Ruleset Update Summary - 2025/03/04 - v10871

rulesbot · March 4, 2025, 9:51pm

Summary:

23 new OPEN, 55 new PRO (23 + 32)

Added rules:

Open:

2060571 - ET PHISHING Evilginx Activity (Favicon Query) (phishing.rules)
2060572 - ET MALWARE InvisibleFerret CnC Activity (POST) M1 (malware.rules)
2060573 - ET MALWARE InvisibleFerret CnC Activity (POST) M2 (malware.rules)
2060574 - ET INFO DYNAMIC_DNS Query to a *.deltako .com domain (info.rules)
2060575 - ET INFO DYNAMIC_DNS HTTP Request to a *.deltako .com domain (info.rules)
2060576 - ET MALWARE Win32/SocGholish CnC Domain in DNS Lookup (cpanel .kreativelife .net) (malware.rules)
2060577 - ET MALWARE Win32/SocGholish CnC Domain in TLS SNI (cpanel .kreativelife .net) (malware.rules)
2060578 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (MysticNexst .cyou) (malware.rules)
2060579 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (MysticNexst .cyou in TLS SNI) (malware.rules)
2060580 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (citxresearchers .icu) (malware.rules)
2060581 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (citxresearchers .icu in TLS SNI) (malware.rules)
2060582 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reseagetwork .top) (malware.rules)
2060583 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reseagetwork .top in TLS SNI) (malware.rules)
2060584 - ET MALWARE InvisibleFerret CnC Activity (GET) M4 (malware.rules)
2060585 - ET MALWARE Win32/SocGholish GhostWeaver Backdoor Activity (PowerShell BOINC Download Request) (malware.rules)
2060586 - ET MALWARE InvisibleFerret CnC Activity (GET) M5 (malware.rules)
2060587 - ET MALWARE InvisibleFerret CnC Activity (GET) M6 (malware.rules)
2060588 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (harmarpets .com) (exploit_kit.rules)
2060589 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (harmarpets .com) (exploit_kit.rules)
2060590 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (khusinhthaidanphuong .top) (exploit_kit.rules)
2060591 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (filmlerzltyazilimsx .shop) (exploit_kit.rules)
2060592 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (khusinhthaidanphuong .top) (exploit_kit.rules)
2060593 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (filmlerzltyazilimsx .shop) (exploit_kit.rules)

Pro:

2860543 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860544 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860545 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860546 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860547 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2860548 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860549 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2860550 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860551 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2860552 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860553 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860554 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2860555 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860556 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860557 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860558 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860559 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860560 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860561 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2860562 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2860563 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2860564 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2860565 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860566 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2860567 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860568 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2860569 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860570 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860571 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2860572 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860573 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2860574 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/02/19 - v10862 Ruleset Updates	100	February 19, 2025
Ruleset Update Summary - 2025/02/04 - v10852 Ruleset Updates	96	February 4, 2025
Ruleset Update Summary - 2025/02/18 - v10861 Ruleset Updates	163	February 18, 2025
Ruleset Update Summary - 2024/11/20 - v10746 Ruleset Updates	87	November 20, 2024
Ruleset Update Summary - 2024/09/12 - v10688 Ruleset Updates	42	September 12, 2024

Ruleset Update Summary - 2025/03/04 - v10871

Summary:

Added rules:

Open:

Pro:

Related topics