Ruleset Update Summary - 2025/03/28 - v10893

rulesbot · March 28, 2025, 9:20pm

Summary:

8 new OPEN, 12 new PRO (8 + 4)

2061172 - ET INFO DYNAMIC_DNS Query to a *.mexicommerce .com domain (info.rules)
2061173 - ET INFO DYNAMIC_DNS HTTP Request to a *.mexicommerce .com domain (info.rules)
2061174 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (galactich .today) (malware.rules)
2061175 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (galactich .today) in TLS SNI (malware.rules)
2061176 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nebuxisn .top) (malware.rules)
2061177 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (nebuxisn .top) in TLS SNI (malware.rules)
2061178 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (beta .buildersdroneview .com) (malware.rules)
2061179 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (beta .buildersdroneview .com) (malware.rules)

2860948 - ETPRO MALWARE VIP Recovery Keylogger Checkin via Telegram (GET) (malware.rules)
2860949 - ETPRO MALWARE VIP Recovery Keylogger Exfil via Telegram (POST) (malware.rules)
2860952 - ETPRO MALWARE Observed XWorm Related Domain in TLS SNI (malware.rules)
2860953 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

2061123 - ET WEB_SPECIFIC_APPS Discourse Backup File Disclosure via Default Nginx Configuration (CVE-2024-53991) (web_specific_apps.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/01/10 - v10835 Ruleset Updates	106	January 10, 2025
Ruleset Update Summary - 2024/12/26 - v10817 Ruleset Updates	85	December 26, 2024
Ruleset Update Summary - 2024/08/09 - v10663 Ruleset Updates	93	August 9, 2024
Ruleset Update Summary - 2024/09/12 - v10688 Ruleset Updates	42	September 12, 2024
Ruleset Update Summary - 2025/03/06 - v10873 Ruleset Updates	60	March 6, 2025