagowo .site in TLS SNI) (malware.rules)
2056408 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site) (malware.rules)
2056409 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (soldiefieop .site in TLS SNI) (malware.rules)
2056410 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site) (malware.rules)
2056411 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (treatynreit .site in TLS SNI) (malware.rules)
2056412 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trenndylicensei .shop) (malware.rules)
2056413 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (trenndylicensei .shop in TLS SNI) (malware.rules)
2056444 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (accentypastedw .store) (malware.rules)
2056445 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (accentypastedw .store in TLS SNI) (malware.rules)
2056453 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (availabkelk .store) (malware.rules)
2056454 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (availabkelk .store in TLS SNI) (malware.rules)
2056455 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (giffrooypwm .shop) (malware.rules)
2056456 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (giffrooypwm .shop in TLS SNI) (malware.rules)
2056457 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mosquitju .site) (malware.rules)
2056458 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mosquitju .site in TLS SNI) (malware.rules)
2056459 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (newresource .shop) (malware.rules)
2056460 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (newresource .shop in TLS SNI) (malware.rules)
2056461 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (privilegedkoq .shop) (malware.rules)
2056462 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (privilegedkoq .shop in TLS SNI) (malware.rules)
2056463 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (raciimoppero .shop) (malware.rules)
2056464 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (raciimoppero .shop in TLS SNI) (malware.rules)
2056465 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thighfeingjywk .shop) (malware.rules)
2056466 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thighfeingjywk .shop in TLS SNI) (malware.rules)
2056467 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (truthevideow .store) (malware.rules)
2056468 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (truthevideow .store in TLS SNI) (malware.rules)
2056469 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (weakkysemwmns .shop) (malware.rules)
2056470 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (weakkysemwmns .shop in TLS SNI) (malware.rules)
2056471 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) (malware.rules)
2056472 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (clearancek .site in TLS SNI) (malware.rules)
2056473 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) (malware.rules)
2056474 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (licendfilteo .site in TLS SNI) (malware.rules)
2056475 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) (malware.rules)
2056476 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spirittunek .store in TLS SNI) (malware.rules)
2056477 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) (malware.rules)
2056478 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bathdoomgaz .store in TLS SNI) (malware.rules)
2056479 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) (malware.rules)
2056480 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (studennotediw .store in TLS SNI) (malware.rules)
2056481 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) (malware.rules)
2056482 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dissapoiznw .store in TLS SNI) (malware.rules)
2056483 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) (malware.rules)
2056484 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eaglepawnoy .store in TLS SNI) (malware.rules)
2056485 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) (malware.rules)
2056486 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mobbipenju .store in TLS SNI) (malware.rules)
2056487 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mixturehari .store) (malware.rules)
2056488 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mixturehari .store in TLS SNI) (malware.rules)
2056502 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bemuzzeki .sbs) (malware.rules)
2056503 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bemuzzeki .sbs in TLS SNI) (malware.rules)
2056504 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crusthdisow .store) (malware.rules)
2056505 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (crusthdisow .store in TLS SNI) (malware.rules)
2056506 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diliggentyj .buzz) (malware.rules)
2056507 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (diliggentyj .buzz in TLS SNI) (malware.rules)
2056508 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ejectyflay .store) (malware.rules)
2056509 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ejectyflay .store in TLS SNI) (malware.rules)
2056510 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (exemplarou .sbs) (malware.rules)
2056511 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (exemplarou .sbs in TLS SNI) (malware.rules)
2056512 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (exilepolsiy .sbs) (malware.rules)
2056513 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (exilepolsiy .sbs in TLS SNI) (malware.rules)
2056514 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frizzettei .sbs) (malware.rules)
2056515 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frizzettei .sbs in TLS SNI) (malware.rules)
2056516 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (invinjurhey .sbs) (malware.rules)
2056517 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (invinjurhey .sbs in TLS SNI) (malware.rules)
2056518 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (isoplethui .sbs) (malware.rules)
2056519 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (isoplethui .sbs in TLS SNI) (malware.rules)
2056520 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (laddyirekyi .sbs) (malware.rules)
2056521 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (laddyirekyi .sbs in TLS SNI) (malware.rules)
2056522 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (meritdiveu .site) (malware.rules)
2056523 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (meritdiveu .site in TLS SNI) (malware.rules)
2056524 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wickedneatr .sbs) (malware.rules)
2056525 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wickedneatr .sbs in TLS SNI) (malware.rules)
2056542 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bleedminejw .buzz) (malware.rules)
2056543 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bleedminejw .buzz in TLS SNI) (malware.rules)
2056544 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (epiloggati .sbs) (malware.rules)
2056545 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (epiloggati .sbs in TLS SNI) (malware.rules)
2056546 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (methodbojjewkl .shop) (malware.rules)
2056547 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (methodbojjewkl .shop in TLS SNI) (malware.rules)
2056556 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) (malware.rules)
2056557 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) (malware.rules)
2056558 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) (malware.rules)
2056559 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) (malware.rules)
2056560 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) (malware.rules)
2056561 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) (malware.rules)
2056562 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) (malware.rules)
2056563 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) (malware.rules)
2056564 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) (malware.rules)
2056565 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) (malware.rules)
2056566 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) (malware.rules)
2056567 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) (malware.rules)
2056568 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) (malware.rules)
2056569 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (allocatinow .sbs in TLS SNI) (malware.rules)
2056570 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) (malware.rules)
2056571 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) (malware.rules)
2056572 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (widdensmoywi .sbs) (malware.rules)
2056573 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (widdensmoywi .sbs in TLS SNI) (malware.rules)
2056636 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (learnedwk .store) (malware.rules)
2056637 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (learnedwk .store in TLS SNI) (malware.rules)
2056657 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (braidyintw .cfd) (malware.rules)
2056658 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (braidyintw .cfd in TLS SNI) (malware.rules)
2056659 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dormynwj .buzz) (malware.rules)
2056660 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dormynwj .buzz in TLS SNI) (malware.rules)
2056661 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enginenek .buzz) (malware.rules)
2056662 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enginenek .buzz in TLS SNI) (malware.rules)
2056663 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (explorationmsn .store) (malware.rules)
2056664 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorationmsn .store in TLS SNI) (malware.rules)
2056665 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (magneticcosi .buzz) (malware.rules)
2056666 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (magneticcosi .buzz in TLS SNI) (malware.rules)
2056667 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (osberverynsb .biz) (malware.rules)
2056668 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (osberverynsb .biz in TLS SNI) (malware.rules)
2056669 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (passimovrt .cfd) (malware.rules)
2056670 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (passimovrt .cfd in TLS SNI) (malware.rules)
2056671 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (servebothez .biz) (malware.rules)
2056672 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (servebothez .biz in TLS SNI) (malware.rules)
2056673 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sippymroat .cfd) (malware.rules)
2056674 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sippymroat .cfd in TLS SNI) (malware.rules)
2056675 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (unlikerwu .sbs) (malware.rules)
2056676 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (unlikerwu .sbs in TLS SNI) (malware.rules)
2056690 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (addicitedoqowm .shop) (malware.rules)
2056691 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (addicitedoqowm .shop in TLS SNI) (malware.rules)
2056692 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (conceptionnyi .sbs) (malware.rules)
2056693 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (conceptionnyi .sbs in TLS SNI) (malware.rules)
2056694 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (divewanntwj .biz) (malware.rules)
2056695 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (divewanntwj .biz in TLS SNI) (malware.rules)
2056696 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fightyglobo .sbs) (malware.rules)
2056697 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fightyglobo .sbs in TLS SNI) (malware.rules)
2056698 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (insideparti .cfd) (malware.rules)
2056699 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (insideparti .cfd in TLS SNI) (malware.rules)
2056700 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (modellydivi .sbs) (malware.rules)
2056701 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (modellydivi .sbs in TLS SNI) (malware.rules)
2056702 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nervepianoyo .sbs) (malware.rules)
2056703 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (nervepianoyo .sbs in TLS SNI) (malware.rules)
2056704 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pioneeruyj .sbs) (malware.rules)
2056705 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pioneeruyj .sbs in TLS SNI) (malware.rules)
2056706 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (platformcati .sbs) (malware.rules)
2056707 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (platformcati .sbs in TLS SNI) (malware.rules)
2056708 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (punchudump .buzz) (malware.rules)
2056709 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (punchudump .buzz in TLS SNI) (malware.rules)
2056710 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (qualifielgalt .sbs) (malware.rules)
2056711 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (qualifielgalt .sbs in TLS SNI) (malware.rules)
2056712 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (smashygally .sbs) (malware.rules)
2056713 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (smashygally .sbs in TLS SNI) (malware.rules)
2056714 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thanngkwwqlm .shop) (malware.rules)
2056715 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thanngkwwqlm .shop in TLS SNI) (malware.rules)
2056716 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (underlinefiue .sbs) (malware.rules)
2056717 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (underlinefiue .sbs in TLS SNI) (malware.rules)
2056728 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deaddynpangju .shop) (malware.rules)
2056729 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deaddynpangju .shop in TLS SNI) (malware.rules)
2056750 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (captaitwik .sbs) (malware.rules)
2056751 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (captaitwik .sbs in TLS SNI) (malware.rules)
2056752 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deepymouthi .sbs) (malware.rules)
2056753 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deepymouthi .sbs in TLS SNI) (malware.rules)
2056754 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ferrycheatyk .sbs) (malware.rules)
2056755 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ferrycheatyk .sbs in TLS SNI) (malware.rules)
2056756 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (heroicmint .sbs) (malware.rules)
2056757 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (heroicmint .sbs in TLS SNI) (malware.rules)
2056758 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (kneelyopkr .cfd) (malware.rules)
2056759 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (kneelyopkr .cfd in TLS SNI) (malware.rules)
2056760 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (monstourtu .sbs) (malware.rules)
2056761 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (monstourtu .sbs in TLS SNI) (malware.rules)
2056762 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sidercotay .sbs) (malware.rules)
2056763 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sidercotay .sbs in TLS SNI) (malware.rules)
2056764 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snailyeductyi .sbs) (malware.rules)
2056765 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (snailyeductyi .sbs in TLS SNI) (malware.rules)
2056766 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrigglesight .sbs) (malware.rules)
2056767 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrigglesight .sbs in TLS SNI) (malware.rules)
2056832 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offybirhtdi .sbs) (malware.rules)
2056834 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (offybirhtdi .sbs in TLS SNI) (malware.rules)
2056835 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (activedomest .sbs) (malware.rules)
2056837 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (activedomest .sbs in TLS SNI) (malware.rules)
2056838 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arenbootk .sbs) (malware.rules)
2056840 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (arenbootk .sbs in TLS SNI) (malware.rules)
2056841 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mediavelk .sbs) (malware.rules)
2056843 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mediavelk .sbs in TLS SNI) (malware.rules)
2056844 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (definitib .sbs) (malware.rules)
2056846 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (definitib .sbs in TLS SNI) (malware.rules)
2056847 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elaboretib .sbs) (malware.rules)
2056849 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (elaboretib .sbs in TLS SNI) (malware.rules)
2056850 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (strikebripm .sbs) (malware.rules)
2056852 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (strikebripm .sbs in TLS SNI) (malware.rules)
2056853 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ostracizez .sbs) (malware.rules)
2056855 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ostracizez .sbs in TLS SNI) (malware.rules)
2057043 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (arreggshow .cfd) (malware.rules)
2057044 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (arreggshow .cfd in TLS SNI) (malware.rules)
2057045 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wheatari .cyou) (malware.rules)
2057046 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wheatari .cyou in TLS SNI) (malware.rules)
2057071 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (authorisev .site) (malware.rules)
2057072 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (authorisev .site in TLS SNI) (malware.rules)
2057073 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (carbonhari .cyou) (malware.rules)
2057074 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (carbonhari .cyou in TLS SNI) (malware.rules)
2057075 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (colldycatle .cyou) (malware.rules)
2057076 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (colldycatle .cyou in TLS SNI) (malware.rules)
2057077 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (contemteny .site) (malware.rules)
2057078 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (contemteny .site in TLS SNI) (malware.rules)
2057079 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dilemmadu .site) (malware.rules)
2057080 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dilemmadu .site in TLS SNI) (malware.rules)
2057081 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fashionablei .sbs) (malware.rules)
2057082 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fashionablei .sbs in TLS SNI) (malware.rules)
2057083 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (faulteyotk .site) (malware.rules)
2057084 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (faulteyotk .site in TLS SNI) (malware.rules)
2057085 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (goalyfeastz .site) (malware.rules)
2057086 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (goalyfeastz .site in TLS SNI) (malware.rules)
2057087 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (messejawu .store) (malware.rules)
2057088 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (messejawu .store in TLS SNI) (malware.rules)
2057089 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (opposezmny .site) (malware.rules)
2057090 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (opposezmny .site in TLS SNI) (malware.rules)
2057091 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prinyveri .cfd) (malware.rules)
2057092 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (prinyveri .cfd in TLS SNI) (malware.rules)
2057093 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (seallysl .site) (malware.rules)
2057094 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (seallysl .site in TLS SNI) (malware.rules)
2057095 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (servicedny .site) (malware.rules)
2057096 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (servicedny .site in TLS SNI) (malware.rules)
2057097 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thighpecr .cyou) (malware.rules)
2057098 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thighpecr .cyou in TLS SNI) (malware.rules)
2057099 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (transparenteunlawfullyp .site) (malware.rules)
2057100 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (transparenteunlawfullyp .site in TLS SNI) (malware.rules)
2057101 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scriptyprefej .store) (malware.rules)
2057102 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scriptyprefej .store in TLS SNI) (malware.rules)
2057119 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store) (malware.rules)
2057120 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) (malware.rules)
2057121 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) (malware.rules)
2057122 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) (malware.rules)
2057123 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) (malware.rules)
2057124 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) (malware.rules)
2057125 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) (malware.rules)
2057126 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thumbystriw .store in TLS SNI) (malware.rules)
2057127 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) (malware.rules)
2057128 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fadehairucw .store in TLS SNI) (malware.rules)
2057129 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) (malware.rules)
2057130 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (crisiwarny .store in TLS SNI) (malware.rules)
2057131 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) (malware.rules)
2057132 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (presticitpo .store in TLS SNI) (malware.rules)
2057133 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ppi .circledexj .cyou) (malware.rules)
2057134 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ppi .circledexj .cyou in TLS SNI) (malware.rules)
2057135 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lossycristi .cyou) (malware.rules)
2057136 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lossycristi .cyou in TLS SNI) (malware.rules)
2057150 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (relaxatiyon .cyou) (malware.rules)
2057151 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (relaxatiyon .cyou in TLS SNI) (malware.rules)
2057172 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (countymushroom .cyou) (malware.rules)
2057173 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (countymushroom .cyou in TLS SNI) (malware.rules)
2057174 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (forbidstow .site) (malware.rules)
2057175 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (forbidstow .site in TLS SNI) (malware.rules)
2057176 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hurlywolky .cyou) (malware.rules)
2057177 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hurlywolky .cyou in TLS SNI) (malware.rules)
2057178 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatmentyj .cyou) (malware.rules)
2057179 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (treatmentyj .cyou in TLS SNI) (malware.rules)
2057230 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (uppermixturyz .site) (malware.rules)
2057231 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (uppermixturyz .site in TLS SNI) (malware.rules)
2057232 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bringlanejk .site) (malware.rules)
2057233 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bringlanejk .site in TLS SNI) (malware.rules)
2057234 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (honerstyzu .site) (malware.rules)
2057235 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (honerstyzu .site in TLS SNI) (malware.rules)
2057236 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plaintifuf .site) (malware.rules)
2057237 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plaintifuf .site in TLS SNI) (malware.rules)
2057238 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moeventmynz .site) (malware.rules)
2057239 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (moeventmynz .site in TLS SNI) (malware.rules)
2057240 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (unityshootsz .site) (malware.rules)
2057241 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (unityshootsz .site in TLS SNI) (malware.rules)
2057242 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (monopuncdz .site) (malware.rules)
2057243 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (monopuncdz .site in TLS SNI) (malware.rules)
2057244 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinfomarbke .site) (malware.rules)
2057245 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinfomarbke .site in TLS SNI) (malware.rules)
2057255 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moutheventushz .shop) (malware.rules)
2057256 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (moutheventushz .shop in TLS SNI) (malware.rules)
2057257 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (respectabosiz .shop) (malware.rules)
2057258 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (respectabosiz .shop in TLS SNI) (malware.rules)
2057259 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (conceszustyb .shop) (malware.rules)
2057260 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (conceszustyb .shop in TLS SNI) (malware.rules)
2057261 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bakedstusteeb .shop) (malware.rules)
2057262 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bakedstusteeb .shop in TLS SNI) (malware.rules)
2057263 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nightybinybz .shop) (malware.rules)
2057264 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (nightybinybz .shop in TLS SNI) (malware.rules)
2057265 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (standartedby .shop) (malware.rules)
2057266 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (standartedby .shop in TLS SNI) (malware.rules)
2057267 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mutterissuen .shop) (malware.rules)
2057268 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mutterissuen .shop in TLS SNI) (malware.rules)
2057269 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (worddosofrm .shop) (malware.rules)
2057270 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worddosofrm .shop in TLS SNI) (malware.rules)
2057271 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (healthpathway-culinarydelight .shop) (malware.rules)
2057272 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (healthpathway-culinarydelight .shop in TLS SNI) (malware.rules)
2057284 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (knifedxejsu .cyou) (malware.rules)
2057285 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (knifedxejsu .cyou in TLS SNI) (malware.rules)
2057415 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marshal-zhukov .com) (malware.rules)
2057416 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (marshal-zhukov .com in TLS SNI) (malware.rules)
2057417 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (approvfoor .com) (malware.rules)
2057418 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (approvfoor .com in TLS SNI) (malware.rules)
2057419 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (approvedne .fun) (malware.rules)
2057420 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (approvedne .fun in TLS SNI) (malware.rules)
2057421 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (actgrievny .fun) (malware.rules)
2057422 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (actgrievny .fun in TLS SNI) (malware.rules)
2057423 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ignofinisheui .icu) (malware.rules)
2057424 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ignofinisheui .icu in TLS SNI) (malware.rules)
2057425 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (quiantiaj .icu) (malware.rules)
2057426 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (quiantiaj .icu in TLS SNI) (malware.rules)
2057427 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dismissanw .icu) (malware.rules)
2057428 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dismissanw .icu in TLS SNI) (malware.rules)
2057429 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (packagednyb .cyou) (malware.rules)
2057430 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (packagednyb .cyou in TLS SNI) (malware.rules)
2057431 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (villagedguy .cyou) (malware.rules)
2057432 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (villagedguy .cyou in TLS SNI) (malware.rules)
2057812 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (blade-govern .sbs) (malware.rules)
2057813 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (blade-govern .sbs in TLS SNI) (malware.rules)
2057814 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (disobey-curly .sbs) (malware.rules)
2057815 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (disobey-curly .sbs in TLS SNI) (malware.rules)
2057816 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (farewellnzu .icu) (malware.rules)
2057817 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (farewellnzu .icu in TLS SNI) (malware.rules)
2057818 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogs-severz .sbs) (malware.rules)
2057819 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogs-severz .sbs in TLS SNI) (malware.rules)
2057820 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fumblingactor .cyou) (malware.rules)
2057821 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fumblingactor .cyou in TLS SNI) (malware.rules)
2057822 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hellpartnercareeroo .shop) (malware.rules)
2057823 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hellpartnercareeroo .shop in TLS SNI) (malware.rules)
2057824 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (leg-sate-boat .sbs) (malware.rules)
2057825 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (leg-sate-boat .sbs in TLS SNI) (malware.rules)
2057826 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (motion-treesz .sbs) (malware.rules)
2057827 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (motion-treesz .sbs in TLS SNI) (malware.rules)
2057828 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (oak-smash .cyou) (malware.rules)
2057829 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (oak-smash .cyou in TLS SNI) (malware.rules)
2057830 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (occupy-blushi .sbs) (malware.rules)
2057831 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (occupy-blushi .sbs in TLS SNI) (malware.rules)
2057832 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (peacefulmind .shop) (malware.rules)
2057833 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (peacefulmind .shop in TLS SNI) (malware.rules)
2057834 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (powerful-avoids .sbs) (malware.rules)
2057835 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (powerful-avoids .sbs in TLS SNI) (malware.rules)
2057836 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (property-imper .sbs) (malware.rules)
2057837 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (property-imper .sbs in TLS SNI) (malware.rules)
2057838 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (push-hook .cyou) (malware.rules)
2057839 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (push-hook .cyou in TLS SNI) (malware.rules)
2057840 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shirk-home .cyou) (malware.rules)
2057841 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (shirk-home .cyou in TLS SNI) (malware.rules)
2057842 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (story-tense-faz .sbs) (malware.rules)
2057843 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (story-tense-faz .sbs in TLS SNI) (malware.rules)
2057844 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sturdy-operated .cyou) (malware.rules)
2057845 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sturdy-operated .cyou in TLS SNI) (malware.rules)
2057846 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sunny-beach .shop) (malware.rules)
2057847 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sunny-beach .shop in TLS SNI) (malware.rules)
2057848 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tail-cease .cyou) (malware.rules)
2057849 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tail-cease .cyou in TLS SNI) (malware.rules)
2057850 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (w0rdergen1 .cyou) (malware.rules)
2057851 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (w0rdergen1 .cyou in TLS SNI) (malware.rules)
2057876 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (uniqueplas .sbs) (malware.rules)
2057877 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (uniqueplas .sbs in TLS SNI) (malware.rules)
2057969 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) (malware.rules)
2057970 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (impend-differ .biz in TLS SNI) (malware.rules)
2057971 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) (malware.rules)
2057972 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (print-vexer .biz in TLS SNI) (malware.rules)
2057973 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) (malware.rules)
2057974 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (covery-mover .biz in TLS SNI) (malware.rules)
2057975 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) (malware.rules)
2057976 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dare-curbys .biz in TLS SNI) (malware.rules)
2057977 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) (malware.rules)
2057978 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (formy-spill .biz in TLS SNI) (malware.rules)
2057979 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) (malware.rules)
2057980 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dwell-exclaim .biz in TLS SNI) (malware.rules)
2057981 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) (malware.rules)
2057982 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zinc-sneark .biz in TLS SNI) (malware.rules)
2057984 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (se-blurry .biz in TLS SNI) (malware.rules)
2057985 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lumdexibuy .shop) (malware.rules)
2057986 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lumdexibuy .shop in TLS SNI) (malware.rules)
2057987 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (preside-comforter .sbs) (malware.rules)
2057988 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (preside-comforter .sbs in TLS SNI) (malware.rules)
2057989 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (savvy-steereo .sbs) (malware.rules)
2057990 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (savvy-steereo .sbs in TLS SNI) (malware.rules)
2057991 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (copper-replace .sbs) (malware.rules)
2057992 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (copper-replace .sbs in TLS SNI) (malware.rules)
2057993 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (record-envyp .sbs) (malware.rules)
2057994 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (record-envyp .sbs in TLS SNI) (malware.rules)
2057995 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slam-whipp .sbs) (malware.rules)
2057996 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (slam-whipp .sbs in TLS SNI) (malware.rules)
2057997 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrench-creter .sbs) (malware.rules)
2057998 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wrench-creter .sbs in TLS SNI) (malware.rules)
2057999 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (looky-marked .sbs) (malware.rules)
2058000 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (looky-marked .sbs in TLS SNI) (malware.rules)
2058001 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plastic-mitten .sbs) (malware.rules)
2058002 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plastic-mitten .sbs in TLS SNI) (malware.rules)
2058003 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (petited-hulking .cyou) (malware.rules)
2058004 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (petited-hulking .cyou in TLS SNI) (malware.rules)
2058685 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) (malware.rules)
2857756 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2857943 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2857971 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2857972 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2858207 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2858211 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2858299 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2858306 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2858336 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2858338 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)
2859143 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/01/28 - v10847 Ruleset Updates	97	January 28, 2025
Ruleset Update Summary - 2024/11/22 - v10748 Ruleset Updates	76	November 22, 2024
Ruleset Update Summary - 2024/10/21 - v10724 Ruleset Updates	114	October 21, 2024
Ruleset Update Summary - 2024/06/21 - v10624 Ruleset Updates	145	June 21, 2024
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	182	July 15, 2024

Ruleset Update Summary - 2025/03/07 - v10874

Summary:

Added rules:

Open:

Disabled and modified rules:

Related topics