Ruleset Update Summary - 2025/02/13 - v10859

rulesbot · February 13, 2025, 9:40pm

Summary:

34 new OPEN, 90 new PRO (34 + 56)

Added rules:

Open:

2060055 - ET WEB_SPECIFIC_APPS SonicOS SSLVPN Authentication Bypass HTTP Cookie (swap) (CVE-2024-53704) (web_specific_apps.rules)
2060056 - ET WEB_SPECIFIC_APPS SonicOS SSLVPN Authentication Bypass Response (CVE-2024-53704) (web_specific_apps.rules)
2060057 - ET MALWARE Build Your Own Botnet CnC Exfil (POST) (malware.rules)
2060058 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (asphaltgforest .today) (malware.rules)
2060059 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (asphaltgforest .today in TLS SNI) (malware.rules)
2060060 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (blast-hubs .com) (malware.rules)
2060061 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (blast-hubs .com in TLS SNI) (malware.rules)
2060062 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (blastikcn .com) (malware.rules)
2060063 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (blastikcn .com in TLS SNI) (malware.rules)
2060064 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curitousminds .cyou) (malware.rules)
2060065 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (curitousminds .cyou in TLS SNI) (malware.rules)
2060066 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (generalmills .pro) (malware.rules)
2060067 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (generalmills .pro in TLS SNI) (malware.rules)
2060068 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gleefuhlcloud .top) (malware.rules)
2060069 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gleefuhlcloud .top in TLS SNI) (malware.rules)
2060070 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (https://t .me/prokllumexp) (malware.rules)
2060071 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (https://t .me/prokllumexp in TLS SNI) (malware.rules)
2060072 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mercharena .biz) (malware.rules)
2060073 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mercharena .biz in TLS SNI) (malware.rules)
2060074 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nestlecompany .pro) (malware.rules)
2060075 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (nestlecompany .pro in TLS SNI) (malware.rules)
2060076 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (peajcefulspaces .cyou) (malware.rules)
2060077 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (peajcefulspaces .cyou in TLS SNI) (malware.rules)
2060078 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stormlegue .com) (malware.rules)
2060079 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (stormlegue .com in TLS SNI) (malware.rules)
2060080 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tecchsavvy .cyou) (malware.rules)
2060081 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tecchsavvy .cyou in TLS SNI) (malware.rules)
2060082 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wilvdflowercottage .pics) (malware.rules)
2060083 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wilvdflowercottage .pics in TLS SNI) (malware.rules)
2060084 - ET MALWARE SocGholish CnC Domain in DNS Lookup (portal .miaariacademy .com) (malware.rules)
2060085 - ET MALWARE SocGholish CnC Domain in TLS SNI (portal .miaariacademy .com) (malware.rules)
2060086 - ET WEB_SPECIFIC_APPS Palo Alto PAN-OS Management Web Interface Authentication Bypass (CVE-2025-0108) (web_specific_apps.rules)
2060087 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (fashionghana .shop) (exploit_kit.rules)
2060088 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (fashionghana .shop) (exploit_kit.rules)

Pro:

2860246 - ETPRO MALWARE VBS/Fake Social Security PDF Exfil via Telegram (malware.rules)
2860247 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860248 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860249 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860250 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860251 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860252 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860253 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860254 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860255 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860256 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860257 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860258 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860259 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2860260 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860261 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2860262 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860263 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2860264 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860265 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860266 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2860267 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860268 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860269 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860270 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860271 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860272 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860273 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2860274 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2860275 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2860276 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2860277 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860278 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2860279 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860280 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2860281 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860282 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860283 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2860284 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860285 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860286 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860287 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860288 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860289 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860290 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860291 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860292 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860293 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860294 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860295 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860296 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860297 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860298 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860299 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860300 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860301 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/11/13 - v10741 Ruleset Updates	135	November 13, 2024
Ruleset Update Summary - 2024/12/23 - v10813 Ruleset Updates	97	December 23, 2024
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	85	December 26, 2024
Ruleset Update Summary - 2025/01/10 - v10835 Ruleset Updates	104	January 10, 2025
Ruleset Update Summary - 2025/01/27 - v10846 Ruleset Updates	90	January 27, 2025

Ruleset Update Summary - 2025/02/13 - v10859

Summary:

Added rules:

Open:

Pro:

Related topics