Ruleset Update Summary - 2025/06/13 - v10950

Summary:

73 new OPEN, 136 new PRO (73 + 63)

Added rules:

Open:

• 2062928 - ET HUNTING SQL Database Version Discovery (hunting.rules)
• 2062929 - ET WEB_SPECIFIC_APPS Fortinet Admin API Stack-based Buffer Overflow in AuthHash Cookie (CVE-2025-32756) (web_specific_apps.rules)
• 2062930 - ET MALWARE Observed DNS Query to Predator Spyware Domain (gilfonts .com) (malware.rules)
• 2062931 - ET MALWARE Observed DNS Query to Predator Spyware Domain (zipzone .io) (malware.rules)
• 2062932 - ET MALWARE Observed DNS Query to Predator Spyware Domain (gettravelright .com) (malware.rules)
• 2062933 - ET MALWARE Observed DNS Query to Predator Spyware Domain (humansprinter .com) (malware.rules)
• 2062934 - ET MALWARE Observed DNS Query to Predator Spyware Domain (canylane .com) (malware.rules)
• 2062935 - ET MALWARE Observed DNS Query to Predator Spyware Domain (stableconnect .net) (malware.rules)
• 2062936 - ET MALWARE Observed DNS Query to Predator Spyware Domain (streamable-vid .com) (malware.rules)
• 2062937 - ET MALWARE Observed DNS Query to Predator Spyware Domain (speedbrawse .com) (malware.rules)
• 2062938 - ET MALWARE Observed DNS Query to Predator Spyware Domain (updatepoints .com) (malware.rules)
• 2062939 - ET MALWARE Observed DNS Query to Predator Spyware Domain (unibilateral .com) (malware.rules)
• 2062940 - ET MALWARE Observed DNS Query to Predator Spyware Domain (starryedge .com) (malware.rules)
• 2062941 - ET MALWARE Observed DNS Query to Predator Spyware Domain (svcsync .com) (malware.rules)
• 2062942 - ET MALWARE Observed DNS Query to Predator Spyware Domain (flickerxxx .com) (malware.rules)
• 2062943 - ET MALWARE Observed DNS Query to Predator Spyware Domain (mundoautopro .com) (malware.rules)
• 2062944 - ET MALWARE Observed DNS Query to Predator Spyware Domain (noticiafresca .net) (malware.rules)
• 2062945 - ET MALWARE Observed DNS Query to Predator Spyware Domain (gamestuts .com) (malware.rules)
• 2062946 - ET MALWARE Observed DNS Query to Predator Spyware Domain (dollgoodies .com) (malware.rules)
• 2062947 - ET MALWARE Observed DNS Query to Predator Spyware Domain (mappins .io) (malware.rules)
• 2062948 - ET MALWARE Observed DNS Query to Predator Spyware Domain (secneed .com) (malware.rules)
• 2062949 - ET MALWARE Observed DNS Query to Predator Spyware Domain (lawrdo .com) (malware.rules)
• 2062950 - ET MALWARE Observed DNS Query to Predator Spyware Domain (traillites .com) (malware.rules)
• 2062951 - ET MALWARE Observed DNS Query to Predator Spyware Domain (myprivatedrive .net) (malware.rules)
• 2062952 - ET MALWARE Observed DNS Query to Predator Spyware Domain (statuepops .com) (malware.rules)
• 2062953 - ET MALWARE Observed DNS Query to Predator Spyware Domain (colabfile .com) (malware.rules)
• 2062954 - ET MALWARE Observed DNS Query to Predator Spyware Domain (steepmatch .com) (malware.rules)
• 2062955 - ET MALWARE Observed DNS Query to Predator Spyware Domain (pedalmastery .com) (malware.rules)
• 2062956 - ET MALWARE Observed DNS Query to Predator Spyware Domain (openstreetpro .com) (malware.rules)
• 2062957 - ET MALWARE Observed DNS Query to Predator Spyware Domain (pinnedplace .com) (malware.rules)
• 2062958 - ET MALWARE Observed DNS Query to Predator Spyware Domain (onelifestyle24 .com) (malware.rules)
• 2062959 - ET MALWARE Observed DNS Query to Predator Spyware Domain (myread .io) (malware.rules)
• 2062960 - ET MALWARE Observed DNS Query to Predator Spyware Domain (secsafty .com) (malware.rules)
• 2062961 - ET MALWARE Observed DNS Query to Predator Spyware Domain (gobbledgums .com) (malware.rules)
• 2062962 - ET MALWARE Observed DNS Query to Predator Spyware Domain (strictplace .com) (malware.rules)
• 2062963 - ET MALWARE Observed DNS Query to Predator Spyware Domain (boundbreeze .com) (malware.rules)
• 2062964 - ET MALWARE Observed DNS Query to Predator Spyware Domain (longtester .com) (malware.rules)
• 2062965 - ET MALWARE Observed DNS Query to Predator Spyware Domain (drivemountain .com) (malware.rules)
• 2062966 - ET MALWARE Observed DNS Query to Predator Spyware Domain (mdundobeats .com) (malware.rules)
• 2062967 - ET MALWARE Observed DNS Query to Predator Spyware Domain (asistentcomercialonline .com) (malware.rules)
• 2062968 - ET MALWARE Observed DNS Query to Predator Spyware Domain (shopstodrop .com) (malware.rules)
• 2062969 - ET MALWARE Observed DNS Query to Predator Spyware Domain (barbequebros .com) (malware.rules)
• 2062970 - ET MALWARE Observed DNS Query to Predator Spyware Domain (caddylane .com) (malware.rules)
• 2062971 - ET MALWARE Observed DNS Query to Predator Spyware Domain (mountinnovate .com) (malware.rules)
• 2062972 - ET MALWARE Observed DNS Query to Predator Spyware Domain (nightskyco .com) (malware.rules)
• 2062973 - ET MALWARE Observed DNS Query to Predator Spyware Domain (branchbreeze .com) (malware.rules)
• 2062974 - ET MALWARE Observed DNS Query to Predator Spyware Domain (mystudyup .com) (malware.rules)
• 2062975 - ET MALWARE Observed DNS Query to Predator Spyware Domain (roadsidefoodie .com) (malware.rules)
• 2062976 - ET MALWARE Observed DNS Query to Predator Spyware Domain (craftilly .com) (malware.rules)
• 2062977 - ET MALWARE Observed DNS Query to Predator Spyware Domain (wtar .io) (malware.rules)
• 2062978 - ET MALWARE Observed DNS Query to Predator Spyware Domain (keep-badinigroups .com) (malware.rules)
• 2062979 - ET MALWARE Observed DNS Query to Predator Spyware Domain (eclipsemonitor .com) (malware.rules)
• 2062980 - ET MALWARE Observed DNS Query to Predator Spyware Domain (themastersphere .com) (malware.rules)
• 2062981 - ET MALWARE Observed DNS Query to Predator Spyware Domain (infoshoutout .com) (malware.rules)
• 2062982 - ET MALWARE Observed DNS Query to Predator Spyware Domain (remixspot .com) (malware.rules)
• 2062983 - ET MALWARE Observed DNS Query to Predator Spyware Domain (c3p0solutions .com) (malware.rules)
• 2062984 - ET MALWARE Observed DNS Query to Predator Spyware Domain (trigship .com) (malware.rules)
• 2062985 - ET MALWARE Observed DNS Query to Predator Spyware Domain (clockpatcher .com) (malware.rules)
• 2062986 - ET MALWARE Observed DNS Query to Predator Spyware Domain (noticiafamosos .com) (malware.rules)
• 2062987 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (doorwanzeh .live) (malware.rules)
• 2062988 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (doorwanzeh .live) in TLS SNI (malware.rules)
• 2062989 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frustreghm .xyz) (malware.rules)
• 2062990 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frustreghm .xyz) in TLS SNI (malware.rules)
• 2062991 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (naturasixc .live) (malware.rules)
• 2062992 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (naturasixc .live) in TLS SNI (malware.rules)
• 2062993 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (saokwe .xyz) (malware.rules)
• 2062994 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (saokwe .xyz) in TLS SNI (malware.rules)
• 2062995 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stifp .live) (malware.rules)
• 2062996 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stifp .live) in TLS SNI (malware.rules)
• 2062997 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (supryov) (malware.rules)
• 2062998 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (supryov) in TLS SNI (malware.rules)
• 2062999 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (universaltechnology .top) (exploit_kit.rules)
• 2063000 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (universaltechnology .top) (exploit_kit.rules)

Pro:

• 2862156 - ETPRO HUNTING RFC Non-Compliant HTTP Host Header Observed Inbound (hunting.rules)
• 2862157 - ETPRO EXPLOIT Windows MSHTML Platform Spoofing Document (CVE-2024-38112) (exploit.rules)
• 2862164 - ETPRO MALWARE Observed Predator Spyware Domain (gilfonts .com in TLS SNI) (malware.rules)
• 2862165 - ETPRO MALWARE Observed Predator Spyware Domain (zipzone .io in TLS SNI) (malware.rules)
• 2862166 - ETPRO MALWARE Observed Predator Spyware Domain (gettravelright .com in TLS SNI) (malware.rules)
• 2862167 - ETPRO MALWARE Observed Predator Spyware Domain (humansprinter .com in TLS SNI) (malware.rules)
• 2862168 - ETPRO MALWARE Observed Predator Spyware Domain (canylane .com in TLS SNI) (malware.rules)
• 2862169 - ETPRO MALWARE Observed Predator Spyware Domain (stableconnect .net in TLS SNI) (malware.rules)
• 2862170 - ETPRO MALWARE Observed Predator Spyware Domain (streamable-vid .com in TLS SNI) (malware.rules)
• 2862171 - ETPRO MALWARE Observed Predator Spyware Domain (speedbrawse .com in TLS SNI) (malware.rules)
• 2862172 - ETPRO MALWARE Observed Predator Spyware Domain (updatepoints .com in TLS SNI) (malware.rules)
• 2862173 - ETPRO MALWARE Observed Predator Spyware Domain (unibilateral .com in TLS SNI) (malware.rules)
• 2862174 - ETPRO MALWARE Observed Predator Spyware Domain (starryedge .com in TLS SNI) (malware.rules)
• 2862175 - ETPRO MALWARE Observed Predator Spyware Domain (svcsync .com in TLS SNI) (malware.rules)
• 2862176 - ETPRO MALWARE Observed Predator Spyware Domain (flickerxxx .com in TLS SNI) (malware.rules)
• 2862177 - ETPRO MALWARE Observed Predator Spyware Domain (mundoautopro .com in TLS SNI) (malware.rules)
• 2862178 - ETPRO MALWARE Observed Predator Spyware Domain (noticiafresca .net in TLS SNI) (malware.rules)
• 2862179 - ETPRO MALWARE Observed Predator Spyware Domain (gamestuts .com in TLS SNI) (malware.rules)
• 2862180 - ETPRO MALWARE Observed Predator Spyware Domain (dollgoodies .com in TLS SNI) (malware.rules)
• 2862181 - ETPRO MALWARE Observed Predator Spyware Domain (mappins .io in TLS SNI) (malware.rules)
• 2862182 - ETPRO MALWARE Observed Predator Spyware Domain (secneed .com in TLS SNI) (malware.rules)
• 2862183 - ETPRO MALWARE Observed Predator Spyware Domain (lawrdo .com in TLS SNI) (malware.rules)
• 2862184 - ETPRO MALWARE Observed Predator Spyware Domain (traillites .com in TLS SNI) (malware.rules)
• 2862185 - ETPRO MALWARE Observed Predator Spyware Domain (myprivatedrive .net in TLS SNI) (malware.rules)
• 2862186 - ETPRO MALWARE Observed Predator Spyware Domain (statuepops .com in TLS SNI) (malware.rules)
• 2862187 - ETPRO MALWARE Observed Predator Spyware Domain (colabfile .com in TLS SNI) (malware.rules)
• 2862188 - ETPRO MALWARE Observed Predator Spyware Domain (steepmatch .com in TLS SNI) (malware.rules)
• 2862189 - ETPRO MALWARE Observed Predator Spyware Domain (pedalmastery .com in TLS SNI) (malware.rules)
• 2862190 - ETPRO MALWARE Observed Predator Spyware Domain (openstreetpro .com in TLS SNI) (malware.rules)
• 2862191 - ETPRO MALWARE Observed Predator Spyware Domain (pinnedplace .com in TLS SNI) (malware.rules)
• 2862192 - ETPRO MALWARE Observed Predator Spyware Domain (onelifestyle24 .com in TLS SNI) (malware.rules)
• 2862193 - ETPRO MALWARE Observed Predator Spyware Domain (myread .io in TLS SNI) (malware.rules)
• 2862194 - ETPRO MALWARE Observed Predator Spyware Domain (secsafty .com in TLS SNI) (malware.rules)
• 2862195 - ETPRO MALWARE Observed Predator Spyware Domain (gobbledgums .com in TLS SNI) (malware.rules)
• 2862196 - ETPRO MALWARE Observed Predator Spyware Domain (strictplace .com in TLS SNI) (malware.rules)
• 2862197 - ETPRO MALWARE Observed Predator Spyware Domain (boundbreeze .com in TLS SNI) (malware.rules)
• 2862198 - ETPRO MALWARE Observed Predator Spyware Domain (longtester .com in TLS SNI) (malware.rules)
• 2862199 - ETPRO MALWARE Observed Predator Spyware Domain (drivemountain .com in TLS SNI) (malware.rules)
• 2862200 - ETPRO MALWARE Observed Predator Spyware Domain (mdundobeats .com in TLS SNI) (malware.rules)
• 2862201 - ETPRO MALWARE Observed Predator Spyware Domain (asistentcomercialonline .com in TLS SNI) (malware.rules)
• 2862202 - ETPRO MALWARE Observed Predator Spyware Domain (shopstodrop .com in TLS SNI) (malware.rules)
• 2862203 - ETPRO MALWARE Observed Predator Spyware Domain (barbequebros .com in TLS SNI) (malware.rules)
• 2862204 - ETPRO MALWARE Observed Predator Spyware Domain (caddylane .com in TLS SNI) (malware.rules)
• 2862205 - ETPRO MALWARE Observed Predator Spyware Domain (mountinnovate .com in TLS SNI) (malware.rules)
• 2862206 - ETPRO MALWARE Observed Predator Spyware Domain (nightskyco .com in TLS SNI) (malware.rules)
• 2862207 - ETPRO MALWARE Observed Predator Spyware Domain (branchbreeze .com in TLS SNI) (malware.rules)
• 2862208 - ETPRO MALWARE Observed Predator Spyware Domain (mystudyup .com in TLS SNI) (malware.rules)
• 2862209 - ETPRO MALWARE Observed Predator Spyware Domain (roadsidefoodie .com in TLS SNI) (malware.rules)
• 2862210 - ETPRO MALWARE Observed Predator Spyware Domain (craftilly .com in TLS SNI) (malware.rules)
• 2862211 - ETPRO MALWARE Observed Predator Spyware Domain (wtar .io in TLS SNI) (malware.rules)
• 2862212 - ETPRO MALWARE Observed Predator Spyware Domain (keep-badinigroups .com in TLS SNI) (malware.rules)
• 2862213 - ETPRO MALWARE Observed Predator Spyware Domain (eclipsemonitor .com in TLS SNI) (malware.rules)
• 2862214 - ETPRO MALWARE Observed Predator Spyware Domain (themastersphere .com in TLS SNI) (malware.rules)
• 2862215 - ETPRO MALWARE Observed Predator Spyware Domain (infoshoutout .com in TLS SNI) (malware.rules)
• 2862216 - ETPRO MALWARE Observed Predator Spyware Domain (remixspot .com in TLS SNI) (malware.rules)
• 2862217 - ETPRO MALWARE Observed Predator Spyware Domain (c3p0solutions .com in TLS SNI) (malware.rules)
• 2862218 - ETPRO MALWARE Observed Predator Spyware Domain (trigship .com in TLS SNI) (malware.rules)
• 2862219 - ETPRO MALWARE Observed Predator Spyware Domain (clockpatcher .com in TLS SNI) (malware.rules)
• 2862220 - ETPRO MALWARE Observed Predator Spyware Domain (noticiafamosos .com in TLS SNI) (malware.rules)
• 2862221 - ETPRO PHISHING PigButchers Landing Page M1 2025-06-13 (phishing.rules)
• 2862222 - ETPRO PHISHING PigButchers Landing Page M2 2025-06-13 (phishing.rules)
• 2862223 - ETPRO PHISHING PigButchers Landing Page M3 2025-06-13 (phishing.rules)
• 2862224 - ETPRO PHISHING PigButchers Landing Page M4 2025-06-13 (phishing.rules)