Summary:
6 new OPEN, 8 new PRO (6 + 2)
Added rules:
Open:
- 2060030 - ET EXPLOIT Microsoft Windows Themes Spoofing (CVE-2024-38030) (exploit.rules)
- 2060031 - ET EXPLOIT Microsoft Windows Themes Spoofing (CVE-2024-21320) (exploit.rules)
- 2060032 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (iconcss.com) (exploit_kit.rules)
- 2060033 - ET MALWARE ReverseLoader Style Payload Request (GET) (malware.rules)
- 2060034 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (52ecy .shop) (exploit_kit.rules)
- 2060035 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (52ecy .shop) (exploit_kit.rules)
Pro:
- 2860234 - ETPRO EXPLOIT NTLM Hash Disclosure via InternetShortcut (CVE-2025-21377) (exploit.rules)
- 2860235 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
Disabled and modified rules:
- 2060015 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .jpainting .ca) (malware.rules)
- 2060016 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .jpainting .ca) (malware.rules)
- 2819866 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.CI Checkin (mobile_malware.rules)