Ruleset Update Summary - 2025/02/11 - v10857

Ruleset Updates
1

Summary:

6 new OPEN, 8 new PRO (6 + 2)

Added rules:

Open:

  • 2060030 - ET EXPLOIT Microsoft Windows Themes Spoofing (CVE-2024-38030) (exploit.rules)
  • 2060031 - ET EXPLOIT Microsoft Windows Themes Spoofing (CVE-2024-21320) (exploit.rules)
  • 2060032 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (iconcss.com) (exploit_kit.rules)
  • 2060033 - ET MALWARE ReverseLoader Style Payload Request (GET) (malware.rules)
  • 2060034 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (52ecy .shop) (exploit_kit.rules)
  • 2060035 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (52ecy .shop) (exploit_kit.rules)

Pro:

  • 2860234 - ETPRO EXPLOIT NTLM Hash Disclosure via InternetShortcut (CVE-2025-21377) (exploit.rules)
  • 2860235 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Disabled and modified rules:

  • 2060015 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (* .jpainting .ca) (malware.rules)
  • 2060016 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (* .jpainting .ca) (malware.rules)
  • 2819866 - ETPRO MOBILE_MALWARE Android.Trojan.Downloader.CI Checkin (mobile_malware.rules)