Summary:
9 new OPEN, 35 new PRO (9 + 26)
Added rules:
Open:
- 2066502 - ET WEB_SPECIFIC_APPS Grafana Server-Side Open Redirect (CVE-2025-6023) (web_specific_apps.rules)
- 2066503 - ET POLICY Externally Hosted Fortinet Endpoint Management Server (EMS) FortiClient Invite URI Scheme Observed (policy.rules)
- 2066504 - ET POLICY Externally Hosted Fortinet Endpoint Management Server (EMS) FortiClient Onboarding URI Scheme Observed (policy.rules)
- 2066505 - ET MALWARE Observed Glupteba CnC Domain (retoti .com in TLS SNI) (malware.rules)
- 2066506 - ET MALWARE Observed Glupteba CnC Domain (trumops .com in TLS SNI) (malware.rules)
- 2066507 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lexenorf .org) (malware.rules)
- 2066508 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lexenorf .org) in TLS SNI (malware.rules)
- 2066509 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ydobniudivan .ru) (malware.rules)
- 2066510 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ydobniudivan .ru) in TLS SNI (malware.rules)
Pro:
- 2865512 - ETPRO PHISHING Observed DNS Query to TA451 Domain (phishing.rules)
- 2865513 - ETPRO PHISHING Observed DNS Query to TA451 Domain (phishing.rules)
- 2865514 - ETPRO PHISHING Observed DNS Query to TA451 Domain (phishing.rules)
- 2865515 - ETPRO PHISHING Observed DNS Query to TA451 Domain (phishing.rules)
- 2865516 - ETPRO PHISHING Observed DNS Query to TA451 Domain (phishing.rules)
- 2865517 - ETPRO PHISHING Observed DNS Query to TA451 Domain (phishing.rules)
- 2865518 - ETPRO PHISHING Observed DNS Query to TA451 Domain (phishing.rules)
- 2865519 - ETPRO PHISHING Observed TA451 Domain in TLS SNI (phishing.rules)
- 2865520 - ETPRO PHISHING Observed TA451 Domain in TLS SNI (phishing.rules)
- 2865521 - ETPRO PHISHING Observed TA451 Domain in TLS SNI (phishing.rules)
- 2865522 - ETPRO PHISHING Observed TA451 Domain in TLS SNI (phishing.rules)
- 2865523 - ETPRO PHISHING Observed TA451 Domain in TLS SNI (phishing.rules)
- 2865524 - ETPRO PHISHING Observed TA451 Domain in TLS SNI (phishing.rules)
- 2865525 - ETPRO PHISHING Observed TA451 Domain in TLS SNI (phishing.rules)
- 2865526 - ETPRO MALWARE Observed DNS Query to TA451 Domain (malware.rules)
- 2865527 - ETPRO MALWARE Observed TA451 Domain in TLS SNI (malware.rules)
- 2865528 - ETPRO PHISHING Observed DNS Query to TA456 Domain (phishing.rules)
- 2865529 - ETPRO PHISHING Observed DNS Query to TA456 Domain (phishing.rules)
- 2865530 - ETPRO PHISHING Observed DNS Query to TA456 Domain (phishing.rules)
- 2865531 - ETPRO PHISHING Observed TA456 Domain in TLS SNI (phishing.rules)
- 2865532 - ETPRO PHISHING Observed TA456 Domain in TLS SNI (phishing.rules)
- 2865533 - ETPRO PHISHING Observed TA456 Domain in TLS SNI (phishing.rules)
- 2865534 - ETPRO PHISHING TA456 CnC Domain in DNS Lookup (phishing.rules)
- 2865535 - ETPRO PHISHING TA456 CnC Domain in DNS Lookup (phishing.rules)
- 2865536 - ETPRO PHISHING Observed TA456 Domain in TLS SNI (phishing.rules)
- 2865537 - ETPRO PHISHING Observed TA456 Domain in TLS SNI (phishing.rules)
Modified inactive rules:
- 2000007 - ET EXPLOIT Catalyst SSH protocol mismatch (exploit.rules)
- 2002821 - ET ADWARE_PUP SideStep Bar Reporting Data (sbstart) (adware_pup.rules)
- 2007584 - ET EXPLOIT TrendMicro ServerProtect Exploit possible worma(little-endian DCERPC Request) (exploit.rules)
- 2007652 - ET ATTACK_RESPONSE c99shell phpshell detected (attack_response.rules)
- 2023296 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
- 2024070 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (malware.rules)
- 2815619 - ETPRO MALWARE Sacto DNS Lookup (malware.rules)
- 2819701 - ETPRO EXPLOIT_KIT SunDown/Xer EK Flash Exploit Apr 12 2016 (exploit_kit.rules)
- 2820836 - ETPRO MALWARE W32/Unknown Stealer Sending Passwords (malware.rules)
- 2826050 - ETPRO MALWARE Zeus Panda Banker Malicious SSL Certificate Detected (malware.rules)