Ruleset Update Summary - 2025/04/25 - v10914

Summary:

13 new OPEN, 57 new PRO (13 + 44)


Added rules:

Open:

  • 2061885 - ET MALWARE Perl CGI Web Shell (DSAUTOKEN) Activity Observed Inbound (malware.rules)
  • 2061886 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP User-Agent (malware.rules)
  • 2061887 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP Cookie (malware.rules)
  • 2061888 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP URI (malware.rules)
  • 2061889 - ET HUNTING Gamaredon APT Style Delimiter Observed In HTTP Header (hunting.rules)
  • 2061890 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ronthom .com) (exploit_kit.rules)
  • 2061891 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (teklits .com) (exploit_kit.rules)
  • 2061892 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ronthom .com) (exploit_kit.rules)
  • 2061893 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (teklits .com) (exploit_kit.rules)
  • 2061894 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (todocarritos .top) (exploit_kit.rules)
  • 2061895 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (todocarritos .top) (exploit_kit.rules)
  • 2061896 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (files .fnomworldwide .com) (malware.rules)
  • 2061897 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (files .fnomworldwide .com) (malware.rules)

Pro:

  • 2861262 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861263 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861264 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861265 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861266 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2861267 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861268 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2861269 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861270 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2861271 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861272 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861273 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2861274 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861275 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861276 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861277 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861278 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861279 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861280 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861281 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861282 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861283 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861284 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861285 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861286 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861287 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861288 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861289 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861290 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861291 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2861292 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
  • 2861293 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
  • 2861294 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
  • 2861295 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
  • 2861296 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
  • 2861297 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
  • 2861298 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
  • 2861299 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
  • 2861300 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
  • 2861301 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
  • 2861302 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
  • 2861303 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
  • 2861304 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
  • 2861305 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)