Ruleset Update Summary - 2025/05/20 - v10931

rulesbot · May 20, 2025, 8:24pm

Summary:

36 new OPEN, 36 new PRO (36 + 0)

Added rules:

Open:

2062461 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bubblezdjw .live) (malware.rules)
2062462 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bubblezdjw .live) in TLS SNI (malware.rules)
2062463 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (caitraohvi .bet) (malware.rules)
2062464 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (caitraohvi .bet) in TLS SNI (malware.rules)
2062465 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (citellcagt .top) (malware.rules)
2062466 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (citellcagt .top) in TLS SNI (malware.rules)
2062467 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (escczlv .top) (malware.rules)
2062468 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (escczlv .top) in TLS SNI (malware.rules)
2062469 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (galijd .shop) (malware.rules)
2062470 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (galijd .shop) in TLS SNI (malware.rules)
2062471 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (genusbwaiw .live) (malware.rules)
2062472 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (genusbwaiw .live) in TLS SNI (malware.rules)
2062473 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gettoknwg .life) (malware.rules)
2062474 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gettoknwg .life) in TLS SNI (malware.rules)
2062475 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (haircuirfm .top) (malware.rules)
2062476 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (haircuirfm .top) in TLS SNI (malware.rules)
2062477 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (leasegjjr .digital) (malware.rules)
2062478 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (leasegjjr .digital) in TLS SNI (malware.rules)
2062479 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (maxmtsq .bet) (malware.rules)
2062480 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (maxmtsq .bet) in TLS SNI (malware.rules)
2062481 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moondips .bet) (malware.rules)
2062482 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (moondips .bet) in TLS SNI (malware.rules)
2062483 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shoresolfe .live) (malware.rules)
2062484 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (shoresolfe .live) in TLS SNI (malware.rules)
2062485 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starsciw .shop) (malware.rules)
2062486 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (starsciw .shop) in TLS SNI (malware.rules)
2062487 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (threatqjqy .top) (malware.rules)
2062488 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (threatqjqy .top) in TLS SNI (malware.rules)
2062489 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trotwhvn .live) (malware.rules)
2062490 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (trotwhvn .live) in TLS SNI (malware.rules)
2062491 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (winterghzp .digital) (malware.rules)
2062492 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (winterghzp .digital) in TLS SNI (malware.rules)
2062493 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (k2bsc .top) (exploit_kit.rules)
2062494 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (k2bsc .top) (exploit_kit.rules)
2062495 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (app .nerduptechnology .com) (malware.rules)
2062496 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (app .nerduptechnology .com) (malware.rules)

Disabled and modified rules:

2062315 - ET WEB_SPECIFIC_APPS Totolink A3002R formDnsv6 routername Parameter Buffer Overflow Attempt (web_specific_apps.rules)
2062454 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (sorts-pushed-completely-manuals .trycloudflare .com) (exploit_kit.rules)
2062455 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (sorts-pushed-completely-manuals .trycloudflare .com) (exploit_kit.rules)
2861712 - ETPRO MALWARE Observed DNS Query to TA399/Sidewinder Domain (malware.rules)
2861716 - ETPRO MALWARE Observed TA399/Sidewinder Domain in TLS SNI (malware.rules)
2861751 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861755 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861760 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861765 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861767 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/05/05 - v10920 Ruleset Updates	77	May 5, 2025
Ruleset Update Summary - 2024/11/11 - v10739 Ruleset Updates	107	November 11, 2024
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	123	November 12, 2024
Ruleset Update Summary - 2024/11/29 - v10761 Ruleset Updates	43	November 29, 2024
Ruleset Update Summary - 2025/02/03 - v10851 Ruleset Updates	126	February 3, 2025

Ruleset Update Summary - 2025/05/20 - v10931

Summary:

Added rules:

Open:

Disabled and modified rules:

Related topics