Summary:
33 new OPEN, 34 new PRO (33 + 1)
Added rules:
Open:
- 2061257 - ET USER_AGENTS Deprecated Xiaomi Mi Browser User-Agent Observed (user_agents.rules)
- 2061258 - ET WEB_SPECIFIC_APPS Sitecore Experience Platforms Remote Code Execution (CVE-2023-35813) (web_specific_apps.rules)
- 2061259 - ET WEB_SPECIFIC_APPS Kentico Xperience CMS Cross Site Scripting via Unauthenticated File Upload Attempt (CVE-2025-2748) (web_specific_apps.rules)
- 2061260 - ET INFO DYNAMIC_DNS Query to a *.daveengineer .com domain (info.rules)
- 2061261 - ET INFO DYNAMIC_DNS HTTP Request to a *.daveengineer .com domain (info.rules)
- 2061262 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (candidt .live) (malware.rules)
- 2061263 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (candidt .live) in TLS SNI (malware.rules)
- 2061264 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (freshyu .digital) (malware.rules)
- 2061265 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (freshyu .digital) in TLS SNI (malware.rules)
- 2061266 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grxeasyw .digital) (malware.rules)
- 2061267 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grxeasyw .digital) in TLS SNI (malware.rules)
- 2061268 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ingotyxx .live) (malware.rules)
- 2061269 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ingotyxx .live) in TLS SNI (malware.rules)
- 2061270 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (jrxsafer .top) (malware.rules)
- 2061271 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (jrxsafer .top) in TLS SNI (malware.rules)
- 2061272 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (krxspint .digital) (malware.rules)
- 2061273 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (krxspint .digital) in TLS SNI (malware.rules)
- 2061274 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rhxhube .run) (malware.rules)
- 2061275 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rhxhube .run) in TLS SNI (malware.rules)
- 2061276 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (xrfxcaseq .live) (malware.rules)
- 2061277 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (xrfxcaseq .live) in TLS SNI (malware.rules)
- 2061278 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ywmedici .top) (malware.rules)
- 2061279 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ywmedici .top) in TLS SNI (malware.rules)
- 2061280 - ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746) (web_specific_apps.rules)
- 2061281 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (liberatuie .run) (malware.rules)
- 2061282 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (liberatuie .run in TLS SNI) (malware.rules)
- 2061283 - ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2747) (web_specific_apps.rules)
- 2061284 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (webproinc .com) (exploit_kit.rules)
- 2061285 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (webproinc .com) (exploit_kit.rules)
- 2061286 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (covaticonstructioncorp .shop) (exploit_kit.rules)
- 2061287 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (covaticonstructioncorp .shop) (exploit_kit.rules)
- 2061288 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (landing .survival-kitz .com) (malware.rules)
- 2061289 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (landing .survival-kitz .com) (malware.rules)
Pro:
- 2861058 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)