Ruleset Update Summary - 2025/01/16 - v10839

Ruleset Updates
1

Summary:

18 new OPEN, 19 new PRO (18 + 1)

Added rules:

Open:

  • 2059281 - ET WEB_SPECIFIC_APPS Squid Proxy user_name and auth Reflected Cross-Site Scripting (CVE-2019-13345) (web_specific_apps.rules)
  • 2059282 - ET WEB_SPECIFIC_APPS phpGACL acl_admin action Parameter Reflected Cross-Site Scripting (CVE-2020-13562) (web_specific_apps.rules)
  • 2059283 - ET WEB_SPECIFIC_APPS Fortinet Authentication Bypass via Node.js Websocket (CVE-2024-55591) (web_specific_apps.rules)
  • 2059284 - ET INFO Windows Update/Microsoft FP Flowbit M2 (info.rules)
  • 2059285 - ET INFO Windows Update/Microsoft FP Flowbit M3 (info.rules)
  • 2059286 - ET EXPLOIT_KIT Malicious TDS Domain in DNS Lookup (cdn1 .massearchtraffic .top) (exploit_kit.rules)
  • 2059287 - ET EXPLOIT_KIT Malicious TDS Domain in TLS SNI (cdn1 .massearchtraffic .top) (exploit_kit.rules)
  • 2059288 - ET INFO Windows Update/Microsoft FP Flowbit M4 (info.rules)
  • 2059289 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (saytunka .com) (exploit_kit.rules)
  • 2059290 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (saytunka .com) (exploit_kit.rules)
  • 2059291 - ET EXPLOIT_KIT Malicious TDS Domain in DNS Lookup (cdn1 .massearchtraffic .top) (exploit_kit.rules)
  • 2059292 - ET EXPLOIT_KIT Malicious TDS Domain in TLS SNI (cdn1 .massearchtraffic .top) (exploit_kit.rules)
  • 2059293 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (todohornos .top) (exploit_kit.rules)
  • 2059294 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (waimaotuiguang .top) (exploit_kit.rules)
  • 2059295 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (todohornos .top) (exploit_kit.rules)
  • 2059296 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (waimaotuiguang .top) (exploit_kit.rules)
  • 2059297 - ET MALWARE SocGholish CnC Domain in DNS Lookup (* .regular .ptbaconsulting .com) (malware.rules)
  • 2059298 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .regular .ptbaconsulting .com) (malware.rules)

Pro:

  • 2859620 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Disabled and modified rules:

  • 2054706 - ET MALWARE SocGholish Domain in TLS SNI (books .friendsofthefolsomlibrary .org) (malware.rules)
  • 2054720 - ET MALWARE SocGholish CnC Domain in DNS (* .living .miraclesofeucharisticjesus .org) (malware.rules)
  • 2054866 - ET MALWARE SocGholish CnC Domain in DNS (* .donors .eucharisticjesus .net) (malware.rules)
  • 2055222 - ET MALWARE SocGholish CnC Domain in DNS (* .guide .borden-carleton .ca) (malware.rules)
  • 2055315 - ET MALWARE SocGholish CnC Domain in DNS (* .sponsor .printondemandagency .com) (malware.rules)
  • 2055769 - ET MALWARE SocGholish CnC Domain in DNS (* .benefits .melanatedbloodlinesrestoration .com) (malware.rules)
  • 2055867 - ET MALWARE SocGholish CnC Domain in DNS (* .therapy .emergencepsychservices .com) (malware.rules)
  • 2056032 - ET MALWARE SocGholish CnC Domain in DNS (* .free .thebitmeister .com) (malware.rules)
  • 2056321 - ET MALWARE SocGholish CnC Domain in DNS (* .shades .whatisaweekend .com) (malware.rules)
  • 2056554 - ET MALWARE SocGholish CnC Domain in DNS (* .outfit .dianamercer .com) (malware.rules)
  • 2057065 - ET MALWARE SocGholish CnC Domain in DNS (* .range .cccinvolve .org) (malware.rules)
  • 2057066 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .range .cccinvolve .org) (malware.rules)
  • 2057228 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .strategies .mvpstrat .com) (malware.rules)
  • 2057229 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .strategies .mvpstrat .com) (malware.rules)
  • 2057364 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .events .socalpocis .org) (malware.rules)
  • 2057365 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .events .socalpocis .org) (malware.rules)
  • 2057680 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .staff .plenarykcg .com) (malware.rules)
  • 2057681 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .staff .plenarykcg .com) (malware.rules)
  • 2057777 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .cases .pcohenlaw .com) (malware.rules)
  • 2057811 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .lessons .southsidechurchofchristla .org) (malware.rules)
  • 2057898 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .studio .lacrenshawcrossing .com) (malware.rules)
  • 2057963 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .trc20 .kcgrocks .com) (malware.rules)
  • 2057964 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .trc20 .kcgrocks .com) (malware.rules)
  • 2058036 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .trc20 .kcgrocks .com) (malware.rules)
  • 2058098 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .law .kimsavagelaw .com) (malware.rules)
  • 2058154 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .material .amstillroofing .com) (malware.rules)
  • 2058203 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .riders .50kfor50years .com) (malware.rules)
  • 2058327 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .sectors .bowentaxlaw .com) (malware.rules)
  • 2058418 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .demo .ezra-ai .com) (malware.rules)
  • 2058470 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .office .enewlaw .com) (malware.rules)
  • 2058559 - ET MALWARE SocGholish CnC Domain in TLS SNI (* .stock .letsgoautomotive .com) (malware.rules)
  • 2058652 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .chain .buyclosersonline .com) (malware.rules)
  • 2058653 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .chain .buyclosersonline .com) (malware.rules)
  • 2058720 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .slot .buyaiphoneonline .com) (malware.rules)
  • 2058721 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .slot .buyaiphoneonline .com) (malware.rules)
  • 2859488 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859489 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2859490 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)