Summary:
29 new OPEN, 37 new PRO (29 + 8)
Added rules:
Open:
- 2062074 - ET MALWARE TerraStealerV2 New Victim Checkin via Telegram API (malware.rules)
- 2062075 - ET INFO DYNAMIC_DNS Query to a *.defdc .com domain (info.rules)
- 2062076 - ET INFO DYNAMIC_DNS HTTP Request to a *.defdc .com domain (info.rules)
- 2062077 - ET INFO DYNAMIC_DNS Query to a *.roedernallee .com domain (info.rules)
- 2062078 - ET INFO DYNAMIC_DNS HTTP Request to a *.roedernallee .com domain (info.rules)
- 2062079 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (baseurzv .run) (malware.rules)
- 2062080 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (baseurzv .run) in TLS SNI (malware.rules)
- 2062081 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eczakozmetik .net) (malware.rules)
- 2062082 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eczakozmetik .net) in TLS SNI (malware.rules)
- 2062083 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eczamedikal .org) (malware.rules)
- 2062084 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eczamedikal .org) in TLS SNI (malware.rules)
- 2062085 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lemuruy .live) (malware.rules)
- 2062086 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lemuruy .live) in TLS SNI (malware.rules)
- 2062087 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (medicalbitkisel .net) (malware.rules)
- 2062088 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (medicalbitkisel .net) in TLS SNI (malware.rules)
- 2062089 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (orijinalecza .net) (malware.rules)
- 2062090 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (orijinalecza .net) in TLS SNI (malware.rules)
- 2062091 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (orijinalecza .org) (malware.rules)
- 2062092 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (orijinalecza .org) in TLS SNI (malware.rules)
- 2062093 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (orjinalecza .net) (malware.rules)
- 2062094 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (orjinalecza .net) in TLS SNI (malware.rules)
- 2062095 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scriptorumh .live) (malware.rules)
- 2062096 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (scriptorumh .live) in TLS SNI (malware.rules)
- 2062097 - ET MALWARE TerraStealerV2 Data Exfil via WeTransfers (malware.rules)
- 2062098 - ET WEB_SPECIFIC_APPS Wangshen SecGate 3600 obj_area_export_save filename parameter Directory Traversal Attempt (2025-4185) (web_specific_apps.rules)
- 2062099 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (feedback .5moves2monetizechallenge .com) (malware.rules)
- 2062100 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (feedback .5moves2monetizechallenge .com) (malware.rules)
- 2062101 - ET MALWARE TerraStealerV2 Victim Checkin via Telegram API (Wallet Count) (malware.rules)
- 2062102 - ET MALWARE TerraStealerV2 CnC Telegram Bot Response (malware.rules)
Pro:
- 2861557 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2861558 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861559 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2861560 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2861561 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2861562 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2861563 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2861564 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)