Ruleset Update Summary - 2025/06/12 - v10949

rulesbot · June 12, 2025, 7:34pm

Summary:

14 new OPEN, 18 new PRO (14 + 4)

Thanks @anyrun_app

2062914 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (files .myamericanmadestory .com) (malware.rules)
2062915 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (files .myamericanmadestory .com) (malware.rules)
2062916 - ET EXPLOIT Cisco IOS XE WLC Arbitrary File Upload Attempt (CVE-2025-20188) (exploit.rules)
2062917 - ET EXPLOIT LG Simple Editor RCE Attempt Inbound (CVE-2023-40504) (exploit.rules)
2062918 - ET WEB_SPECIFIC_APPS HPE Aruba Instant Authenticated File Write via Web UI (cp-upload) (CVE-2021-25158) (web_specific_apps.rules)
2062919 - ET WEB_SPECIFIC_APPS HPE Aruba Instant Authenticated Arbitrary Directory Create (cplogo-install) (CVE-2021-25156) (web_specific_apps.rules)
2062920 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (hillcoweb .com) (exploit_kit.rules)
2062921 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (hillcoweb .com) (exploit_kit.rules)
2062922 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (forging .top) (exploit_kit.rules)
2062923 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (forging .top) (exploit_kit.rules)
2062924 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plapwf .top) (malware.rules)
2062925 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plapwf .top) in TLS SNI (malware.rules)
2062926 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (swenku .xyz) (malware.rules)
2062927 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (swenku .xyz) in TLS SNI (malware.rules)

2862152 - ETPRO HUNTING Generic HTTP URI Buffer Overflow Check - http.uri (hunting.rules)
2862153 - ETPRO HUNTING Malicious Parquet File Upload Attempt (SSRF) (hunting.rules)
2862154 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2862155 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

2062456 - ET HUNTING Obfuscated PowerShell Script Download - Excessive CHAR (hunting.rules)
2062457 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M1 (hunting.rules)
2062458 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M2 (hunting.rules)
2062459 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M3 (hunting.rules)
2062460 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M4 (hunting.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/24 - v10889 Ruleset Updates	120	March 24, 2025
Ruleset Update Summary - 2025/06/10 - v10947 Ruleset Updates	111	June 10, 2025
Ruleset Update Summary - 2025/05/21 - v10932 Ruleset Updates	118	May 21, 2025
Ruleset Update Summary - 2025/07/16 - v10971 Ruleset Updates	55	July 16, 2025
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	129	March 11, 2025