Ruleset Update Summary - 2025/02/14 - v10860

Ruleset Updates
1

Summary:

27 new OPEN, 35 new PRO (27 + 8)

Added rules:

Open:

  • 2060089 - ET EXPLOIT Zyxel DSL CPE Management Interface Default Credentials (supervisor) (CVE-2025-0890) (exploit.rules)
  • 2060090 - ET EXPLOIT Zyxel DSL CPE Management Interface Default Credentials (admin) (CVE-2025-0890) (exploit.rules)
  • 2060091 - ET EXPLOIT Zyxel DSL CPE Management Interface Default Credentials (zyuser) (CVE-2025-0890) (exploit.rules)
  • 2060092 - ET INFO DYNAMIC_DNS Query to a *.solarorbit .net domain (info.rules)
  • 2060093 - ET INFO DYNAMIC_DNS HTTP Request to a *.solarorbit .net domain (info.rules)
  • 2060094 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (BrighqtHorizon .cyou) (malware.rules)
  • 2060095 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (BrighqtHorizon .cyou in TLS SNI) (malware.rules)
  • 2060096 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ZefnEcho .cyou) (malware.rules)
  • 2060097 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ZefnEcho .cyou in TLS SNI) (malware.rules)
  • 2060098 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (forwardxinspiration .today) (malware.rules)
  • 2060099 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (forwardxinspiration .today in TLS SNI) (malware.rules)
  • 2060100 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (friendseforever .help) (malware.rules)
  • 2060101 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (friendseforever .help in TLS SNI) (malware.rules)
  • 2060102 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (naturewsounds .help) (malware.rules)
  • 2060103 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (naturewsounds .help in TLS SNI) (malware.rules)
  • 2060104 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shiningrstars .help) (malware.rules)
  • 2060105 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (shiningrstars .help in TLS SNI) (malware.rules)
  • 2060106 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (apiexplorerzone .com) (exploit_kit.rules)
  • 2060107 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in TLS SNI (apiexplorerzone .com) (exploit_kit.rules)
  • 2060108 - ET MALWARE TA582 CnC Checkin (malware.rules)
  • 2060109 - ET WEB_SPECIFIC_APPS Zyxel DSL CPE Authenticated HTTP Command Injection (CVE-2024-40890) (web_specific_apps.rules)
  • 2060110 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (agretex .com) (exploit_kit.rules)
  • 2060111 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (eecsys .com) (exploit_kit.rules)
  • 2060112 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (juehaicihang01 .shop) (exploit_kit.rules)
  • 2060113 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (juehaicihang01 .shop) (exploit_kit.rules)
  • 2060114 - ET MALWARE SocGholish CnC Domain in DNS Lookup (exchange .tuckx .com) (malware.rules)
  • 2060115 - ET MALWARE SocGholish CnC Domain in TLS SNI (exchange .tuckx .com) (malware.rules)

Pro:

  • 2860338 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860339 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860340 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860341 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860342 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2860343 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2860344 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2860345 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)