Ruleset Update Summary - 2025/06/09 - v10944

Ruleset Updates
1

Summary:

21 new OPEN, 22 new PRO (21 + 1)

Thanks @naumovax

Added rules:

Open:

  • 2062810 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (invertdbdi .top) (malware.rules)
  • 2062811 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (invertdbdi .top) in TLS SNI (malware.rules)
  • 2062812 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (unceasnowj .run) (malware.rules)
  • 2062813 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (unceasnowj .run) in TLS SNI (malware.rules)
  • 2062814 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (waxnps .live) (malware.rules)
  • 2062815 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (waxnps .live) in TLS SNI (malware.rules)
  • 2062816 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (geuscljjs .shop) (malware.rules)
  • 2062817 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (geuscljjs .shop) in TLS SNI (malware.rules)
  • 2062818 - ET WEB_SPECIFIC_APPS TP-Link stok label_info Parameter Buffer Overflow Attempt (web_specific_apps.rules)
  • 2062819 - ET WEB_SPECIFIC_APPS Tenda AdvSetLanip lanMask Parameter Buffer Overflow Attempt (CVE-2025-5861) (web_specific_apps.rules)
  • 2062820 - ET WEB_SPECIFIC_APPS Tenda SetLEDCfg time Parameter Buffer Overflow Attempt (CVE-2025-5850) (web_specific_apps.rules)
  • 2062821 - ET WEB_SPECIFIC_APPS Tenda SetRemoteWebCfg remoteIp Parameter Buffer Overflow Attempt (CVE-2025-5853) (web_specific_apps.rules)
  • 2062822 - ET INFO DYNAMIC_DNS Query to a *.alyaf .com domain (info.rules)
  • 2062823 - ET INFO DYNAMIC_DNS HTTP Request to a *.alyaf .com domain (info.rules)
  • 2062824 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bodilyooas .shop) (malware.rules)
  • 2062825 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bodilyooas .shop) in TLS SNI (malware.rules)
  • 2062826 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shortenskinne .top) (malware.rules)
  • 2062827 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (shortenskinne .top) in TLS SNI (malware.rules)
  • 2062828 - ET MALWARE SVCStealer CnC Checkin - Multiple Versions (POST) (malware.rules)
  • 2062829 - ET MALWARE SVCStealer 4.4 CnC Task Checkin (POST) (malware.rules)
  • 2062830 - ET MALWARE SVCStealer CnC Checkin Confirmation (malware.rules)

Pro:

  • 2862139 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)