Summary:
27 new OPEN, 38 new PRO (27 + 11)
Added rules:
Open:
- 2061728 - ET INFO SonicWall SMA Multiple CIFS Server Bookmark Creation (info.rules)
- 2061729 - ET WEB_SERVER SonicWall SMA Heap-Based Buffer Overflow (CVE-2021-20043) (web_server.rules)
- 2061730 - ET WEB_SERVER SonicWall SMA Unauthenticated Stack Buffer Overflow (CVE-2021-20045) M1 (web_server.rules)
- 2061731 - ET WEB_SERVER SonicWall SMA Unauthenticated Stack Buffer Overflow (CVE-2021-20045) M2 (web_server.rules)
- 2061732 - ET WEB_SERVER SonicWall SMA Unauthenticated Heap Buffer Overflow (CVE-2021-20045) (web_server.rules)
- 2061733 - ET WEB_SPECIFIC_APPS Oracle PeopleSoft Unauthenticated File Read (CVE-2023-22047) (web_specific_apps.rules)
- 2061734 - ET MALWARE Common Sandbox Identification Evasion List Downloaded via WindowsPowerShell (malware.rules)
- 2061735 - ET WEB_SPECIFIC_APPS SAP NetWeaver Application Server Java Post-Auth Arbitrary File Upload (CVE-2021-38163) (web_specific_apps.rules)
- 2061736 - ET MALWARE Observed DNS Query to ClickFix Domain (reddit .co .im) (malware.rules)
- 2061737 - ET MALWARE Observed ClickFix Domain (reddit .co .im in TLS SNI) (malware.rules)
- 2061738 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (futuristx .live) (malware.rules)
- 2061739 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (futuristx .live) in TLS SNI (malware.rules)
- 2061740 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (overlapseq .digital) (malware.rules)
- 2061741 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (overlapseq .digital) in TLS SNI (malware.rules)
- 2061742 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (synmedsp .live) (malware.rules)
- 2061743 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (synmedsp .live) in TLS SNI (malware.rules)
- 2061744 - ET WEB_SPECIFIC_APPS D-Link DWR-M961 formStaticDHCP buffer overflow (CVE-2025-3785) (web_specific_apps.rules)
- 2061745 - ET MALWARE Observed Compromised Domain Serving ClickFix Related Payloads (four-meme .dev) (malware.rules)
- 2061746 - ET MALWARE Observed Compromised ClickFix Payload Delivery Domain (four-meme .dev in TLS SNI) (malware.rules)
- 2061747 - ET WEB_SPECIFIC_APPS Tenda AC15 GetParentControlInfo mac Parameter Buffer Overflow (web_specific_apps.rules)
- 2061748 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (lynmor .com) (exploit_kit.rules)
- 2061749 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (grrlspace .com) (exploit_kit.rules)
- 2061750 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (lynmor .com) (exploit_kit.rules)
- 2061751 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (grrlspace .com) (exploit_kit.rules)
- 2061752 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (booking .driveawayrentals .com) (malware.rules)
- 2061753 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (booking .driveawayrentals .com) (malware.rules)
- 2061754 - ET ATTACK_RESPONSE ClickFix Webpage Inbound (attack_response.rules)
Pro:
- 2861185 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2861186 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2861187 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2861188 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2861189 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2861190 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2861191 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2861192 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2861193 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2861194 - ETPRO MALWARE QuasarRAT Victim Checkin via Telegram (POST) (malware.rules)
- 2861195 - ETPRO MALWARE QuasarRAT Screenshot Exfil via Telegram (POST) (malware.rules)