Ruleset Update Summary - 2025/04/01 - v10895

Summary:

16 new OPEN, 18 new PRO (16 + 2)


Added rules:

Open:

  • 2061230 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (pa-portal .premierhomeviews .com) (malware.rules)
  • 2061231 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (pa-portal .premierhomeviews .com) (malware.rules)
  • 2061232 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (movtime78 .shop) (exploit_kit.rules)
  • 2061233 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (machine-a-plastifier .com) (exploit_kit.rules)
  • 2061234 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (movtime78 .shop) (exploit_kit.rules)
  • 2061235 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (machine-a-plastifier .com) (exploit_kit.rules)
  • 2061236 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ailmentr .run) (malware.rules)
  • 2061237 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ailmentr .run) in TLS SNI (malware.rules)
  • 2061238 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deflamep .live) (malware.rules)
  • 2061239 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deflamep .live) in TLS SNI (malware.rules)
  • 2061240 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ferrofyg .run) (malware.rules)
  • 2061241 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ferrofyg .run) in TLS SNI (malware.rules)
  • 2061242 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (oreironx .live) (malware.rules)
  • 2061243 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (oreironx .live) in TLS SNI (malware.rules)
  • 2061244 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (weldarob .live) (malware.rules)
  • 2061245 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (weldarob .live) in TLS SNI (malware.rules)

Pro:

  • 2861022 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2861023 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)