Summary:
14 new OPEN, 18 new PRO (14 + 4)
Thanks @anyrun_app
Added rules:
Open:
- 2062914 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (files .myamericanmadestory .com) (malware.rules)
- 2062915 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (files .myamericanmadestory .com) (malware.rules)
- 2062916 - ET EXPLOIT Cisco IOS XE WLC Arbitrary File Upload Attempt (CVE-2025-20188) (exploit.rules)
- 2062917 - ET EXPLOIT LG Simple Editor RCE Attempt Inbound (CVE-2023-40504) (exploit.rules)
- 2062918 - ET WEB_SPECIFIC_APPS HPE Aruba Instant Authenticated File Write via Web UI (cp-upload) (CVE-2021-25158) (web_specific_apps.rules)
- 2062919 - ET WEB_SPECIFIC_APPS HPE Aruba Instant Authenticated Arbitrary Directory Create (cplogo-install) (CVE-2021-25156) (web_specific_apps.rules)
- 2062920 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (hillcoweb .com) (exploit_kit.rules)
- 2062921 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (hillcoweb .com) (exploit_kit.rules)
- 2062922 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (forging .top) (exploit_kit.rules)
- 2062923 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (forging .top) (exploit_kit.rules)
- 2062924 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plapwf .top) (malware.rules)
- 2062925 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plapwf .top) in TLS SNI (malware.rules)
- 2062926 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (swenku .xyz) (malware.rules)
- 2062927 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (swenku .xyz) in TLS SNI (malware.rules)
Pro:
- 2862152 - ETPRO HUNTING Generic HTTP URI Buffer Overflow Check - http.uri (hunting.rules)
- 2862153 - ETPRO HUNTING Malicious Parquet File Upload Attempt (SSRF) (hunting.rules)
- 2862154 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2862155 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
Modified inactive rules:
- 2062456 - ET HUNTING Obfuscated PowerShell Script Download - Excessive CHAR (hunting.rules)
- 2062457 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M1 (hunting.rules)
- 2062458 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M2 (hunting.rules)
- 2062459 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M3 (hunting.rules)
- 2062460 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M4 (hunting.rules)