Ruleset Update Summary - 2025/03/26 - v10891

rulesbot · March 26, 2025, 8:34pm

Summary:

16 new OPEN, 35 new PRO (16 + 19)

Added rules:

Open:

2061104 - ET WEB_SPECIFIC_APPS XWiki Groovy Script Command Injection Attempt (CVE-2024-31982) (web_specific_apps.rules)
2061105 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aiwavey .run) (malware.rules)
2061106 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aiwavey .run) in TLS SNI (malware.rules)
2061107 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ferrousz .digital) (malware.rules)
2061108 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ferrousz .digital) in TLS SNI (malware.rules)
2061109 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (netcorde .run) (malware.rules)
2061110 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (netcorde .run) in TLS SNI (malware.rules)
2061111 - ET WEB_SPECIFIC_APPS TBK DVR-4104/4216 Command Injection Attempt (CVE-2024-3721) (web_specific_apps.rules)
2061112 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (inteklabs .com) (exploit_kit.rules)
2061113 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (inteklabs .com) (exploit_kit.rules)
2061114 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (music .homesalemedia .com) (malware.rules)
2061115 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (music .homesalemedia .com) (malware.rules)
2061116 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rumbaya .com) (exploit_kit.rules)
2061117 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rumbaya .com) (exploit_kit.rules)
2061118 - ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M3 (GET) (malware.rules)
2061119 - ET WEB_SPECIFIC_APPS Sitecore CMS CSRFTOKEN Deserialization Remote Code Execution Attempt (CVE-2019-9874) (web_specific_apps.rules)

Pro:

2860900 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860901 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860902 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860903 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860904 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860905 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860906 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860907 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860908 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860909 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860910 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860911 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860912 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860913 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860914 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860915 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860916 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2860917 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2860918 - ETPRO MALWARE ExEvil Captcha Solver CnC Activity (POST) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/04/07 - v10899 Ruleset Updates	91	April 7, 2025
Ruleset Update Summary - 2025/01/10 - v10835 Ruleset Updates	108	January 10, 2025
Ruleset Update Summary - 2025/02/04 - v10852 Ruleset Updates	100	February 4, 2025
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	87	December 26, 2024
Ruleset Update Summary - 2024/11/29 - v10761 Ruleset Updates	43	November 29, 2024

Ruleset Update Summary - 2025/03/26 - v10891

Summary:

Added rules:

Open:

Pro:

Related topics