Summary:
39 new OPEN, 109 new PRO (39 + 70)
Added rules:
Open:
- 2060904 - ET INFO DYNAMIC_DNS Query to a *.bsfa .info domain (info.rules)
- 2060905 - ET INFO DYNAMIC_DNS HTTP Request to a *.bsfa .info domain (info.rules)
- 2060906 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (armamenti .world) (malware.rules)
- 2060907 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (armamenti .world) in TLS SNI (malware.rules)
- 2060908 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (armoryarch .shop) (malware.rules)
- 2060909 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (armoryarch .shop) in TLS SNI (malware.rules)
- 2060910 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (blackeblast .run) (malware.rules)
- 2060911 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (blackeblast .run) in TLS SNI (malware.rules)
- 2060912 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (caliberc .today) (malware.rules)
- 2060913 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (caliberc .today) in TLS SNI (malware.rules)
- 2060914 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (citywand .live) (malware.rules)
- 2060915 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (citywand .live) in TLS SNI (malware.rules)
- 2060916 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (loadoutle .life) (malware.rules)
- 2060917 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (loadoutle .life) in TLS SNI (malware.rules)
- 2060918 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pistolpra .bet) (malware.rules)
- 2060919 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pistolpra .bet) in TLS SNI (malware.rules)
- 2060920 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (selfdefens .bet) (malware.rules)
- 2060921 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (selfdefens .bet) in TLS SNI (malware.rules)
- 2060922 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (targett .top) (malware.rules)
- 2060923 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (targett .top) in TLS SNI (malware.rules)
- 2060924 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (weaponwo .life) (malware.rules)
- 2060925 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (weaponwo .life) in TLS SNI (malware.rules)
- 2060926 - ET INFO DYNAMIC_DNS Query to a *.jtizyl .net domain (info.rules)
- 2060927 - ET INFO DYNAMIC_DNS HTTP Request to a *.jtizyl .net domain (info.rules)
- 2060928 - ET INFO DYNAMIC_DNS Query to a *.pastrypowered .com domain (info.rules)
- 2060929 - ET INFO DYNAMIC_DNS HTTP Request to a *.pastrypowered .com domain (info.rules)
- 2060930 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (guninfoo .run) (malware.rules)
- 2060931 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (guninfoo .run) in TLS SNI (malware.rules)
- 2060932 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gunlovers .top) (malware.rules)
- 2060933 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gunlovers .top) in TLS SNI (malware.rules)
- 2060934 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zfurrycomp .top) (malware.rules)
- 2060935 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zfurrycomp .top) in TLS SNI (malware.rules)
- 2060936 - ET MALWARE Generic Rust Stealer Exfiltration (POST) (malware.rules)
- 2060937 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (opteme .com) (exploit_kit.rules)
- 2060938 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (vononline .com) (exploit_kit.rules)
- 2060939 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (opteme .com) (exploit_kit.rules)
- 2060940 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (vononline .com) (exploit_kit.rules)
- 2060941 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (login .icvpartners .com) (malware.rules)
- 2060942 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (login .icvpartners .com) (malware.rules)
Pro:
- 2860720 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2860721 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860722 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2860723 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2860724 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2860725 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2860726 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2860727 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2860728 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2860729 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860730 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860731 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2860732 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2860733 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2860734 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2860735 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2860736 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2860737 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2860738 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2860739 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2860740 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2860741 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2860742 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860743 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860744 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860745 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2860746 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
- 2860747 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2860748 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
- 2860749 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
- 2860750 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2860751 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2860752 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2860753 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2860754 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2860755 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2860756 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2860757 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2860758 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2860759 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860760 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860761 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2860762 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2860763 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2860764 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2860765 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2860766 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2860767 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2860768 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2860769 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2860770 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2860771 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2860772 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860773 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860774 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2860775 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2860776 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2860777 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2860778 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2860779 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2860780 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2860781 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2860782 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2860783 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2860784 - ETPRO MALWARE Observed DNS Query to TA453 Domain (malware.rules)
- 2860785 - ETPRO MALWARE Observed DNS Query to TA453 Domain (malware.rules)
- 2860786 - ETPRO MALWARE Observed DNS Query to TA453 Domain (malware.rules)
- 2860787 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
- 2860788 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
- 2860789 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
Disabled and modified rules:
- 2850006 - ETPRO MALWARE MSIL/ClipBanker.QS CnC Checkin (malware.rules)
- 2850117 - ETPRO PHISHING Possible PancakeSwap Cred Phishing POST (phishing.rules)
- 2850145 - ETPRO PHISHING Successful Generic Submission of Email (phishing.rules)
- 2850147 - ETPRO PHISHING Generic Password Form M1 (phishing.rules)
- 2850148 - ETPRO PHISHING Successful Generic Credential Phish POST M1 (phishing.rules)
- 2850192 - ETPRO HUNTING Observed Honeypot Validation M1 (hunting.rules)
- 2850455 - ETPRO INFO URL Shortener Service Domain in DNS Lookup (info.rules)