Ruleset Update Summary - 2025/03/20 - v10887

rulesbot · March 20, 2025, 9:03pm

Summary:

38 new OPEN, 77 new PRO (38 + 39)

Thanks @Jane_0sint

Added rules:

Open:

2060968 - ET WEB_SPECIFIC_APPS Edimax IC-7100 Command Injection Attempt (CVE-2025-1316) (web_specific_apps.rules)
2060969 - ET MALWARE Amadey CnC Response (malware.rules)
2060970 - ET INFO DYNAMIC_DNS Query to a *.schrottspiele .de domain (info.rules)
2060971 - ET INFO DYNAMIC_DNS HTTP Request to a *.schrottspiele .de domain (info.rules)
2060972 - ET INFO DYNAMIC_DNS Query to a *.or-g .net domain (info.rules)
2060973 - ET INFO DYNAMIC_DNS HTTP Request to a *.or-g .net domain (info.rules)
2060974 - ET INFO DYNAMIC_DNS Query to a *.silvaharo .com domain (info.rules)
2060975 - ET INFO DYNAMIC_DNS HTTP Request to a *.silvaharo .com domain (info.rules)
2060976 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cityesca .top) (malware.rules)
2060977 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cityesca .top) in TLS SNI (malware.rules)
2060978 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gunrightsp .run) (malware.rules)
2060979 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gunrightsp .run) in TLS SNI (malware.rules)
2060980 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (partparcadi .shop) (malware.rules)
2060981 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (partparcadi .shop) in TLS SNI (malware.rules)
2060982 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rugbybrign .life) (malware.rules)
2060983 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rugbybrign .life) in TLS SNI (malware.rules)
2060984 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (advennture .top) (malware.rules)
2060985 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (advennture .top in TLS SNI) (malware.rules)
2060986 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (esccapewz .run) (malware.rules)
2060987 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (esccapewz .run in TLS SNI) (malware.rules)
2060988 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (travewlio .shop) (malware.rules)
2060989 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (travewlio .shop in TLS SNI) (malware.rules)
2060990 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (touvrlane .bet) (malware.rules)
2060991 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (touvrlane .bet in TLS SNI) (malware.rules)
2060992 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sighbtseeing .shop) (malware.rules)
2060993 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sighbtseeing .shop in TLS SNI) (malware.rules)
2060994 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (holidamyup .today) (malware.rules)
2060995 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (holidamyup .today in TLS SNI) (malware.rules)
2060996 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (triplooqp .world) (malware.rules)
2060997 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (triplooqp .world in TLS SNI) (malware.rules)
2060998 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (computertecs .com) (exploit_kit.rules)
2060999 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (vfclan .com) (exploit_kit.rules)
2061000 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (janhugo .com) (exploit_kit.rules)
2061001 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (computertecs .com) (exploit_kit.rules)
2061002 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (vfclan .co) (exploit_kit.rules)
2061003 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (janhugo .com) (exploit_kit.rules)
2061004 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (mail .pacifictaxcounsel .com) (malware.rules)
2061005 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (mail .pacifictaxcounsel .com) (malware.rules)

Pro:

2860817 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860818 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860819 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860820 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860821 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860822 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860823 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860824 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860825 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2860826 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2860827 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2860828 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2860829 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860830 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2860831 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860832 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2860833 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860834 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860835 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2860836 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860837 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860838 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860839 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860840 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860841 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860842 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2860843 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2860844 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2860845 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2860846 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860847 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2860848 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860849 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2860850 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860851 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860852 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2860853 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860854 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2860855 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Disabled and modified rules:

2060874 - ET MALWARE Win32/TA569 Gholoader Domain in DNS Lookup (support .traininghub .world) (malware.rules)
2060875 - ET MALWARE Win32/TA569 Gholoader Domain in TLS SNI (support .traininghub .world) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/17 - v10882 Ruleset Updates	79	March 17, 2025
Ruleset Update Summary - 2024/11/04 - v10734 Ruleset Updates	106	November 4, 2024
Ruleset Update Summary - 2024/08/19 - v10669 Ruleset Updates	149	August 19, 2024
Ruleset Update Summary - 2025/03/10 - v10875 Ruleset Updates	128	March 10, 2025
Ruleset Update Summary - 2025/04/14 - v10904 Ruleset Updates	93	April 14, 2025

Ruleset Update Summary - 2025/03/20 - v10887

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics