Ruleset Update Summary - 2025/04/10 - v10902

rulesbot · April 10, 2025, 9:14pm

Summary:

28 new OPEN, 49 new PRO (28 + 21)

Added rules:

Open:

2018316 - ET INFO Possible Zeus GameOver/FluBot Related DGA Pattern (info.rules)
2061422 - ET INFO DYNAMIC_DNS Query to a *.raresupply .com domain (info.rules)
2061423 - ET INFO DYNAMIC_DNS HTTP Request to a *.raresupply .com domain (info.rules)
2061424 - ET MALWARE ClipBanker Related Domain (officepackage .sourceforge .io) in DNS Lookup (malware.rules)
2061425 - ET MALWARE ClipBanker Related Domain (apap .app) in DNS Lookup (malware.rules)
2061426 - ET MALWARE Observed ClipBanker Related Domain (officepackage .sourceforge .io) in TLS SNI (malware.rules)
2061427 - ET MALWARE Observed ClipBanker Related Domain (apap .app) in TLS SNI (malware.rules)
2061428 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dipsafals .digital) (malware.rules)
2061429 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dipsafals .digital) in TLS SNI (malware.rules)
2061430 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (forgeixv .digital) (malware.rules)
2061431 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (forgeixv .digital) in TLS SNI (malware.rules)
2061432 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (peggbir .live) (malware.rules)
2061433 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (peggbir .live) in TLS SNI (malware.rules)
2061434 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (riseupsz .live) (malware.rules)
2061435 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (riseupsz .live) in TLS SNI (malware.rules)
2061436 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (steelmor .digital) (malware.rules)
2061437 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (steelmor .digital) in TLS SNI (malware.rules)
2061438 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tripfflux .world) (malware.rules)
2061439 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tripfflux .world) in TLS SNI (malware.rules)
2061440 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wizmodi .digital) (malware.rules)
2061441 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (wizmodi .digital) in TLS SNI (malware.rules)
2061442 - ET WEB_SERVER MinIO Incomplete Signature Validation for Unsigned-Trailer Uploads (CVE-2025-31489) (web_server.rules)
2061443 - ET WEB_SPECIFIC_APPS Apache HugeGraph <1.2.0 Unauthenticated Remote Code Execution (CVE-2024-27348) (web_specific_apps.rules)
2061444 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cloud .emeraldpinesenterprises .com) (malware.rules)
2061445 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cloud .emeraldpinesenterprises .com) (malware.rules)
2061446 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rajjas .com) (exploit_kit.rules)
2061447 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rajjas .com) (exploit_kit.rules)
2061448 - ET WEB_SPECIFIC_APPS Langflow AI Unauthenticated Remote Code Execution via Code Validation Endpoint (CVE-2025-3248) (web_specific_apps.rules)

Pro:

2861101 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861102 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861103 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861104 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861105 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861106 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861107 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861108 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861109 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2861110 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2861111 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2861112 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2861113 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861114 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2861115 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861116 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861117 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861118 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861119 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861120 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861121 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Removed rules:

2018316 - ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/02/03 - v10851 Ruleset Updates	119	February 3, 2025
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	123	November 12, 2024
Ruleset Update Summary - 2024/07/22 - v10650 Ruleset Updates	80	July 22, 2024
Ruleset Update Summary - 2024/11/29 - v10761 Ruleset Updates	43	November 29, 2024
Ruleset Update Summary - 2024/11/08 - v10738 Ruleset Updates	115	November 8, 2024

Ruleset Update Summary - 2025/04/10 - v10902

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related topics