Ruleset Update Summary - 2025/06/03 - v10939

rulesbot · June 3, 2025, 9:10pm

Summary:

28 new OPEN, 28 new PRO (28 + 0)

Added rules:

Open:

2047646 - ET MALWARE JanelaRAT CnC Checkin Observed (malware.rules)
2062713 - ET MALWARE JanelaRAT Staging URL (malware.rules)
2062714 - ET MALWARE JanelaRAT CnC Exfil (malware.rules)
2062715 - ET INFO Observed UA-CPU Header (info.rules)
2062716 - ET INFO Observed UA-Disp Header (info.rules)
2062717 - ET INFO Observed UA-OS Header (info.rules)
2062718 - ET INFO Observed UA-Color Header (info.rules)
2062719 - ET INFO Observed UA-Pixels Header (info.rules)
2062720 - ET HUNTING GET Request to ip-api Without User-Agent (Common with Stealers) (hunting.rules)
2062721 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (algfbg .live) (malware.rules)
2062722 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (algfbg .live) in TLS SNI (malware.rules)
2062723 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (autogearw .live) (malware.rules)
2062724 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (autogearw .live) in TLS SNI (malware.rules)
2062725 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (loppkq .digital) (malware.rules)
2062726 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (loppkq .digital) in TLS SNI (malware.rules)
2062727 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (magwaeg .live) (malware.rules)
2062728 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (magwaeg .live) in TLS SNI (malware.rules)
2062729 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screhwc .live) (malware.rules)
2062730 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (screhwc .live) in TLS SNI (malware.rules)
2062731 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tinklertjp .bet) (malware.rules)
2062732 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tinklertjp .bet) in TLS SNI (malware.rules)
2062733 - ET MALWARE JanelaRAT Delivery Script Retrieving .MSI (malware.rules)
2062734 - ET WEB_SPECIFIC_APPS Linksys ssid1MACFilter apselect_ Parameter Command Injection Attempt (CVE-2025-5447) (web_specific_apps.rules)
2062735 - ET WEB_SPECIFIC_APPS Linksys addStaticRoute staticRoute_destType_setting Parameter Command Injection Attempt (web_specific_apps.rules)
2062736 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (www .grapheno .us) (malware.rules)
2062737 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (www .grapheno .us) (malware.rules)
2062738 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (baihuah .top) (exploit_kit.rules)
2062739 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (baihuah .top) (exploit_kit.rules)

Removed rules:

2047646 - ET RETIRED JanelaRAT CnC Checkin Observed (retired.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/02/03 - v10851 Ruleset Updates	134	February 3, 2025
Ruleset Update Summary - 2025/05/20 - v10931 Ruleset Updates	91	May 20, 2025
Ruleset Update Summary - 2025/05/15 - v10928 Ruleset Updates	117	May 15, 2025
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	129	November 12, 2024
Ruleset Update Summary - 2025/06/02 - v10938 Ruleset Updates	117	June 2, 2025

Ruleset Update Summary - 2025/06/03 - v10939

Summary:

Added rules:

Open:

Removed rules:

Related topics