Ruleset Update Summary - 2025/08/05 - v10986

Ruleset Updates
1

Summary:

4 new OPEN, 100 new PRO (4 + 96)

Added rules:

Open:

  • 2063901 - ET MALWARE TA569 Staging Server Domain in DNS Lookup (secure .groizhosting .com) (malware.rules)
  • 2063902 - ET MALWARE TA569 Staging Server Domain in TLS SNI (secure .groizhosting .com) (malware.rules)
  • 2063903 - ET WEB_SPECIFIC_APPS ABB Cylon Aspect Guest login Privilege Escalation M1 (web_specific_apps.rules)
  • 2063904 - ET WEB_SPECIFIC_APPS ABB Cylon Aspect Guest login Privilege Escalation M2 (web_specific_apps.rules)

Pro:

  • 2864001 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864002 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864003 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864004 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864005 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864006 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864007 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864008 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864009 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864010 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864011 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864012 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864013 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864014 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864015 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864016 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864017 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864018 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864019 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864020 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864021 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864022 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864023 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864024 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864025 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864026 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864027 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864028 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864029 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864030 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864031 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864032 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864033 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864034 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864035 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864036 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864037 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864038 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864039 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864040 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864041 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864042 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864043 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864044 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
  • 2864045 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864046 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864047 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864048 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864049 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864050 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864051 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864052 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864053 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864054 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864055 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864056 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864057 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864058 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864059 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864060 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864061 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864062 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864063 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864064 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864065 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864066 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864067 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864068 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864069 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864070 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864071 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864072 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864073 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864074 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864075 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2864076 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2864077 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2864078 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2864079 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864080 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2864081 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2864082 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2864083 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2864084 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864085 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864086 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864087 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864088 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864089 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864090 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864091 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864092 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864093 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864094 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864095 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
  • 2864096 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)

Disabled and modified rules:

  • 2053668 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (richardflorespoew .shop) (malware.rules)
  • 2053669 - ET MALWARE Observed Lumma Stealer Related Domain (richardflorespoew .shop in TLS SNI) (malware.rules)
  • 2053670 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (strwawrunnygjwu .shop) (malware.rules)
  • 2053671 - ET MALWARE Observed Lumma Stealer Related Domain (strwawrunnygjwu .shop in TLS SNI) (malware.rules)
  • 2053672 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (justifycanddidatewd .shop) (malware.rules)
  • 2053673 - ET MALWARE Observed Lumma Stealer Related Domain (justifycanddidatewd .shop in TLS SNI) (malware.rules)
  • 2053674 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (raiseboltskdlwpow .shop) (malware.rules)
  • 2053675 - ET MALWARE Observed Lumma Stealer Related Domain (raiseboltskdlwpow .shop in TLS SNI) (malware.rules)
  • 2053676 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (falseaudiencekd .shop) (malware.rules)
  • 2053677 - ET MALWARE Observed Lumma Stealer Related Domain (falseaudiencekd .shop in TLS SNI) (malware.rules)
  • 2053678 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pleasurenarrowsdla .shop) (malware.rules)
  • 2053679 - ET MALWARE Observed Lumma Stealer Related Domain (pleasurenarrowsdla .shop in TLS SNI) (malware.rules)
  • 2053680 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (feighminoritsjda .shop) (malware.rules)
  • 2053681 - ET MALWARE Observed Lumma Stealer Related Domain (feighminoritsjda .shop in TLS SNI) (malware.rules)
  • 2053682 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (marathonbeedksow .shop) (malware.rules)
  • 2053683 - ET MALWARE Observed Lumma Stealer Related Domain (marathonbeedksow .shop in TLS SNI) (malware.rules)
  • 2053684 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (flimsybrieffykmew .shop) (malware.rules)
  • 2053685 - ET MALWARE Observed Lumma Stealer Related Domain (flimsybrieffykmew .shop in TLS SNI) (malware.rules)
  • 2053686 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cottageaskyflolewk .shop) (malware.rules)
  • 2053687 - ET MALWARE Observed Lumma Stealer Related Domain (cottageaskyflolewk .shop in TLS SNI) (malware.rules)
  • 2053725 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (snaillymarriaggew .shop) (malware.rules)
  • 2053726 - ET MALWARE Observed Lumma Stealer Related Domain (snaillymarriaggew .shop in TLS SNI) (malware.rules)
  • 2053727 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (thidrsorebahsufll .shop) (malware.rules)
  • 2053728 - ET MALWARE Observed Lumma Stealer Related Domain (thidrsorebahsufll .shop in TLS SNI) (malware.rules)
  • 2053750 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (doughtdrillyksow .shop) (malware.rules)
  • 2053751 - ET MALWARE Observed Lumma Stealer Related Domain (doughtdrillyksow .shop in TLS SNI) (malware.rules)
  • 2053752 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (publicitycharetew .shop) (malware.rules)
  • 2053753 - ET MALWARE Observed Lumma Stealer Related Domain (publicitycharetew .shop in TLS SNI) (malware.rules)
  • 2053754 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (facilitycoursedw .shop) (malware.rules)
  • 2053755 - ET MALWARE Observed Lumma Stealer Related Domain (facilitycoursedw .shop in TLS SNI) (malware.rules)
  • 2053756 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bargainnygroandjwk .shop) (malware.rules)
  • 2053757 - ET MALWARE Observed Lumma Stealer Related Domain (bargainnygroandjwk .shop in TLS SNI) (malware.rules)
  • 2053758 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (injurypiggyoewirog .shop) (malware.rules)
  • 2053759 - ET MALWARE Observed Lumma Stealer Related Domain (injurypiggyoewirog .shop in TLS SNI) (malware.rules)
  • 2053760 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (leafcalfconflcitw .shop) (malware.rules)
  • 2053761 - ET MALWARE Observed Lumma Stealer Related Domain (leafcalfconflcitw .shop in TLS SNI) (malware.rules)
  • 2053762 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (computerexcudesp .shop) (malware.rules)
  • 2053763 - ET MALWARE Observed Lumma Stealer Related Domain (computerexcudesp .shop in TLS SNI) (malware.rules)
  • 2053764 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (disappointcredisotw .shop) (malware.rules)
  • 2053765 - ET MALWARE Observed Lumma Stealer Related Domain (disappointcredisotw .shop in TLS SNI) (malware.rules)
  • 2053797 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (accumulationeyerwos .shop) (malware.rules)
  • 2053798 - ET MALWARE Observed Lumma Stealer Related Domain (accumulationeyerwos .shop in TLS SNI) (malware.rules)
  • 2053812 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (backcreammykiel .shop) (malware.rules)
  • 2053813 - ET MALWARE Observed Lumma Stealer Related Domain (backcreammykiel .shop in TLS SNI) (malware.rules)
  • 2053814 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (composepayyersellew .shop) (malware.rules)
  • 2053815 - ET MALWARE Observed Lumma Stealer Related Domain (composepayyersellew .shop in TLS SNI) (malware.rules)
  • 2053816 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (quotakickerrywos .shop) (malware.rules)
  • 2053817 - ET MALWARE Observed Lumma Stealer Related Domain (quotakickerrywos .shop in TLS SNI) (malware.rules)
  • 2053818 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sailorshelfquids .shop) (malware.rules)
  • 2053820 - ET MALWARE Observed Lumma Stealer Related Domain (sailorshelfquids .shop in TLS SNI) (malware.rules)
  • 2053821 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ablesulkyfirstyews .shop) (malware.rules)
  • 2053822 - ET MALWARE Observed Lumma Stealer Related Domain (ablesulkyfirstyews .shop in TLS SNI) (malware.rules)
  • 2054000 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (surprisedscaledowp .xyz) (malware.rules)
  • 2054001 - ET MALWARE Observed Lumma Stealer Related Domain (surprisedscaledowp .xyz in TLS SNI) (malware.rules)
  • 2054002 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (fiondationkvowos .xyz) (malware.rules)
  • 2054003 - ET MALWARE Observed Lumma Stealer Related Domain (fiondationkvowos .xyz in TLS SNI) (malware.rules)
  • 2054004 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (voyagedprivillywk .xyz) (malware.rules)
  • 2054005 - ET MALWARE Observed Lumma Stealer Related Domain (voyagedprivillywk .xyz in TLS SNI) (malware.rules)
  • 2054006 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (singerreasonnbasldd .xyz) (malware.rules)
  • 2054007 - ET MALWARE Observed Lumma Stealer Related Domain (singerreasonnbasldd .xyz in TLS SNI) (malware.rules)
  • 2054008 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (clerkpolicemandwusi .xyz) (malware.rules)
  • 2054009 - ET MALWARE Observed Lumma Stealer Related Domain (clerkpolicemandwusi .xyz in TLS SNI) (malware.rules)
  • 2054010 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (spitechallengddwlsv .xyz) (malware.rules)
  • 2054011 - ET MALWARE Observed Lumma Stealer Related Domain (spitechallengddwlsv .xyz in TLS SNI) (malware.rules)
  • 2054012 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (matterrydamagedowkds .xyz) (malware.rules)
  • 2054013 - ET MALWARE Observed Lumma Stealer Related Domain (matterrydamagedowkds .xyz in TLS SNI) (malware.rules)
  • 2054014 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (varitycookypowerw .xyz) (malware.rules)
  • 2054015 - ET MALWARE Observed Lumma Stealer Related Domain (varitycookypowerw .xyz in TLS SNI) (malware.rules)
  • 2054016 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (peasanthovecapspll .shop) (malware.rules)
  • 2054017 - ET MALWARE Observed Lumma Stealer Related Domain (peasanthovecapspll .shop in TLS SNI) (malware.rules)
  • 2054018 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (vesselcultiralkettlw .shop) (malware.rules)
  • 2054019 - ET MALWARE Observed Lumma Stealer Related Domain (vesselcultiralkettlw .shop in TLS SNI) (malware.rules)
  • 2054079 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (constructgeneratisa .xyz) (malware.rules)
  • 2054080 - ET MALWARE Observed Lumma Stealer Related Domain (constructgeneratisa .xyz in TLS SNI) (malware.rules)
  • 2054081 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (exertcreatedadnndjw .xyz) (malware.rules)
  • 2054082 - ET MALWARE Observed Lumma Stealer Related Domain (exertcreatedadnndjw .xyz in TLS SNI) (malware.rules)
  • 2054083 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (panameradovkews .xyz) (malware.rules)
  • 2054084 - ET MALWARE Observed Lumma Stealer Related Domain (panameradovkews .xyz in TLS SNI) (malware.rules)
  • 2054085 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (manufactiredowreachhd .xyz) (malware.rules)
  • 2054086 - ET MALWARE Observed Lumma Stealer Related Domain (manufactiredowreachhd .xyz in TLS SNI) (malware.rules)
  • 2054087 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (gloomopiniosnforuw .xyz) (malware.rules)
  • 2054088 - ET MALWARE Observed Lumma Stealer Related Domain (gloomopiniosnforuw .xyz in TLS SNI) (malware.rules)
  • 2054089 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (slammyslideplanntywks .xyz) (malware.rules)
  • 2054090 - ET MALWARE Observed Lumma Stealer Related Domain (slammyslideplanntywks .xyz in TLS SNI) (malware.rules)
  • 2054091 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (compilecoppydkewsw .xyz) (malware.rules)
  • 2054092 - ET MALWARE Observed Lumma Stealer Related Domain (compilecoppydkewsw .xyz in TLS SNI) (malware.rules)
  • 2054093 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (depositybounceddwk .xyz) (malware.rules)
  • 2054094 - ET MALWARE Observed Lumma Stealer Related Domain (depositybounceddwk .xyz in TLS SNI) (malware.rules)
  • 2054095 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (aplointexhausdh .xyz) (malware.rules)
  • 2054096 - ET MALWARE Observed Lumma Stealer Related Domain (aplointexhausdh .xyz in TLS SNI) (malware.rules)
  • 2054097 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (proffyrobharborye .xyz) (malware.rules)
  • 2054098 - ET MALWARE Observed Lumma Stealer Related Domain (proffyrobharborye .xyz in TLS SNI) (malware.rules)
  • 2054099 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (landownerryparaxodwo .xyz) (malware.rules)
  • 2054100 - ET MALWARE Observed Lumma Stealer Related Domain (landownerryparaxodwo .xyz in TLS SNI) (malware.rules)
  • 2054117 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deadtrainingactioniw .xyz) (malware.rules)
  • 2054118 - ET MALWARE Observed Lumma Stealer Related Domain (deadtrainingactioniw .xyz in TLS SNI) (malware.rules)
  • 2054119 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (qualificationjdwko .xyz) (malware.rules)
  • 2054120 - ET MALWARE Observed Lumma Stealer Related Domain (qualificationjdwko .xyz in TLS SNI) (malware.rules)
  • 2054121 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (grandcommonyktsju .xyz) (malware.rules)
  • 2054122 - ET MALWARE Observed Lumma Stealer Related Domain (grandcommonyktsju .xyz in TLS SNI) (malware.rules)
  • 2054123 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (wordingnatturedowo .xyz) (malware.rules)
  • 2054124 - ET MALWARE Observed Lumma Stealer Related Domain (wordingnatturedowo .xyz in TLS SNI) (malware.rules)
  • 2054125 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (crisisrottenyjs .xyz) (malware.rules)
  • 2054126 - ET MALWARE Observed Lumma Stealer Related Domain (crisisrottenyjs .xyz in TLS SNI) (malware.rules)
  • 2054127 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (sweetcalcutangkdow .xyz) (malware.rules)
  • 2054128 - ET MALWARE Observed Lumma Stealer Related Domain (sweetcalcutangkdow .xyz in TLS SNI) (malware.rules)
  • 2054129 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (cooperatvassquaidmew .xyz) (malware.rules)
  • 2054130 - ET MALWARE Observed Lumma Stealer Related Domain (cooperatvassquaidmew .xyz in TLS SNI) (malware.rules)
  • 2054131 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (exuberanttjdkwo .xyz) (malware.rules)
  • 2054132 - ET MALWARE Observed Lumma Stealer Related Domain (exuberanttjdkwo .xyz in TLS SNI) (malware.rules)
  • 2054174 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (swellfrrgwwos .xyz) (malware.rules)
  • 2054175 - ET MALWARE Observed Lumma Stealer Related Domain (swellfrrgwwos .xyz in TLS SNI) (malware.rules)
  • 2054176 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (pedestriankodwu .xyz) (malware.rules)
  • 2054177 - ET MALWARE Observed Lumma Stealer Related Domain (pedestriankodwu .xyz in TLS SNI) (malware.rules)
  • 2054178 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (towerxxuytwi .xyz) (malware.rules)
  • 2054179 - ET MALWARE Observed Lumma Stealer Related Domain (towerxxuytwi .xyz in TLS SNI) (malware.rules)
  • 2054180 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (contintnetksows .shop) (malware.rules)
  • 2054181 - ET MALWARE Observed Lumma Stealer Related Domain (contintnetksows .shop in TLS SNI) (malware.rules)
  • 2054182 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (potterryisiw .shop) (malware.rules)
  • 2054183 - ET MALWARE Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) (malware.rules)
  • 2054184 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (foodypannyjsud .shop) (malware.rules)
  • 2054185 - ET MALWARE Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) (malware.rules)
  • 2054186 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (ellaboratepwsz .xyz) (malware.rules)
  • 2054187 - ET MALWARE Observed Lumma Stealer Related Domain (ellaboratepwsz .xyz in TLS SNI) (malware.rules)
  • 2054188 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (penetratedpoopp .xyz) (malware.rules)
  • 2054189 - ET MALWARE Observed Lumma Stealer Related Domain (penetratedpoopp .xyz in TLS SNI) (malware.rules)
  • 2054190 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (flockkydwos .shop) (malware.rules)
  • 2054191 - ET MALWARE Observed Lumma Stealer Related Domain (flockkydwos .shop in TLS SNI) (malware.rules)
  • 2054250 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (periodicroytewrsn .shop) (malware.rules)
  • 2054251 - ET MALWARE Observed Lumma Stealer Related Domain (periodicroytewrsn .shop in TLS SNI) (malware.rules)
  • 2054260 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (malware.rules)
  • 2054261 - ET MALWARE Observed Lumma Stealer Related Domain (malware.rules)
  • 2054262 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bouncedgowp .shop) (malware.rules)
  • 2054263 - ET MALWARE Observed Lumma Stealer Related Domain (bouncedgowp .shop in TLS SNI) (malware.rules)
  • 2054264 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bannngwko .shop) (malware.rules)
  • 2054265 - ET MALWARE Observed Lumma Stealer Related Domain (bannngwko .shop in TLS SNI) (malware.rules)
  • 2054266 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (affecthorsedpo .shop) (malware.rules)
  • 2054267 - ET MALWARE Observed Lumma Stealer Related Domain (affecthorsedpo .shop in TLS SNI) (malware.rules)
  • 2054268 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (publicitttyps .shop) (malware.rules)
  • 2054269 - ET MALWARE Observed Lumma Stealer Related Domain (publicitttyps .shop in TLS SNI) (malware.rules)
  • 2054270 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (answerrsdo .shop) (malware.rules)
  • 2054271 - ET MALWARE Observed Lumma Stealer Related Domain (answerrsdo .shop in TLS SNI) (malware.rules)
  • 2054272 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (benchillppwo .shop) (malware.rules)
  • 2054273 - ET MALWARE Observed Lumma Stealer Related Domain (benchillppwo .shop in TLS SNI) (malware.rules)
  • 2054274 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (radiationnopp .shop) (malware.rules)
  • 2054275 - ET MALWARE Observed Lumma Stealer Related Domain (radiationnopp .shop in TLS SNI) (malware.rules)
  • 2054276 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bargainnykwo .shop) (malware.rules)
  • 2054277 - ET MALWARE Observed Lumma Stealer Related Domain (bargainnykwo .shop in TLS SNI) (malware.rules)
  • 2054278 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (lyingchemicow .shop) (malware.rules)
  • 2054279 - ET MALWARE Observed Lumma Stealer Related Domain (lyingchemicow .shop in TLS SNI) (malware.rules)
  • 2054281 - ET MALWARE Observed Lumma Stealer Related Domain (unwielldyzpwo .shop in TLS SNI) (malware.rules)
  • 2054283 - ET MALWARE Observed Lumma Stealer Related Domain (stationacutwo .shop in TLS SNI) (malware.rules)
  • 2054285 - ET MALWARE Observed Lumma Stealer Related Domain (invisibledovereats .shop in TLS SNI) (malware.rules)
  • 2054367 - ET MALWARE Observed Lumma Stealer Related Domain (arritswpoewroso .shop in TLS SNI) (malware.rules)
  • 2054369 - ET MALWARE Observed Lumma Stealer Related Domain (dancecmapleadsjwk .shop in TLS SNI) (malware.rules)
  • 2054371 - ET MALWARE Observed Lumma Stealer Related Domain (gogobad .fun in TLS SNI) (malware.rules)
  • 2054373 - ET MALWARE Observed Lumma Stealer Related Domain (curtainjors .fun in TLS SNI) (malware.rules)
  • 2054375 - ET MALWARE Observed Lumma Stealer Related Domain (civilizzzationo .shop in TLS SNI) (malware.rules)
  • 2054377 - ET MALWARE Observed Lumma Stealer Related Domain (citizencenturygoodwk .shop in TLS SNI) (malware.rules)
  • 2054468 - ET MALWARE Observed Lumma Stealer Related Domain (applyzxcksdia .shop in TLS SNI) (malware.rules)
  • 2054470 - ET MALWARE Observed Lumma Stealer Related Domain (arriveoxpzxo .shop in TLS SNI) (malware.rules)
  • 2054472 - ET MALWARE Observed Lumma Stealer Related Domain (bindceasdiwozx .shop in TLS SNI) (malware.rules)
  • 2054474 - ET MALWARE Observed Lumma Stealer Related Domain (catchddkxozvp .shop in TLS SNI) (malware.rules)
  • 2054476 - ET MALWARE Observed Lumma Stealer Related Domain (conformfucdioz .shop in TLS SNI) (malware.rules)
  • 2054478 - ET MALWARE Observed Lumma Stealer Related Domain (contemplateodszsv .shop in TLS SNI) (malware.rules)
  • 2054480 - ET MALWARE Observed Lumma Stealer Related Domain (declaredczxi .shop in TLS SNI) (malware.rules)
  • 2054482 - ET MALWARE Observed Lumma Stealer Related Domain (excellentdiwdu .shop in TLS SNI) (malware.rules)
  • 2054484 - ET MALWARE Observed Lumma Stealer Related Domain (handyxczos .shop in TLS SNI) (malware.rules)
  • 2054486 - ET MALWARE Observed Lumma Stealer Related Domain (piedsiggnycliquieaw .shop in TLS SNI) (malware.rules)
  • 2054488 - ET MALWARE Observed Lumma Stealer Related Domain (replacedoxcjzp .shop in TLS SNI) (malware.rules)
  • 2054490 - ET MALWARE Observed Lumma Stealer Related Domain (respectabledpcs .shop in TLS SNI) (malware.rules)
  • 2054497 - ET MALWARE Observed Lumma Stealer Related Domain (requestyex .shop in TLS SNI) (malware.rules)
  • 2857634 - ETPRO MALWARE Malicious NetSupport Rat CnC Checkin (malware.rules)