Summary:
34 new OPEN, 44 new PRO (34 + 10)
Added rules:
Open:
- 2063327 - ET INFO Open-source Customer Service Platform Domain in DNS Lookup (chatwoot .com) (info.rules)
- 2063328 - ET INFO Open-source Customer Service Platform Domain in TLS SNI (chatwoot .com) (info.rules)
- 2063329 - ET INFO Observed RMM Domain in DNS Lookup ( * .monitic .com) (info.rules)
- 2063330 - ET INFO Observed RMM Domain in TLS SNI ( * .monitic .com) (info.rules)
- 2063331 - ET INFO DYNAMIC_DNS Query to a *.bestprogramsforkids .com domain (info.rules)
- 2063332 - ET INFO DYNAMIC_DNS HTTP Request to a *.bestprogramsforkids .com domain (info.rules)
- 2063333 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (abtsi .com) (exploit_kit.rules)
- 2063334 - ET EXPLOIT_KIT LandUpdate808 Domain (abtsi .com) in TLS SNI (exploit_kit.rules)
- 2063335 - ET WEB_SPECIFIC_APPS Totolink X15 formIPv6Addr submit-url Parameter Buffer Overflow Attempt (web_specific_apps.rules)
- 2063336 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (www .thelist2win .com) (malware.rules)
- 2063337 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (www .thelist2win .com) (malware.rules)
- 2063338 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fiuylj .top) (malware.rules)
- 2063339 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fiuylj .top) in TLS SNI (malware.rules)
- 2063340 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (giyewf .shop) (malware.rules)
- 2063341 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (giyewf .shop) in TLS SNI (malware.rules)
- 2063342 - ET MALWARE NordDragonScan CnC Checkin (malware.rules)
- 2063343 - ET EXPLOIT Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation (CVE-2017-12635) (exploit.rules)
- 2063344 - ET EXPLOIT Apache Struts Local File Inclusion Attempt Inbound (CVE-2016-3082) (exploit.rules)
- 2063345 - ET MALWARE NordDragonScan Data Exfiltration Attempt (malware.rules)
- 2063346 - ET MALWARE NordDragonScan CnC Domain in DNS Lookup (secfileshare .com) (malware.rules)
- 2063347 - ET MALWARE NordDragonScan CnC Domain in DNS Lookup (kpuszkiev .com) (malware.rules)
- 2063348 - ET MALWARE Observed NordDragonScan Domain (secfileshare .com) in TLS SNI (malware.rules)
- 2063349 - ET MALWARE Observed NordDragonScan Domain (kpuszkiev .com) in TLS SNI (malware.rules)
- 2063350 - ET INFO Monitic RMM API Activity (Installer) (info.rules)
- 2063351 - ET INFO Monitic RMM API Activity (Profiling) (info.rules)
- 2063352 - ET INFO Monitic RMM API Activity (Detect User IP) (info.rules)
- 2063353 - ET INFO Monitic RMM API Activity (Get Config) (info.rules)
- 2063354 - ET INFO Monitic RMM API Activity (Get Token) (info.rules)
- 2063355 - ET INFO Monitic RMM API Activity (Download Installer) (info.rules)
- 2063356 - ET EXPLOIT ManageEngine Desktop Central Unauthorized Administrative Password Reset (CVE-2015-2560) (exploit.rules)
- 2063357 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (jqueryapishelpers .com) (exploit_kit.rules)
- 2063358 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in DNS Lookup (fetchapiutility .com) (exploit_kit.rules)
- 2063359 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (jqueryapishelpers .com) (exploit_kit.rules)
- 2063360 - ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (fetchapiutility .com) (exploit_kit.rules)
Pro:
- 2863396 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863397 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863398 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863399 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863400 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863401 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863402 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863403 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863404 - ETPRO HUNTING Microsoft SPNEGO Extended Negotiation (NEGOEX) Unauthenticated Remote Code Execution (CVE-2025-47981) (hunting.rules)
- 2863405 - ETPRO EXPLOIT Microsoft SharePoint Unauthenticated Remote Code Execution (CVE-2025-49704) (exploit.rules)
Modified inactive rules:
- 2057217 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (mundiprep .com) (exploit_kit.rules)
- 2057219 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (asianchow .com) (exploit_kit.rules)
- 2057221 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vinsaca .com) (exploit_kit.rules)
- 2057249 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chat2cams .com) (exploit_kit.rules)
- 2057251 - ET EXPLOIT_KIT TA569 Middleware Domain in DNS Lookup (webapiintegration .cloud) (exploit_kit.rules)
- 2057252 - ET EXPLOIT_KIT TA569 Middleware Domain in TLS SNI (webapiintegration .cloud) (exploit_kit.rules)
- 2057293 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dailyfragrancedeals .com) (exploit_kit.rules)
- 2057294 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (girlsgifs .com) (exploit_kit.rules)
- 2057295 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dailyfragrancedeals .com) (exploit_kit.rules)
- 2057296 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (girlsgifs .com) (exploit_kit.rules)
- 2057315 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (compugest .com) (exploit_kit.rules)
- 2057316 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (compugest .com) (exploit_kit.rules)
- 2057331 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (junocis .com) (exploit_kit.rules)
- 2057380 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (culinarycanvasgrilling .com) (exploit_kit.rules)
- 2057381 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (culinarycanvasgrilling .com) (exploit_kit.rules)
- 2057406 - ET EXPLOIT_KIT VexTrio Domain in DNS Lookup (omenkid .top) (exploit_kit.rules)
- 2057407 - ET EXPLOIT_KIT VexTrio Domain in TLS SNI (omenkid .top) (exploit_kit.rules)
- 2057408 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fencingfriends .com) (exploit_kit.rules)
- 2057409 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fencingfriends .com) (exploit_kit.rules)
- 2057438 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (xcdd1003 .com) (exploit_kit.rules)
- 2057439 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (xcdd1003 .com) (exploit_kit.rules)
- 2057449 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (yimuzds .com) (exploit_kit.rules)
- 2057451 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (yimuzds .com) (exploit_kit.rules)
- 2057631 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rshank .com) (exploit_kit.rules)
- 2057632 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rshank .com) (exploit_kit.rules)
- 2057633 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (crickout .com) (exploit_kit.rules)
- 2057634 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (crickout .com) (exploit_kit.rules)
- 2057676 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (eliztalks .com) (exploit_kit.rules)
- 2057677 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (eliztalks .com) (exploit_kit.rules)
- 2057678 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (franklinida .com) (exploit_kit.rules)
- 2057679 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (franklinida .com) (exploit_kit.rules)
- 2057688 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (petshopsg .com) (exploit_kit.rules)
- 2057689 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (petshopsg .com) (exploit_kit.rules)
- 2057696 - ET MALWARE Observed DNS Query to Lumma Stealer Domain (peepburry828 .sbs) (malware.rules)
- 2057697 - ET MALWARE Observed DNS Query to Lumma Stealer Domain (processhol .sbs) (malware.rules)
- 2057698 - ET MALWARE Observed DNS Query to Lumma Stealer Domain (p3ar11fter .sbs) (malware.rules)
- 2057699 - ET MALWARE Observed Lumma Stealer Domain (3xp3cts1aim .sbs in TLS SNI) (malware.rules)
- 2057700 - ET MALWARE Observed Lumma Stealer Domain (peepburry828 .sbs in TLS SNI) (malware.rules)
- 2057701 - ET MALWARE Observed Lumma Stealer Domain (processhol .sbs in TLS SNI) (malware.rules)
- 2057702 - ET MALWARE Observed Lumma Stealer Domain (p3ar11fter .sbs in TLS SNI) (malware.rules)
- 2057710 - ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (bytesbazar .com) (exploit_kit.rules)
- 2057712 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (inayatullah .com) (exploit_kit.rules)
- 2057713 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (viralnavigator .com) (exploit_kit.rules)
- 2057714 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (eegqzvxd .shop) (exploit_kit.rules)
- 2057715 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (inayatullah .com) (exploit_kit.rules)
- 2057716 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (viralnavigator .com) (exploit_kit.rules)
- 2057717 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (eegqzvxd .shop) (exploit_kit.rules)
- 2057718 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (genhil .com) (exploit_kit.rules)
- 2057719 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (genhil .com) (exploit_kit.rules)
- 2057724 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (tickerwell .com) (exploit_kit.rules)
- 2057725 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (tickerwell .com) (exploit_kit.rules)
- 2057732 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (segurofinalizar .shop) (exploit_kit.rules)
- 2057733 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (segurofinalizar .shop) (exploit_kit.rules)
- 2057734 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (nyciot .com) (exploit_kit.rules)
- 2057735 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (nyciot .com) (exploit_kit.rules)
- 2057739 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (safigdata .com) (exploit_kit.rules)
- 2057740 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (safigdata .com) (exploit_kit.rules)
- 2057776 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .cases .pcohenlaw .com) (malware.rules)
- 2057793 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (reviewtypes .com) (exploit_kit.rules)
- 2057794 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (modandcrackedapk .com) (exploit_kit.rules)
- 2057795 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (assetoutdoor .shop) (exploit_kit.rules)
- 2057796 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (opporeno8 .com) (exploit_kit.rules)
- 2057797 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (reviewtypes .com) (exploit_kit.rules)
- 2057800 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (esaleerugs .com) (exploit_kit.rules)
- 2057808 - ET MALWARE Observed Malicious Domain (meowware .ddns .net in TLS SNI) (malware.rules)
- 2057882 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (weeatsome .com) (exploit_kit.rules)
- 2057890 - ET MALWARE Observed Payload Delivery Domain (shopping-nice .com in TLS SNI) (malware.rules)
- 2057895 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (premiosdosul .com) (exploit_kit.rules)
- 2058020 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (aquabaru .online) (exploit_kit.rules)
- 2058022 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (bfd78 .biz) (exploit_kit.rules)
- 2058025 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (aquabaru .online) (exploit_kit.rules)
- 2058026 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chudautu .info) (exploit_kit.rules)
- 2058050 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (q8ds .net) (exploit_kit.rules)
- 2058121 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tasteofgoodness .info) (exploit_kit.rules)
- 2858872 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858873 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858874 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858876 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858877 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858883 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2858884 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
- 2858885 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
- 2858886 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
- 2858930 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2858999 - ETPRO PHISHING Observed Social Security Administration Impersonation Domain in TLS SNI (phishing.rules)
- 2859001 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859003 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859006 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859020 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859025 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859026 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859061 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859062 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859063 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859064 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859065 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859066 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859089 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859090 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859092 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859127 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859129 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859134 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859141 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859201 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859249 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859253 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859254 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859259 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
- 2859359 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)