Ruleset Update Summary - 2025/04/23 - v10912

Ruleset Updates
1

Summary:

30 new OPEN, 32 new PRO (30 + 2)

Added rules:

Open:

  • 2061806 - ET INFO Potentially Vulnerable Cisco ConfD SSH Server Banner (CVE-2025-32433) (info.rules)
  • 2061807 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (climatologfy .top) (malware.rules)
  • 2061808 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (climatologfy .top) in TLS SNI (malware.rules)
  • 2061809 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (econbele .digital) (malware.rules)
  • 2061810 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (econbele .digital) in TLS SNI (malware.rules)
  • 2061811 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (equatorf .run) (malware.rules)
  • 2061812 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (equatorf .run) in TLS SNI (malware.rules)
  • 2061813 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hemispherexz .top) (malware.rules)
  • 2061814 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hemispherexz .top) in TLS SNI (malware.rules)
  • 2061815 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (latitudert .live) (malware.rules)
  • 2061816 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (latitudert .live) in TLS SNI (malware.rules)
  • 2061817 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (longitudde .digital) (malware.rules)
  • 2061818 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (longitudde .digital) in TLS SNI (malware.rules)
  • 2061819 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (polandecor .digital) (malware.rules)
  • 2061820 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (polandecor .digital) in TLS SNI (malware.rules)
  • 2061821 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sewektrip .shop) (malware.rules)
  • 2061822 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sewektrip .shop) in TLS SNI (malware.rules)
  • 2061823 - ET EXPLOIT IBM Spectrum Protect Plus - Command Injection Attempt Inbound (CVE-2020-4211) (exploit.rules)
  • 2061824 - ET EXPLOIT Sinapsi eSolar Light Photovoltaic System - Command Injection Attempt Inbound (CVE-2012-5863) (exploit.rules)
  • 2061825 - ET EXPLOIT HP SiteScope SOAP Call RCE Attempt Inbound (CVE-2012-3259) (exploit.rules)
  • 2061826 - ET EXPLOIT CA Total Defense Suite SQLi Attempt Inbound (CVE-2011-1653) (exploit.rules)
  • 2061827 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (mtowner .com) (exploit_kit.rules)
  • 2061828 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (mtowner .com) (exploit_kit.rules)
  • 2061829 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (manwithedhelp .top) (exploit_kit.rules)
  • 2061830 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ayzyw .top) (exploit_kit.rules)
  • 2061831 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (manwithedhelp .top) (exploit_kit.rules)
  • 2061832 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ayzyw .top) (exploit_kit.rules)
  • 2061833 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (www .ishimotors .com) (malware.rules)
  • 2061834 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (www .ishimotors .com) (malware.rules)
  • 2061835 - ET MALWARE AMOS Stealer CnC Checkin (POST) (malware.rules)

Pro:

  • 2861226 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2861227 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

  • 2061805 - ET EXPLOIT SSH Erlang/OTP SSH Server Unencryped Channel Open (Message Type 90) (CVE-2025-32433) (exploit.rules)