Summary:
15 new OPEN, 26 new PRO (15 + 11)
Thanks @zoomequipd
Added rules:
Open:
- 2062497 - ET WEB_SPECIFIC_APPS FoxCMS id Parameter Command Injection Attempt (CVE-2025-29306) (web_specific_apps.rules)
- 2062498 - ET MALWARE Observed Malicious SSL Cert (VenomRAT/DcRAT) (malware.rules)
- 2062499 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (helplabp .run) (malware.rules)
- 2062500 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (helplabp .run) in TLS SNI (malware.rules)
- 2062501 - ET MALWARE Observed Malicious SSL Cert (Various RAT) (malware.rules)
- 2062502 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (www .alifsemi .com) (malware.rules)
- 2062503 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (www .alifsemi .com) (malware.rules)
- 2062504 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (avodaride .top) (exploit_kit.rules)
- 2062505 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (avodaride .top) (exploit_kit.rules)
- 2062506 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (dnsgo-windowsds .live) (exploit_kit.rules)
- 2062507 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (dnsgo-windowsds .live) (exploit_kit.rules)
- 2062508 - ET MALWARE Observed DNS Query to ACR/Amatera Stealer Domain (winthigh .top) (malware.rules)
- 2062509 - ET MALWARE Observed ACR/Amatera Domain (winthigh .top in TLS SNI) (malware.rules)
- 2062510 - ET MALWARE ACR/Amatera Stealer CnC Exfil (POST) M1 (malware.rules)
- 2062511 - ET MALWARE ACR/Amatera Stealer CnC Exfil (POST) M2 (malware.rules)
Pro:
- 2861790 - ETPRO MALWARE Observed DNS Query to TAA399/TinyTick Domain (malware.rules)
- 2861791 - ETPRO MALWARE Observed TA399/TinyTick Domain in TLS SNI (malware.rules)
- 2861792 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2861793 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
- 2861794 - ETPRO PHISHING CoAceV Checkin 2025-05-21 (phishing.rules)
- 2861795 - ETPRO PHISHING CoAceV Phish Landing Page 2025-05-21 (phishing.rules)
- 2861796 - ETPRO MALWARE TA399/TinyTick Payload Request (GET) (malware.rules)
- 2861797 - ETPRO ATTACK_RESPONSE TA399/TinyTick Payload Inbound (attack_response.rules)
- 2861798 - ETPRO MALWARE Observed TA399/TinyTick BackDoor User-Agent (malware.rules)
- 2861799 - ETPRO MALWARE Observed TA399/TinyTick BackDoor CnC Activity (POST) (malware.rules)
- 2861800 - ETPRO MALWARE Observed TA399/TinyTick BackDoor Victim Checkin (GET) (malware.rules)