Ruleset Update Summary - 2025/05/01 - v10918

rulesbot · May 1, 2025, 10:50pm

Summary:

65 new OPEN, 68 new PRO (65 + 3)

Added rules:

Open:

2062009 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (viridisw .top) (malware.rules)
2062010 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (viridisw .top in TLS SNI) (malware.rules)
2062011 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (victoreqs .run) (malware.rules)
2062012 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (victoreqs .run in TLS SNI) (malware.rules)
2062013 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wfyzizcy .eza) (malware.rules)
2062014 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wfyzizcy .eza in TLS SNI) (malware.rules)
2062015 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tbczyczdp .eza) (malware.rules)
2062016 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tbczyczdp .eza in TLS SNI) (malware.rules)
2062017 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hzwgpctypld .eza) (malware.rules)
2062018 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hzwgpctypld .eza in TLS SNI) (malware.rules)
2062019 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ncznzotwpqr .eza) (malware.rules)
2062020 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ncznzotwpqr .eza in TLS SNI) (malware.rules)
2062021 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spxtdaspcpik .eza) (malware.rules)
2062022 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spxtdaspcpik .eza in TLS SNI) (malware.rules)
2062023 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ezaelwpyeh .eza) (malware.rules)
2062024 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ezaelwpyeh .eza in TLS SNI) (malware.rules)
2062025 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gtctotdh .eza) (malware.rules)
2062026 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gtctotdh .eza in TLS SNI) (malware.rules)
2062027 - ET MALWARE GET Request to Likely ClickFix Staging Site (malware.rules)
2062028 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (progress .moneymatrixonline .com) (malware.rules)
2062029 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (progress .moneymatrixonline .com) (malware.rules)
2062030 - ET INFO DYNAMIC_DNS Query to a *.lifepixeled .com domain (info.rules)
2062031 - ET INFO DYNAMIC_DNS HTTP Request to a *.lifepixeled .com domain (info.rules)
2062032 - ET INFO DYNAMIC_DNS Query to a *.mappuchan .com domain (info.rules)
2062033 - ET INFO DYNAMIC_DNS HTTP Request to a *.mappuchan .com domain (info.rules)
2062034 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (brandihx .run) (malware.rules)
2062035 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (brandihx .run) in TLS SNI (malware.rules)
2062036 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (civitasu .run) (malware.rules)
2062037 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (civitasu .run) in TLS SNI (malware.rules)
2062038 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (corexlaib .top) (malware.rules)
2062039 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (corexlaib .top) in TLS SNI (malware.rules)
2062040 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (datamanipy .run) (malware.rules)
2062041 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (datamanipy .run) in TLS SNI (malware.rules)
2062042 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (datawavej .digital) (malware.rules)
2062043 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (datawavej .digital) in TLS SNI (malware.rules)
2062044 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (disciplipna .top) (malware.rules)
2062045 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (disciplipna .top) in TLS SNI (malware.rules)
2062046 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglekl .digital) (malware.rules)
2062047 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eaglekl .digital) in TLS SNI (malware.rules)
2062048 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (exitiumt .digital) (malware.rules)
2062049 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (exitiumt .digital) in TLS SNI (malware.rules)
2062050 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lipsdonny .com) (malware.rules)
2062051 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lipsdonny .com) in TLS SNI (malware.rules)
2062052 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (narwhaltr .live) (malware.rules)
2062053 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (narwhaltr .live) in TLS SNI (malware.rules)
2062054 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (opusculy .top) (malware.rules)
2062055 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (opusculy .top) in TLS SNI (malware.rules)
2062056 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (praetori .live) (malware.rules)
2062057 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (praetori .live) in TLS SNI (malware.rules)
2062058 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabbitw .run) (malware.rules)
2062059 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabbitw .run) in TLS SNI (malware.rules)
2062060 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scriptao .digital) (malware.rules)
2062061 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scriptao .digital) in TLS SNI (malware.rules)
2062062 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (techchaiun .live) (malware.rules)
2062063 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (techchaiun .live) in TLS SNI (malware.rules)
2062064 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (triremeo .digital) (malware.rules)
2062065 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (triremeo .digital) in TLS SNI (malware.rules)
2062066 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vecturar .top) (malware.rules)
2062067 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vecturar .top) in TLS SNI (malware.rules)
2062068 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (viriatoe .live) (malware.rules)
2062069 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (viriatoe .live) in TLS SNI (malware.rules)
2062070 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (warldonvu .live) (malware.rules)
2062071 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (warldonvu .live) in TLS SNI (malware.rules)
2062072 - ET EXPLOIT_KIT Observed ClickFix DGA Domain in DNS Lookup (exploit_kit.rules)
2062073 - ET EXPLOIT_KIT Observed ClickFix DGA Domain in TLS SNI (exploit_kit.rules)

Pro:

2861510 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2861511 - ETPRO PHISHING TA453 Domain in DNS Lookup (phishing.rules)
2861512 - ETPRO PHISHING TA453 Domain in DNS Lookup (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/02/03 - v10851 Ruleset Updates	124	February 3, 2025
Ruleset Update Summary - 2025/05/05 - v10920 Ruleset Updates	62	May 5, 2025
Ruleset Update Summary - 2024/11/29 - v10761 Ruleset Updates	43	November 29, 2024
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	89	December 26, 2024
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	123	November 12, 2024

Ruleset Update Summary - 2025/05/01 - v10918

Summary:

Added rules:

Open:

Pro:

Related topics