Ruleset Update Summary - 2025/06/12 - v10949

rulesbot · June 12, 2025, 7:34pm

Summary:

14 new OPEN, 18 new PRO (14 + 4)

Thanks @anyrun_app

2062914 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (files .myamericanmadestory .com) (malware.rules)
2062915 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (files .myamericanmadestory .com) (malware.rules)
2062916 - ET EXPLOIT Cisco IOS XE WLC Arbitrary File Upload Attempt (CVE-2025-20188) (exploit.rules)
2062917 - ET EXPLOIT LG Simple Editor RCE Attempt Inbound (CVE-2023-40504) (exploit.rules)
2062918 - ET WEB_SPECIFIC_APPS HPE Aruba Instant Authenticated File Write via Web UI (cp-upload) (CVE-2021-25158) (web_specific_apps.rules)
2062919 - ET WEB_SPECIFIC_APPS HPE Aruba Instant Authenticated Arbitrary Directory Create (cplogo-install) (CVE-2021-25156) (web_specific_apps.rules)
2062920 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (hillcoweb .com) (exploit_kit.rules)
2062921 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (hillcoweb .com) (exploit_kit.rules)
2062922 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (forging .top) (exploit_kit.rules)
2062923 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (forging .top) (exploit_kit.rules)
2062924 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (plapwf .top) (malware.rules)
2062925 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (plapwf .top) in TLS SNI (malware.rules)
2062926 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (swenku .xyz) (malware.rules)
2062927 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (swenku .xyz) in TLS SNI (malware.rules)

2862152 - ETPRO HUNTING Generic HTTP URI Buffer Overflow Check - http.uri (hunting.rules)
2862153 - ETPRO HUNTING Malicious Parquet File Upload Attempt (SSRF) (hunting.rules)
2862154 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2862155 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

2062456 - ET HUNTING Obfuscated PowerShell Script Download - Excessive CHAR (hunting.rules)
2062457 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M1 (hunting.rules)
2062458 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M2 (hunting.rules)
2062459 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M3 (hunting.rules)
2062460 - ET HUNTING Obfuscated PowerShell Script Download - Excessive Split String M4 (hunting.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/02/04 - v10852 Ruleset Updates	111	February 4, 2025
Ruleset Update Summary - 2024/08/22 - v10672 Ruleset Updates	81	August 22, 2024
Ruleset Update Summary - 2025/03/26 - v10891 Ruleset Updates	144	March 26, 2025
Ruleset Update Summary - 2024/10/30 - v10731 Ruleset Updates	213	October 30, 2024
Ruleset Update Summary - 2025/01/10 - v10835 Ruleset Updates	116	January 10, 2025