Ruleset Update Summary - 2025/04/02 - v10896

rulesbot · April 2, 2025, 8:39pm

Summary:

11 new OPEN, 21 new PRO (11 + 10)

2061246 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (eiesystems .com) (exploit_kit.rules)
2061247 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (eiesystems .com) (exploit_kit.rules)
2061248 - ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M1 (web_specific_apps.rules)
2061249 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (dcdh4 .shop) (exploit_kit.rules)
2061250 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (dcdh4 .shop) (exploit_kit.rules)
2061251 - ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M2 (web_specific_apps.rules)
2061252 - ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2022-22274) M3 (web_specific_apps.rules)
2061253 - ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2023-0656) M1 (web_specific_apps.rules)
2061254 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (secure .novelty-press .com) (malware.rules)
2061255 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (secure .novelty-press .com) (malware.rules)
2061256 - ET WEB_SPECIFIC_APPS SonicWall SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2023-0656) M2 (web_specific_apps.rules)

2861024 - ETPRO MALWARE Observed DNS Query to TA453 Domain (malware.rules)
2861025 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2861026 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861027 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861028 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861029 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861030 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861031 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861032 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861033 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/01/30 - v10849 Ruleset Updates	95	January 30, 2025
Ruleset Update Summary - 2025/01/21 - v10842 Ruleset Updates	250	January 21, 2025
Ruleset Update Summary - 2024/12/18 - v10810 Ruleset Updates	87	December 18, 2024
Ruleset Update Summary - 2025/01/09 - v10834 Ruleset Updates	121	January 9, 2025
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	184	July 15, 2024