Summary:
65 new OPEN, 68 new PRO (65 + 3)
Added rules:
Open:
- 2062009 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (viridisw .top) (malware.rules)
- 2062010 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (viridisw .top in TLS SNI) (malware.rules)
- 2062011 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (victoreqs .run) (malware.rules)
- 2062012 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (victoreqs .run in TLS SNI) (malware.rules)
- 2062013 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wfyzizcy .eza) (malware.rules)
- 2062014 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wfyzizcy .eza in TLS SNI) (malware.rules)
- 2062015 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tbczyczdp .eza) (malware.rules)
- 2062016 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tbczyczdp .eza in TLS SNI) (malware.rules)
- 2062017 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hzwgpctypld .eza) (malware.rules)
- 2062018 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hzwgpctypld .eza in TLS SNI) (malware.rules)
- 2062019 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ncznzotwpqr .eza) (malware.rules)
- 2062020 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ncznzotwpqr .eza in TLS SNI) (malware.rules)
- 2062021 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spxtdaspcpik .eza) (malware.rules)
- 2062022 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spxtdaspcpik .eza in TLS SNI) (malware.rules)
- 2062023 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ezaelwpyeh .eza) (malware.rules)
- 2062024 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ezaelwpyeh .eza in TLS SNI) (malware.rules)
- 2062025 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gtctotdh .eza) (malware.rules)
- 2062026 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gtctotdh .eza in TLS SNI) (malware.rules)
- 2062027 - ET MALWARE GET Request to Likely ClickFix Staging Site (malware.rules)
- 2062028 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (progress .moneymatrixonline .com) (malware.rules)
- 2062029 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (progress .moneymatrixonline .com) (malware.rules)
- 2062030 - ET INFO DYNAMIC_DNS Query to a *.lifepixeled .com domain (info.rules)
- 2062031 - ET INFO DYNAMIC_DNS HTTP Request to a *.lifepixeled .com domain (info.rules)
- 2062032 - ET INFO DYNAMIC_DNS Query to a *.mappuchan .com domain (info.rules)
- 2062033 - ET INFO DYNAMIC_DNS HTTP Request to a *.mappuchan .com domain (info.rules)
- 2062034 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (brandihx .run) (malware.rules)
- 2062035 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (brandihx .run) in TLS SNI (malware.rules)
- 2062036 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (civitasu .run) (malware.rules)
- 2062037 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (civitasu .run) in TLS SNI (malware.rules)
- 2062038 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (corexlaib .top) (malware.rules)
- 2062039 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (corexlaib .top) in TLS SNI (malware.rules)
- 2062040 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (datamanipy .run) (malware.rules)
- 2062041 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (datamanipy .run) in TLS SNI (malware.rules)
- 2062042 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (datawavej .digital) (malware.rules)
- 2062043 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (datawavej .digital) in TLS SNI (malware.rules)
- 2062044 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (disciplipna .top) (malware.rules)
- 2062045 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (disciplipna .top) in TLS SNI (malware.rules)
- 2062046 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglekl .digital) (malware.rules)
- 2062047 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eaglekl .digital) in TLS SNI (malware.rules)
- 2062048 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (exitiumt .digital) (malware.rules)
- 2062049 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (exitiumt .digital) in TLS SNI (malware.rules)
- 2062050 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lipsdonny .com) (malware.rules)
- 2062051 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lipsdonny .com) in TLS SNI (malware.rules)
- 2062052 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (narwhaltr .live) (malware.rules)
- 2062053 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (narwhaltr .live) in TLS SNI (malware.rules)
- 2062054 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (opusculy .top) (malware.rules)
- 2062055 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (opusculy .top) in TLS SNI (malware.rules)
- 2062056 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (praetori .live) (malware.rules)
- 2062057 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (praetori .live) in TLS SNI (malware.rules)
- 2062058 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabbitw .run) (malware.rules)
- 2062059 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabbitw .run) in TLS SNI (malware.rules)
- 2062060 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scriptao .digital) (malware.rules)
- 2062061 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scriptao .digital) in TLS SNI (malware.rules)
- 2062062 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (techchaiun .live) (malware.rules)
- 2062063 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (techchaiun .live) in TLS SNI (malware.rules)
- 2062064 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (triremeo .digital) (malware.rules)
- 2062065 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (triremeo .digital) in TLS SNI (malware.rules)
- 2062066 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vecturar .top) (malware.rules)
- 2062067 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vecturar .top) in TLS SNI (malware.rules)
- 2062068 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (viriatoe .live) (malware.rules)
- 2062069 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (viriatoe .live) in TLS SNI (malware.rules)
- 2062070 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (warldonvu .live) (malware.rules)
- 2062071 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (warldonvu .live) in TLS SNI (malware.rules)
- 2062072 - ET EXPLOIT_KIT Observed ClickFix DGA Domain in DNS Lookup (exploit_kit.rules)
- 2062073 - ET EXPLOIT_KIT Observed ClickFix DGA Domain in TLS SNI (exploit_kit.rules)
Pro:
- 2861510 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2861511 - ETPRO PHISHING TA453 Domain in DNS Lookup (phishing.rules)
- 2861512 - ETPRO PHISHING TA453 Domain in DNS Lookup (phishing.rules)