Summary:
11 new OPEN, 26 new PRO (11 + 15)
Added rules:
Open:
- 2060957 - ET HUNTING Windows Shortcut Link Padded Whitespace in Command Line Arguments (ZDI-CAN-25373) (hunting.rules)
- 2060958 - ET PHISHING E-Z Pass Phishing Domain (e-zpasslus .com) in DNS Lookup (phishing.rules)
- 2060959 - ET PHISHING E-Z Pass Phishing Domain (e-zpasslus .com) in TLS SNI (phishing.rules)
- 2060960 - ET WEB_SPECIFIC_APPS xml-crypto / Node.js SAML Authentication Bypass Forged DigestValue Comment (CVE-2025-29775) (web_specific_apps.rules)
- 2060961 - ET WEB_SPECIFIC_APPS xml-crypto SAML Authentication Bypass Multiple SignedInfo References (CVE-2025-29774) (web_specific_apps.rules)
- 2060962 - ET WEB_SPECIFIC_APPS Ncast DVR Command Injection Attempt (CVE-2024-0305) (web_specific_apps.rules)
- 2060963 - ET WEB_SPECIFIC_APPS Ncast DVR Hardcoded Credentials Login Attempt (web_specific_apps.rules)
- 2060964 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (tecnogrup .com) (exploit_kit.rules)
- 2060965 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (tecnogrup .com) (exploit_kit.rules)
- 2060966 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (my .kconsultinggroup .com) (malware.rules)
- 2060967 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (my .kconsultinggroup .com) (malware.rules)
Pro:
- 2860802 - ETPRO MALWARE XWorm Telegram C2 Response (malware.rules)
- 2860803 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2860804 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860805 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2860806 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2860807 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
- 2860808 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2860809 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
- 2860810 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2860811 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
- 2860812 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2860813 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2860814 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
- 2860815 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
- 2860816 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)