Ruleset Update Summary - 2025/03/31 - v10894

Summary:

50 new OPEN, 116 new PRO (50 + 66)


Added rules:

Open:

  • 2061180 - ET INFO DYNAMIC_DNS Query to a *.davidandjacquelinebarbee .com domain (info.rules)
  • 2061181 - ET INFO DYNAMIC_DNS HTTP Request to a *.davidandjacquelinebarbee .com domain (info.rules)
  • 2061182 - ET INFO DYNAMIC_DNS Query to a *.airwise .cl domain (info.rules)
  • 2061183 - ET INFO DYNAMIC_DNS HTTP Request to a *.airwise .cl domain (info.rules)
  • 2061184 - ET INFO DYNAMIC_DNS Query to a *.gfplace .com domain (info.rules)
  • 2061185 - ET INFO DYNAMIC_DNS HTTP Request to a *.gfplace .com domain (info.rules)
  • 2061186 - ET INFO DYNAMIC_DNS Query to a *.africaddy .com domain (info.rules)
  • 2061187 - ET INFO DYNAMIC_DNS HTTP Request to a *.africaddy .com domain (info.rules)
  • 2061188 - ET INFO DYNAMIC_DNS Query to a *.vbrao .com domain (info.rules)
  • 2061189 - ET INFO DYNAMIC_DNS HTTP Request to a *.vbrao .com domain (info.rules)
  • 2061190 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (castlaby .live) (malware.rules)
  • 2061191 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (castlaby .live) in TLS SNI (malware.rules)
  • 2061192 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (castmann .run) (malware.rules)
  • 2061193 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (castmann .run) in TLS SNI (malware.rules)
  • 2061194 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tripfjoyq .life) (malware.rules)
  • 2061195 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tripfjoyq .life) in TLS SNI (malware.rules)
  • 2061196 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (iafec .com) (exploit_kit.rules)
  • 2061197 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (iafec .com) (exploit_kit.rules)
  • 2061198 - ET INFO Observed DNS Query to Real-time Web Stats Domain (whos .amung .us) (info.rules)
  • 2061199 - ET INFO Observed Real-time Web Stats Domain (whos .amung .us in TLS SNI) (info.rules)
  • 2061200 - ET MALWARE Unk_RAT CnC Checkin (malware.rules)
  • 2061201 - ET INFO DYNAMIC_DNS Query to a *.ourtownguttercleaning .com domain (info.rules)
  • 2061202 - ET INFO DYNAMIC_DNS HTTP Request to a *.ourtownguttercleaning .com domain (info.rules)
  • 2061203 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (galxnetb .today) (malware.rules)
  • 2061204 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (galxnetb .today) in TLS SNI (malware.rules)
  • 2061205 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ironloxp .live) (malware.rules)
  • 2061206 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ironloxp .live) in TLS SNI (malware.rules)
  • 2061207 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (meltonep .digital) (malware.rules)
  • 2061208 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (meltonep .digital) in TLS SNI (malware.rules)
  • 2061209 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (metalsyo .digital) (malware.rules)
  • 2061210 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (metalsyo .digital) in TLS SNI (malware.rules)
  • 2061211 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navstarx .shop) (malware.rules)
  • 2061212 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navstarx .shop) in TLS SNI (malware.rules)
  • 2061213 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rodformi .run) (malware.rules)
  • 2061214 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rodformi .run) in TLS SNI (malware.rules)
  • 2061215 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spacedbv .world) (malware.rules)
  • 2061216 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spacedbv .world) in TLS SNI (malware.rules)
  • 2061217 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starcloc .bet) (malware.rules)
  • 2061218 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (starcloc .bet) in TLS SNI (malware.rules)
  • 2061219 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (travelilx .top) (malware.rules)
  • 2061220 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (travelilx .top) in TLS SNI (malware.rules)
  • 2061221 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (voyagiei .run) (malware.rules)
  • 2061222 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (voyagiei .run) in TLS SNI (malware.rules)
  • 2061223 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (dixiemgmt .com) (exploit_kit.rules)
  • 2061224 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (dixiemgmt .com) (exploit_kit.rules)
  • 2061225 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (roundcube .lamoillerealtors .com) (malware.rules)
  • 2061226 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (roundcube .lamoillerealtors .com) (malware.rules)
  • 2061227 - ET WEB_SPECIFIC_APPS CrushFTP Authentication Bypass (CVE-2025-2825) (web_specific_apps.rules)
  • 2061228 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dreliefr .digital) (malware.rules)
  • 2061229 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dreliefr .digital in TLS SNI) (malware.rules)

Pro:

  • 2860954 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860955 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860956 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860957 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860958 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2860959 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2860960 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2860961 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2860962 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860963 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860964 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860965 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860966 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2860967 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2860968 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2860969 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2860970 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860971 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860972 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860973 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860974 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2860975 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2860976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2860977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2860978 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860979 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860980 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860981 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860982 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2860983 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2860984 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2860985 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2860988 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2860989 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860990 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860991 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2860992 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2860993 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2860994 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2860995 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2860996 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2860997 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2860998 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2860999 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861000 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2861001 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861002 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861003 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2861004 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861005 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861006 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861007 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861008 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861009 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861010 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861011 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861012 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861013 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861014 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861015 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861016 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861017 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861018 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861019 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861020 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861021 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)