Summary:
18 new OPEN, 41 new PRO (18 + 23)
Thanks @sud0woodo, @haxrob
Added rules:
Open:
- 2063361 - ET INFO Monitic RMM API Activity (Agent Ping) (info.rules)
- 2063362 - ET EXPLOIT_KIT Keitaro TDS Domain in DNS Lookup (privatephotos .online) (exploit_kit.rules)
- 2063363 - ET EXPLOIT_KIT Keitaro TDS Domain in TLS SNI (privatephotos .online) (exploit_kit.rules)
- 2063364 - ET INAPPROPRIATE Evil Keitaro to Adult Websites Set-Cookie Inbound (3f06b) (inappropriate.rules)
- 2063365 - ET EXPLOIT Microsoft Sharepoint WebPartPagesWebService Authenticated Remote Code Execution (CVE-2023-21742) (exploit.rules)
- 2063366 - ET WEB_SPECIFIC_APPS Anthropic MCP Inspector Proxy Server-Sent Events (SSE) Unauthenticated Remote Code Execution (CVE-2025-49596) (web_specific_apps.rules)
- 2063367 - ET EXPLOIT GTPDoor Trigger Packet Request (exploit.rules)
- 2063368 - ET EXPLOIT GTPDoor Trigger Packet Response (exploit.rules)
- 2063369 - ET INFO Invalid GTP Response Packet Observed (info.rules)
- 2063370 - ET WEB_SPECIFIC_APPS D-Link switch_language.cgi language Parameter Buffer Overflow (CVE-2025-7206) (web_specific_apps.rules)
- 2063371 - ET MALWARE Amatera Stealer CnC Checkin Attempt M2 (malware.rules)
- 2063372 - ET MALWARE Amatera Stealer CnC Exfil (POST) M3 (malware.rules)
- 2063373 - ET MALWARE Amatera Stealer CnC Exfil (POST) M4 (malware.rules)
- 2063374 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (assets .studermfg .com) (malware.rules)
- 2063375 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (assets .studermfg .com) (malware.rules)
- 2063376 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (trendings .top) (exploit_kit.rules)
- 2063377 - ET MALWARE GTPDoor Ack Beacon Request (TCP) (malware.rules)
- 2063378 - ET MALWARE GTPDoor Client Beacon Response (TCP) (malware.rules)
Pro:
- 2863406 - ETPRO HUNTING Microsoft SQL Server Unauthorized Information Disclosure (CVE-2025-49718) (hunting.rules)
- 2863408 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863409 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863410 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863411 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863412 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863413 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863414 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863415 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863416 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2863417 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2863418 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2863419 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2863420 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2863421 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2863422 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2863423 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2863424 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2863425 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2863426 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2863427 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2863428 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
- 2863429 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)