Ruleset Update Summary - 2025/05/05 - v10920

rulesbot · May 5, 2025, 9:14pm

Summary:

23 new OPEN, 24 new PRO (23 + 1)

Added rules:

Open:

2062103 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aureliae .run) (malware.rules)
2062104 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aureliae .run) in TLS SNI (malware.rules)
2062105 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formydab .run) (malware.rules)
2062106 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (formydab .run) in TLS SNI (malware.rules)
2062107 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hedgehocvg .digital) (malware.rules)
2062108 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hedgehocvg .digital) in TLS SNI (malware.rules)
2062109 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (himselcaked .digital) (malware.rules)
2062110 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (himselcaked .digital) in TLS SNI (malware.rules)
2062111 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snakejh .top) (malware.rules)
2062112 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (snakejh .top) in TLS SNI (malware.rules)
2062113 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tortoisgfe .top) (malware.rules)
2062114 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tortoisgfe .top) in TLS SNI (malware.rules)
2062115 - ET INFO DYNAMIC_DNS Query to a *.virtualsiam .com domain (info.rules)
2062116 - ET INFO DYNAMIC_DNS HTTP Request to a *.virtualsiam .com domain (info.rules)
2062117 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aeneasq .live) (malware.rules)
2062118 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aeneasq .live) in TLS SNI (malware.rules)
2062119 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drypingzyr .run) (malware.rules)
2062120 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drypingzyr .run) in TLS SNI (malware.rules)
2062121 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starfiswh .live) (malware.rules)
2062122 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (starfiswh .live) in TLS SNI (malware.rules)
2062123 - ET ATTACK_RESPONSE Observed ClickFix Landing Page Inbound (attack_response.rules)
2062124 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (order .meetandeatsac .com) (malware.rules)
2062125 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (order .meetandeatsac .com) (malware.rules)

Pro:

2861566 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Removed rules:

2011803 - ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected (shellcode.rules)
2011804 - ET SHELLCODE Possible UDP x86 JMP to CALL Shellcode Detected (shellcode.rules)
2012087 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
2012088 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
2012089 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
2012090 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
2012091 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)
2012092 - ET SHELLCODE Possible Call with No Offset TCP Shellcode (shellcode.rules)
2012093 - ET SHELLCODE Possible Call with No Offset UDP Shellcode (shellcode.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/05/20 - v10931 Ruleset Updates	69	May 20, 2025
Ruleset Update Summary - 2025/05/01 - v10918 Ruleset Updates	77	May 1, 2025
Ruleset Update Summary - 2025/04/14 - v10904 Ruleset Updates	108	April 14, 2025
Ruleset Update Summary - 2024/11/29 - v10761 Ruleset Updates	46	November 29, 2024
Ruleset Update Summary - 2025/02/03 - v10851 Ruleset Updates	131	February 3, 2025

Ruleset Update Summary - 2025/05/05 - v10920

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related topics