Ruleset Update Summary - 2025/02/27 - v10868

Ruleset Updates
1

Summary:

34 new OPEN, 66 new PRO (34 + 32)

Added rules:

Open:

  • 2060401 - ET PHISHING Darcula Credential Phish Socket Response 2025-02-27 (phishing.rules)
  • 2060402 - ET PHISHING Darcula Credential Phish Landing Page M1 2025-02-27 (phishing.rules)
  • 2060403 - ET PHISHING Darcula Credential Phish Landing Page M2 2025-02-27 (phishing.rules)
  • 2060404 - ET INFO DYNAMIC_DNS Query to a *.webconstructions .co .uk domain (info.rules)
  • 2060405 - ET INFO DYNAMIC_DNS HTTP Request to a *.webconstructions .co .uk domain (info.rules)
  • 2060406 - ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M1 (web_specific_apps.rules)
  • 2060407 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (round .micha .ai) (malware.rules)
  • 2060408 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (round .micha .ai) (malware.rules)
  • 2060409 - ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M2 (web_specific_apps.rules)
  • 2060410 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (collapimga .fun) (malware.rules)
  • 2060411 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (collapimga .fun in TLS SNI) (malware.rules)
  • 2060412 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (earthsymphzony .today) (malware.rules)
  • 2060413 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (earthsymphzony .today in TLS SNI) (malware.rules)
  • 2060414 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (foresctwhispers .top) (malware.rules)
  • 2060415 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (foresctwhispers .top in TLS SNI) (malware.rules)
  • 2060416 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (quietswtreams .life) (malware.rules)
  • 2060417 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (quietswtreams .life in TLS SNI) (malware.rules)
  • 2060418 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (seizedsentec .online) (malware.rules)
  • 2060419 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (seizedsentec .online in TLS SNI) (malware.rules)
  • 2060420 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starrynsightsky .icu) (malware.rules)
  • 2060421 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (starrynsightsky .icu in TLS SNI) (malware.rules)
  • 2060422 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (strawpeasaen .fun) (malware.rules)
  • 2060423 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (strawpeasaen .fun in TLS SNI) (malware.rules)
  • 2060424 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tracnquilforest .life) (malware.rules)
  • 2060425 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tracnquilforest .life in TLS SNI) (malware.rules)
  • 2060426 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wealthestored .icu) (malware.rules)
  • 2060427 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wealthestored .icu in TLS SNI) (malware.rules)
  • 2060428 - ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M3 (web_specific_apps.rules)
  • 2060429 - ET WEB_SPECIFIC_APPS ServiceNow Command Injection Attempt (CVE-2024-5217,2024-4879) M4 (web_specific_apps.rules)
  • 2060430 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (unclezekes .com) (exploit_kit.rules)
  • 2060431 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (unclezekes .com) (exploit_kit.rules)
  • 2060432 - ET WEB_SPECIFIC_APPS Cisco Small Business Router RV Series Command Injection (CVE-2023-20118) M1 (web_specific_apps.rules)
  • 2060433 - ET WEB_SPECIFIC_APPS Cisco Small Business Router RV Series Command Injection (CVE-2023-20118) M2 (web_specific_apps.rules)
  • 2060434 - ET WEB_SPECIFIC_APPS Cisco Small Business Router RV Series Command Injection (CVE-2023-20128) (web_specific_apps.rules)

Pro:

  • 2860459 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860460 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860461 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860462 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860463 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2860464 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2860465 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2860466 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2860467 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860468 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860469 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860470 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860471 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2860472 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860473 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2860474 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2860475 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2860476 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2860477 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2860478 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2860479 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2860480 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860481 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860482 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860483 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860484 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2860485 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2860486 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2860487 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2860488 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2860489 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2860490 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)