Summary:
44 new OPEN, 47 new PRO (44 + 3)
Added rules:
Open:
- 2061365 - ET WEB_SPECIFIC_APPS GeoVision GV-ASManager <v6.1.0.0 Information Disclosure (CVE-2024-56902) (web_specific_apps.rules)
- 2061366 - ET INFO DYNAMIC_DNS Query to a *.nettekks .com domain (info.rules)
- 2061367 - ET INFO DYNAMIC_DNS HTTP Request to a *.nettekks .com domain (info.rules)
- 2061368 - ET INFO DYNAMIC_DNS Query to a *.quality-electronics .com domain (info.rules)
- 2061369 - ET INFO DYNAMIC_DNS HTTP Request to a *.quality-electronics .com domain (info.rules)
- 2061370 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (palsmedq .run) (malware.rules)
- 2061371 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (palsmedq .run) in TLS SNI (malware.rules)
- 2061372 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zealjkh .digital) (malware.rules)
- 2061373 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zealjkh .digital) in TLS SNI (malware.rules)
- 2061374 - ET WEB_SPECIFIC_APPS PostgreSQL pgAdmin4 Authenticated Remote Code Execution (CVE-2025-2945) M1 (web_specific_apps.rules)
- 2061375 - ET WEB_SPECIFIC_APPS PostgreSQL pgAdmin4 Authenticated Remote Code Execution (CVE-2025-2945) M2 (web_specific_apps.rules)
- 2061376 - ET MALWARE Generic Malware CnC Activity - (Unix Timestamp In HTTP URI) (malware.rules)
- 2061377 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (gsejewelers .com) (exploit_kit.rules)
- 2061378 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (lawofcjdj .com) (exploit_kit.rules)
- 2061379 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (nelsonsys .com) (exploit_kit.rules)
- 2061380 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (gsejewelers .com) (exploit_kit.rules)
- 2061381 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (lawofcjdj .com) (exploit_kit.rules)
- 2061382 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (nelsonsys .com) (exploit_kit.rules)
- 2061383 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (customer .adroitbookkeepingsolutions .com) (malware.rules)
- 2061384 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (customer .adroitbookkeepingsolutions .com) (malware.rules)
- 2061385 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (islonline .org) (exploit_kit.rules)
- 2061386 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (bstionline .com) (exploit_kit.rules)
- 2061387 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (alhasba .com) (exploit_kit.rules)
- 2061388 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (islonline .org) (exploit_kit.rules)
- 2061389 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bstionline .com) (exploit_kit.rules)
- 2061390 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (alhasba .com) (exploit_kit.rules)
- 2061391 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clarmodq .top) (malware.rules)
- 2061392 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (clarmodq .top in TLS SNI) (malware.rules)
- 2061393 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soursopsf .run) (malware.rules)
- 2061394 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (soursopsf .run in TLS SNI) (malware.rules)
- 2061395 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (changeaie .top) (malware.rules)
- 2061396 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (changeaie .top in TLS SNI) (malware.rules)
- 2061397 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (easyupgw .live) (malware.rules)
- 2061398 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (easyupgw .live in TLS SNI) (malware.rules)
- 2061399 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (liftally .top) (malware.rules)
- 2061400 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (liftally .top in TLS SNI) (malware.rules)
- 2061401 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (upmodini .digital) (malware.rules)
- 2061402 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (upmodini .digital in TLS SNI) (malware.rules)
- 2061403 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (salaccgfa .top) (malware.rules)
- 2061404 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (salaccgfa .top in TLS SNI) (malware.rules)
- 2061405 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zestmodp .top) (malware.rules)
- 2061406 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (zestmodp .top in TLS SNI) (malware.rules)
- 2061407 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (xcelmodo .run) (malware.rules)
- 2061408 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (xcelmodo .run in TLS SNI) (malware.rules)
Pro:
- 2861083 - ETPRO EXPLOIT Microsoft Windows Kerberos Security Feature Bypass (CVE-2025-29809) (exploit.rules)
- 2861084 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2861085 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
Modified inactive rules:
- 2061305 - ET WEB_SPECIFIC_APPS Apache Pinot Authentication Bypass (CVE-2024-56325) (web_specific_apps.rules)