Summary:
66 new OPEN, 95 new PRO (66 + 29)
Added rules:
Open:
- 2059808 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abdibingjwhs .click) (malware.rules)
- 2059809 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (abdibingjwhs .click in TLS SNI) (malware.rules)
- 2059810 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (adventureseekerstop .top) (malware.rules)
- 2059811 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (adventureseekerstop .top in TLS SNI) (malware.rules)
- 2059812 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ecofriendl .top) (malware.rules)
- 2059813 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ecofriendl .top in TLS SNI) (malware.rules)
- 2059814 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rollinsccred .biz) (malware.rules)
- 2059815 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rollinsccred .biz in TLS SNI) (malware.rules)
- 2059816 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (winnyhelplejsu .shop) (malware.rules)
- 2059817 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (winnyhelplejsu .shop in TLS SNI) (malware.rules)
- 2059818 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (believezioep .com) (malware.rules)
- 2059819 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (believezioep .com in TLS SNI) (malware.rules)
- 2059820 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bookwormstop .top) (malware.rules)
- 2059821 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bookwormstop .top in TLS SNI) (malware.rules)
- 2059822 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cabbagepattof .net) (malware.rules)
- 2059823 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cabbagepattof .net in TLS SNI) (malware.rules)
- 2059824 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clammypunero .com) (malware.rules)
- 2059825 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (clammypunero .com in TLS SNI) (malware.rules)
- 2059826 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deliciousrecspes .top) (malware.rules)
- 2059827 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deliciousrecspes .top in TLS SNI) (malware.rules)
- 2059828 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dreambjig .top) (malware.rules)
- 2059829 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dreambjig .top in TLS SNI) (malware.rules)
- 2059830 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (entrepreneurstop .top) (malware.rules)
- 2059831 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (entrepreneurstop .top in TLS SNI) (malware.rules)
- 2059832 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (garderjjerop .com) (malware.rules)
- 2059833 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (garderjjerop .com in TLS SNI) (malware.rules)
- 2059834 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plasticreie .com) (malware.rules)
- 2059835 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plasticreie .com in TLS SNI) (malware.rules)
- 2059836 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shunstriderk .net) (malware.rules)
- 2059837 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (shunstriderk .net in TLS SNI) (malware.rules)
- 2059838 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (skirtgrippys .com) (malware.rules)
- 2059839 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (skirtgrippys .com in TLS SNI) (malware.rules)
- 2059840 - ET POLICY Contec Health CMS8000 Patient Monitor Insecure Default HL7 Protocol Server IP (CVE-2025-0626) (policy.rules)
- 2059841 - ET POLICY Contec Health CMS8000 Patient Monitor Insecure Default CMS Protocol Server IP (CVE-2025-0626) (policy.rules)
- 2059842 - ET WEB_SPECIFIC_APPS YETI Platform Server-Side Template Injection (CVE-2024-45607) (web_specific_apps.rules)
- 2059843 - ET WEB_SPECIFIC_APPS SimpleHelp Support Server Unauthenticated Path Traversal (serverconfig.xml) (CVE-2024-57727) (web_specific_apps.rules)
- 2059844 - ET INFO DYNAMIC_DNS Query to a *.ibernoticias .com domain (info.rules)
- 2059845 - ET INFO DYNAMIC_DNS HTTP Request to a *.ibernoticias .com domain (info.rules)
- 2059846 - ET MALWARE Win32/IcedID CnC Domain in DNS Lookup (toughflatlying .com) (malware.rules)
- 2059847 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (PersonalFinanceAdvice .biz) (malware.rules)
- 2059848 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (PersonalFinanceAdvice .biz in TLS SNI) (malware.rules)
- 2059849 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (azurgewhisper .hair) (malware.rules)
- 2059850 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (azurgewhisper .hair in TLS SNI) (malware.rules)
- 2059851 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (culinarydelighytts .top) (malware.rules)
- 2059852 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (culinarydelighytts .top in TLS SNI) (malware.rules)
- 2059853 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enchanutedmeadow .hair) (malware.rules)
- 2059854 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enchanutedmeadow .hair in TLS SNI) (malware.rules)
- 2059855 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (encirelk .cyou) (malware.rules)
- 2059856 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (encirelk .cyou in TLS SNI) (malware.rules)
- 2059857 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fitnessgurustop .top) (malware.rules)
- 2059858 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fitnessgurustop .top in TLS SNI) (malware.rules)
- 2059859 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (minlliving .biz) (malware.rules)
- 2059860 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (minlliving .biz in TLS SNI) (malware.rules)
- 2059861 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thingspouter .top) (malware.rules)
- 2059862 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (thingspouter .top in TLS SNI) (malware.rules)
- 2059863 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (warlikedbeliev .org) (malware.rules)
- 2059864 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (warlikedbeliev .org in TLS SNI) (malware.rules)
- 2059865 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (idioinc .com) (exploit_kit.rules)
- 2059866 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (idioinc .com) (exploit_kit.rules)
- 2059867 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (newgoodfoodmarket .com) (exploit_kit.rules)
- 2059868 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in TLS SNI (newgoodfoodmarket .com) (exploit_kit.rules)
- 2059869 - ET MALWARE SocGholish CnC Domain in DNS Lookup (btctrading .crestlinesolutions .work) (malware.rules)
- 2059870 - ET MALWARE SocGholish CnC Domain in TLS SNI (btctrading .crestlinesolutions .work) (malware.rules)
- 2059871 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vbcsd .top) (exploit_kit.rules)
- 2059872 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vbcsd .top) (exploit_kit.rules)
- 2059873 - ET WEB_SPECIFIC_APPS Ivanti Endpoint Manager Unauthorized XML External Entity (CVE-2024-37397) (web_specific_apps.rules)
Pro:
- 2859862 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859863 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859864 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859865 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859866 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859867 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859868 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859869 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859870 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859871 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859872 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859873 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859874 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859875 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859876 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859877 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859878 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2859879 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2859880 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2859881 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2859882 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2859883 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2859884 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2859885 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2859886 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2859887 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
- 2859888 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2859889 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859890 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
Modified inactive rules:
- 2023611 - ET MALWARE Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 107 (malware.rules)
Disabled and modified rules:
- 2058017 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bfd78 .biz) (exploit_kit.rules)
- 2058018 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (zeroassoluto .biz) (exploit_kit.rules)
- 2058019 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (best-net .biz) (exploit_kit.rules)
- 2058020 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aquabaru .online) (exploit_kit.rules)
- 2058021 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chudautu .info) (exploit_kit.rules)
- 2058022 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bfd78 .biz) (exploit_kit.rules)
- 2058023 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (zeroassoluto .biz) (exploit_kit.rules)
- 2058024 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (best-net .biz) (exploit_kit.rules)
- 2058025 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aquabaru .online) (exploit_kit.rules)
- 2058026 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chudautu .info) (exploit_kit.rules)
- 2058035 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .trc20 .kcgrocks .com) (malware.rules)
- 2058049 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (q8ds .net) (exploit_kit.rules)
- 2058050 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (q8ds .net) (exploit_kit.rules)
- 2058065 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (renqidm .info) (exploit_kit.rules)
- 2058066 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (renqidm .info) (exploit_kit.rules)
- 2058088 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (opravy .biz) (exploit_kit.rules)
- 2058089 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (space-cadet .info) (exploit_kit.rules)
- 2058090 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (wanconyan .co) (exploit_kit.rules)
- 2058091 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bentia .info) (exploit_kit.rules)
- 2058092 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (opravy .biz) (exploit_kit.rules)
- 2058093 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (space-cadet .info) (exploit_kit.rules)
- 2058094 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (wanconyan .co) (exploit_kit.rules)
- 2058095 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bentia .info) (exploit_kit.rules)
- 2058097 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .law .kimsavagelaw .com) (malware.rules)
- 2058099 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (chewels .com) (exploit_kit.rules)
- 2058100 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (chewels .com) (exploit_kit.rules)
- 2059297 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .regular .ptbaconsulting .com) (malware.rules)
- 2059298 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .regular .ptbaconsulting .com) (malware.rules)
- 2859587 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859606 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859607 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859608 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859620 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859625 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859626 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859856 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)