Ruleset Update Summary - 2025/04/09 - v10901

Ruleset Updates
1

Summary:

13 new OPEN, 28 new PRO (13 + 15)

Added rules:

Open:

  • 2061409 - ET WEB_SPECIFIC_APPS ASUS DSL-AC88U Authentication Bypass Attempt (CVE-2024-3080) (web_specific_apps.rules)
  • 2061410 - ET WEB_SPECIFIC_APPS Netgear R6850 Command Injection via c4_IPAddr Parameter Attempt (CVE-2024-30568) (web_specific_apps.rules)
  • 2061411 - ET WEB_SPECIFIC_APPS Vite Unauthenticated Arbitrary File Read (CVE-2025-31486) (web_specific_apps.rules)
  • 2061412 - ET WEB_SPECIFIC_APPS D-Link DIR-816 A2 form2IPQoSTcDel RemoveRule Parameter Buffer Overflow Attempt (CVE-2023-43242) (web_specific_apps.rules)
  • 2061413 - ET INFO DYNAMIC_DNS Query to a *.alabasgames .com domain (info.rules)
  • 2061414 - ET INFO DYNAMIC_DNS HTTP Request to a *.alabasgames .com domain (info.rules)
  • 2061415 - ET INFO DYNAMIC_DNS Query to a *.berubnet .com domain (info.rules)
  • 2061416 - ET INFO DYNAMIC_DNS HTTP Request to a *.berubnet .com domain (info.rules)
  • 2061417 - ET WEB_SPECIFIC_APPS Tenda AC1206 fast_setting_wifi_set timeZone or ssid parameter Buffer Overflow Attempt (CVE-2025-3328) (web_specific_apps.rules)
  • 2061418 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (nypipeline .com) (exploit_kit.rules)
  • 2061419 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (nypipeline .com) (exploit_kit.rules)
  • 2061420 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (members .viottoenterprises .com) (malware.rules)
  • 2061421 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (members .viottoenterprises .com) (malware.rules)

Pro:

  • 2861086 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861087 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861088 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861089 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861090 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2861091 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861092 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2861093 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861094 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2861095 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861096 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861097 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2861098 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861099 - ETPRO PHISHING Job Scamming Domain in DNS Lookup (phishing.rules)
  • 2861100 - ETPRO PHISHING Observed Job Scamming Domain in TLS SNI (phishing.rules)