Ruleset Update Summary - 2025/02/05 - v10853

rulesbot · February 5, 2025, 9:04pm

Summary:

16 new OPEN, 25 new PRO (16 + 9)

Added rules:

Open:

2059889 - ET POLICY Plaintext SSH Private Key Outbound over HTTP (policy.rules)
2059890 - ET WEB_SPECIFIC_APPS DrayTek Gateway Web Management Interface OS Command Injection (CVE-2024-12987) (web_specific_apps.rules)
2059891 - ET WEB_SPECIFIC_APPS Ivanti EPM Cloud Services Appliance Backdoor Access Attempt (CVE-2021-44529) (web_specific_apps.rules)
2059892 - ET WEB_SPECIFIC_APPS Ivanti EPM Cloud Services Appliance Backdoor Response (CVE-2021-44529) (web_specific_apps.rules)
2059893 - ET WEB_SPECIFIC_APPS D-Link DIR-605 getcfg.php Authentication Bypass Attempt (CVE-2021-40655) (web_specific_apps.rules)
2059894 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwriftycloud .pics) (malware.rules)
2059895 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dwriftycloud .pics in TLS SNI) (malware.rules)
2059896 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapeguidecaz .shop) (malware.rules)
2059897 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (shapeguidecaz .shop in TLS SNI) (malware.rules)
2059898 - ET WEB_SPECIFIC_APPS Possible Roundcube XSS via Malicious XML Attachment (CVE-2020-13965) (web_specific_apps.rules)
2059899 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (vdrdid .shop) (exploit_kit.rules)
2059900 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (vdrdid .shop) (exploit_kit.rules)
2059901 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (lifewis .com) (exploit_kit.rules)
2059902 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (lifewis .com) (exploit_kit.rules)
2059903 - ET MALWARE SocGholish CnC Domain in DNS Lookup (support .myfirstdealplaybook .com) (malware.rules)
2059904 - ET MALWARE SocGholish CnC Domain in TLS SNI (support .myfirstdealplaybook .com) (malware.rules)

Pro:

2859898 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2859899 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2859900 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2859901 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859902 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859903 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859904 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2859905 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2859906 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/01/10 - v10835 Ruleset Updates	95	January 10, 2025
Ruleset Update Summary - 2024/10/30 - v10731 Ruleset Updates	194	October 30, 2024
Ruleset Update Summary - 2024/08/06 - v10660 Ruleset Updates	68	August 6, 2024
Ruleset Update Summary - 2025/02/04 - v10852 Ruleset Updates	65	February 4, 2025
Ruleset Update Summary - 2025/01/08 - v10833 Ruleset Updates	89	January 8, 2025

Ruleset Update Summary - 2025/02/05 - v10853

Summary:

Added rules:

Open:

Pro:

Related topics