Ruleset Update Summary - 2025/03/24 - v10889

rulesbot · March 24, 2025, 8:56pm

Summary:

19 new OPEN, 30 new PRO (19 + 11)

Thanks @monitorsg

Added rules:

Open:

2061021 - ET MALWARE SvcStealer CNC Tasking Checkin (malware.rules)
2061022 - ET MALWARE SvcStealer Data Exfiltration Attempt (malware.rules)
2061023 - ET INFO DYNAMIC_DNS Query to a *.savwhatsup .com domain (info.rules)
2061024 - ET INFO DYNAMIC_DNS HTTP Request to a *.savwhatsup .com domain (info.rules)
2061025 - ET MALWARE Specter Insight Beacon CnC Checkin (malware.rules)
2061026 - ET WEB_SERVER Next.js Middleware Authorization Bypass (CVE-2025-29927) (web_server.rules)
2061027 - ET WEB_SPECIFIC_APPS Discourse Backup File Disclosure via Default Nginx Configuration (CVE-2024-53991) (web_specific_apps.rules)
2061028 - ET INFO Observed DNS Query to Abused File Sharing Domain in DNS Lookup (filebin .net) (info.rules)
2061029 - ET INFO Observed Abused File Sharing Domain in TLS SNI (filebin .net) (info.rules)
2061030 - ET INFO DYNAMIC_DNS Query to a *.kick .sh domain (info.rules)
2061031 - ET INFO DYNAMIC_DNS HTTP Request to a *.kick .sh domain (info.rules)
2061032 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (wccdefense .com) (exploit_kit.rules)
2061033 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (pdmfg .com) (exploit_kit.rules)
2061034 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (wccdefense .com) (exploit_kit.rules)
2061035 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (pdmfg .com) (exploit_kit.rules)
2061036 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cryptohardware .shop) (exploit_kit.rules)
2061037 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cryptohardware .shop) (exploit_kit.rules)
2061038 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (phpmyadmin .artisticglassstudio .com) (malware.rules)
2061039 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (phpmyadmin .artisticglassstudio .com) (malware.rules)

Pro:

2860857 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860858 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860859 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860860 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860861 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860862 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860863 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860864 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860865 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2860866 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2860883 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/11/22 - v10471 Ruleset Updates	351	November 22, 2023
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	185	July 15, 2024
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	236	June 3, 2024
Ruleset Update Summary - 2025/01/06 - v10830 Ruleset Updates	144	January 6, 2025
Ruleset Update Summary - 2024/10/30 - v10731 Ruleset Updates	205	October 30, 2024

Ruleset Update Summary - 2025/03/24 - v10889

Summary:

Added rules:

Open:

Pro:

Related topics