Ruleset Update Summary - 2025/03/31 - v10894

rulesbot · March 31, 2025, 8:19pm

Summary:

50 new OPEN, 116 new PRO (50 + 66)

Added rules:

Open:

2061180 - ET INFO DYNAMIC_DNS Query to a *.davidandjacquelinebarbee .com domain (info.rules)
2061181 - ET INFO DYNAMIC_DNS HTTP Request to a *.davidandjacquelinebarbee .com domain (info.rules)
2061182 - ET INFO DYNAMIC_DNS Query to a *.airwise .cl domain (info.rules)
2061183 - ET INFO DYNAMIC_DNS HTTP Request to a *.airwise .cl domain (info.rules)
2061184 - ET INFO DYNAMIC_DNS Query to a *.gfplace .com domain (info.rules)
2061185 - ET INFO DYNAMIC_DNS HTTP Request to a *.gfplace .com domain (info.rules)
2061186 - ET INFO DYNAMIC_DNS Query to a *.africaddy .com domain (info.rules)
2061187 - ET INFO DYNAMIC_DNS HTTP Request to a *.africaddy .com domain (info.rules)
2061188 - ET INFO DYNAMIC_DNS Query to a *.vbrao .com domain (info.rules)
2061189 - ET INFO DYNAMIC_DNS HTTP Request to a *.vbrao .com domain (info.rules)
2061190 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (castlaby .live) (malware.rules)
2061191 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (castlaby .live) in TLS SNI (malware.rules)
2061192 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (castmann .run) (malware.rules)
2061193 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (castmann .run) in TLS SNI (malware.rules)
2061194 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tripfjoyq .life) (malware.rules)
2061195 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tripfjoyq .life) in TLS SNI (malware.rules)
2061196 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (iafec .com) (exploit_kit.rules)
2061197 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (iafec .com) (exploit_kit.rules)
2061198 - ET INFO Observed DNS Query to Real-time Web Stats Domain (whos .amung .us) (info.rules)
2061199 - ET INFO Observed Real-time Web Stats Domain (whos .amung .us in TLS SNI) (info.rules)
2061200 - ET MALWARE Unk_RAT CnC Checkin (malware.rules)
2061201 - ET INFO DYNAMIC_DNS Query to a *.ourtownguttercleaning .com domain (info.rules)
2061202 - ET INFO DYNAMIC_DNS HTTP Request to a *.ourtownguttercleaning .com domain (info.rules)
2061203 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (galxnetb .today) (malware.rules)
2061204 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (galxnetb .today) in TLS SNI (malware.rules)
2061205 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ironloxp .live) (malware.rules)
2061206 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ironloxp .live) in TLS SNI (malware.rules)
2061207 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (meltonep .digital) (malware.rules)
2061208 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (meltonep .digital) in TLS SNI (malware.rules)
2061209 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (metalsyo .digital) (malware.rules)
2061210 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (metalsyo .digital) in TLS SNI (malware.rules)
2061211 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navstarx .shop) (malware.rules)
2061212 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navstarx .shop) in TLS SNI (malware.rules)
2061213 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rodformi .run) (malware.rules)
2061214 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rodformi .run) in TLS SNI (malware.rules)
2061215 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spacedbv .world) (malware.rules)
2061216 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (spacedbv .world) in TLS SNI (malware.rules)
2061217 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (starcloc .bet) (malware.rules)
2061218 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (starcloc .bet) in TLS SNI (malware.rules)
2061219 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (travelilx .top) (malware.rules)
2061220 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (travelilx .top) in TLS SNI (malware.rules)
2061221 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (voyagiei .run) (malware.rules)
2061222 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (voyagiei .run) in TLS SNI (malware.rules)
2061223 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (dixiemgmt .com) (exploit_kit.rules)
2061224 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (dixiemgmt .com) (exploit_kit.rules)
2061225 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (roundcube .lamoillerealtors .com) (malware.rules)
2061226 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (roundcube .lamoillerealtors .com) (malware.rules)
2061227 - ET WEB_SPECIFIC_APPS CrushFTP Authentication Bypass (CVE-2025-2825) (web_specific_apps.rules)
2061228 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dreliefr .digital) (malware.rules)
2061229 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dreliefr .digital in TLS SNI) (malware.rules)

Pro:

2860954 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860955 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860956 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860957 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860958 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860959 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860960 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860961 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860962 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860963 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860964 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860965 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860966 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860967 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860968 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860969 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860970 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860971 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860972 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860973 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860974 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860975 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860978 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860979 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860980 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860981 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860982 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2860983 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2860984 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2860985 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2860988 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2860989 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860990 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860991 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2860992 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2860993 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2860994 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2860995 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2860996 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2860997 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2860998 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2860999 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861000 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861001 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861002 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861003 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861004 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861005 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861006 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861007 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861008 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861009 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861010 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861011 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861012 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861013 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861014 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861015 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861016 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861017 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861018 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861019 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861020 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861021 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/11/04 - v10734 Ruleset Updates	104	November 4, 2024
Ruleset Update Summary - 2024/04/22 - v10580 Ruleset Updates	269	April 22, 2024
Ruleset Update Summary - 2025/03/20 - v10887 Ruleset Updates	77	March 20, 2025
Ruleset Update Summary - 2024/11/20 - v10746 Ruleset Updates	87	November 20, 2024
Ruleset Update Summary - 2024/10/22 - v10725 Ruleset Updates	81	October 22, 2024

Ruleset Update Summary - 2025/03/31 - v10894

Summary:

Added rules:

Open:

Pro:

Related topics