Summary:
23 new OPEN, 24 new PRO (23 + 1)
Added rules:
Open:
- 2062103 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aureliae .run) (malware.rules)
- 2062104 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aureliae .run) in TLS SNI (malware.rules)
- 2062105 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formydab .run) (malware.rules)
- 2062106 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (formydab .run) in TLS SNI (malware.rules)
- 2062107 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hedgehocvg .digital) (malware.rules)
- 2062108 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hedgehocvg .digital) in TLS SNI (malware.rules)
- 2062109 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (himselcaked .digital) (malware.rules)
- 2062110 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (himselcaked .digital) in TLS SNI (malware.rules)
- 2062111 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snakejh .top) (malware.rules)
- 2062112 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (snakejh .top) in TLS SNI (malware.rules)
- 2062113 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tortoisgfe .top) (malware.rules)
- 2062114 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tortoisgfe .top) in TLS SNI (malware.rules)
- 2062115 - ET INFO DYNAMIC_DNS Query to a *.virtualsiam .com domain (info.rules)
- 2062116 - ET INFO DYNAMIC_DNS HTTP Request to a *.virtualsiam .com domain (info.rules)
- 2062117 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aeneasq .live) (malware.rules)
- 2062118 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aeneasq .live) in TLS SNI (malware.rules)
- 2062119 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drypingzyr .run) (malware.rules)
- 2062120 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drypingzyr .run) in TLS SNI (malware.rules)
- 2062121 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starfiswh .live) (malware.rules)
- 2062122 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (starfiswh .live) in TLS SNI (malware.rules)
- 2062123 - ET ATTACK_RESPONSE Observed ClickFix Landing Page Inbound (attack_response.rules)
- 2062124 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (order .meetandeatsac .com) (malware.rules)
- 2062125 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (order .meetandeatsac .com) (malware.rules)
Pro:
- 2861566 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
Removed rules:
- 2011803 - ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected (shellcode.rules)
- 2011804 - ET SHELLCODE Possible UDP x86 JMP to CALL Shellcode Detected (shellcode.rules)
- 2012087 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
- 2012088 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
- 2012089 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
- 2012090 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
- 2012091 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
- 2012092 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
- 2012093 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)