Ruleset Update Summary - 2025/03/18 - v10883

rulesbot · March 18, 2025, 8:41pm

Summary:

14 new OPEN, 24 new PRO (14 + 10)

2060943 - ET PHISHING Github Credential Phish Domain in DNS Lookup (.* github* .onrender .com) (phishing.rules)
2060944 - ET PHISHING Observed Github Credential Phish Domain (.* github* .onrender .com in TLS SNI) (phishing.rules)
2060945 - ET WEB_SPECIFIC_APPS Wazuh Server Serialized Unhandled Exception Payload (CVE-2025-24016) (web_specific_apps.rules)
2060946 - ET INFO DYNAMIC_DNS Query to a *.switchestudio .com domain (info.rules)
2060947 - ET INFO DYNAMIC_DNS HTTP Request to a *.switchestudio .com domain (info.rules)
2060948 - ET MALWARE Win32/TA569 Gholoader Domain in DNS Lookup (static .twalls5280 .com) (malware.rules)
2060949 - ET MALWARE Win32/TA569 Gholoader Domain in TLS SNI (static .twalls5280 .com) (malware.rules)
2060950 - ET MALWARE Unknown Stealer Victim Profile Exfiltration (POST) (malware.rules)
2060951 - ET MALWARE Unknown Stealer Victim Desktop Screenshot Exfiltration (POST) (malware.rules)
2060952 - ET INFO Zoho Social URL Shortener Service CnC Domain in DNS Lookup (zurl .co) (info.rules)
2060953 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (kimjohan .com) (exploit_kit.rules)
2060954 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (kimjohan .com) (exploit_kit.rules)
2060955 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (training .preschoolproblems .com) (exploit_kit.rules)
2060956 - ET EXPLOIT_KIT Malicious TA2726 TDS Domain in TLS SNI (training .preschoolproblems .com) (exploit_kit.rules)

2860792 - ETPRO MALWARE TA453 CnC Activity (GET) (malware.rules)
2860793 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860794 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860795 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860796 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860797 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860798 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860799 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860800 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860801 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/04/16 - v10907 Ruleset Updates	30	April 16, 2025
Ruleset Update Summary - 2024/12/12 - v10800 Ruleset Updates	101	December 12, 2024
Ruleset Update Summary - 2024/02/12 - v10530 Ruleset Updates	251	February 12, 2024
Ruleset Update Summary - 2024/12/20 - v10812 Ruleset Updates	120	December 20, 2024
Ruleset Update Summary - 2024/08/14 - v10666 Ruleset Updates	60	August 14, 2024