Ruleset Update Summary - 2025/04/08 - v10900

rulesbot · April 8, 2025, 8:56pm

Summary:

44 new OPEN, 47 new PRO (44 + 3)

Added rules:

Open:

2061365 - ET WEB_SPECIFIC_APPS GeoVision GV-ASManager <v6.1.0.0 Information Disclosure (CVE-2024-56902) (web_specific_apps.rules)
2061366 - ET INFO DYNAMIC_DNS Query to a *.nettekks .com domain (info.rules)
2061367 - ET INFO DYNAMIC_DNS HTTP Request to a *.nettekks .com domain (info.rules)
2061368 - ET INFO DYNAMIC_DNS Query to a *.quality-electronics .com domain (info.rules)
2061369 - ET INFO DYNAMIC_DNS HTTP Request to a *.quality-electronics .com domain (info.rules)
2061370 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (palsmedq .run) (malware.rules)
2061371 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (palsmedq .run) in TLS SNI (malware.rules)
2061372 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zealjkh .digital) (malware.rules)
2061373 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zealjkh .digital) in TLS SNI (malware.rules)
2061374 - ET WEB_SPECIFIC_APPS PostgreSQL pgAdmin4 Authenticated Remote Code Execution (CVE-2025-2945) M1 (web_specific_apps.rules)
2061375 - ET WEB_SPECIFIC_APPS PostgreSQL pgAdmin4 Authenticated Remote Code Execution (CVE-2025-2945) M2 (web_specific_apps.rules)
2061376 - ET MALWARE Generic Malware CnC Activity - (Unix Timestamp In HTTP URI) (malware.rules)
2061377 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (gsejewelers .com) (exploit_kit.rules)
2061378 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (lawofcjdj .com) (exploit_kit.rules)
2061379 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (nelsonsys .com) (exploit_kit.rules)
2061380 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (gsejewelers .com) (exploit_kit.rules)
2061381 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (lawofcjdj .com) (exploit_kit.rules)
2061382 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (nelsonsys .com) (exploit_kit.rules)
2061383 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (customer .adroitbookkeepingsolutions .com) (malware.rules)
2061384 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (customer .adroitbookkeepingsolutions .com) (malware.rules)
2061385 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (islonline .org) (exploit_kit.rules)
2061386 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bstionline .com) (exploit_kit.rules)
2061387 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (alhasba .com) (exploit_kit.rules)
2061388 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (islonline .org) (exploit_kit.rules)
2061389 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bstionline .com) (exploit_kit.rules)
2061390 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (alhasba .com) (exploit_kit.rules)
2061391 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clarmodq .top) (malware.rules)
2061392 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (clarmodq .top in TLS SNI) (malware.rules)
2061393 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soursopsf .run) (malware.rules)
2061394 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (soursopsf .run in TLS SNI) (malware.rules)
2061395 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (changeaie .top) (malware.rules)
2061396 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (changeaie .top in TLS SNI) (malware.rules)
2061397 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (easyupgw .live) (malware.rules)
2061398 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (easyupgw .live in TLS SNI) (malware.rules)
2061399 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (liftally .top) (malware.rules)
2061400 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (liftally .top in TLS SNI) (malware.rules)
2061401 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (upmodini .digital) (malware.rules)
2061402 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (upmodini .digital in TLS SNI) (malware.rules)
2061403 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (salaccgfa .top) (malware.rules)
2061404 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (salaccgfa .top in TLS SNI) (malware.rules)
2061405 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zestmodp .top) (malware.rules)
2061406 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zestmodp .top in TLS SNI) (malware.rules)
2061407 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (xcelmodo .run) (malware.rules)
2061408 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (xcelmodo .run in TLS SNI) (malware.rules)

Pro:

2861083 - ETPRO EXPLOIT Microsoft Windows Kerberos Security Feature Bypass (CVE-2025-29809) (exploit.rules)
2861084 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2861085 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

2061305 - ET WEB_SPECIFIC_APPS Apache Pinot Authentication Bypass (CVE-2024-56325) (web_specific_apps.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/20 - v10887 Ruleset Updates	92	March 20, 2025
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	122	March 11, 2025
Ruleset Update Summary - 2025/03/31 - v10894 Ruleset Updates	83	March 31, 2025
Ruleset Update Summary - 2025/02/18 - v10861 Ruleset Updates	177	February 18, 2025
Ruleset Update Summary - 2025/04/21 - v10910 Ruleset Updates	85	April 21, 2025

Ruleset Update Summary - 2025/04/08 - v10900

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics