Ruleset Update Summary - 2025/04/25 - v10914

rulesbot · April 25, 2025, 8:48pm

Summary:

13 new OPEN, 57 new PRO (13 + 44)

Added rules:

Open:

2061885 - ET MALWARE Perl CGI Web Shell (DSAUTOKEN) Activity Observed Inbound (malware.rules)
2061886 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP User-Agent (malware.rules)
2061887 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP Cookie (malware.rules)
2061888 - ET MALWARE Gamaredon APT Style Delimiter Observed In HTTP URI (malware.rules)
2061889 - ET HUNTING Gamaredon APT Style Delimiter Observed In HTTP Header (hunting.rules)
2061890 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ronthom .com) (exploit_kit.rules)
2061891 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (teklits .com) (exploit_kit.rules)
2061892 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ronthom .com) (exploit_kit.rules)
2061893 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (teklits .com) (exploit_kit.rules)
2061894 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (todocarritos .top) (exploit_kit.rules)
2061895 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (todocarritos .top) (exploit_kit.rules)
2061896 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (files .fnomworldwide .com) (malware.rules)
2061897 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (files .fnomworldwide .com) (malware.rules)

Pro:

2861262 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861263 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861264 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861265 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861266 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2861267 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861268 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2861269 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861270 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861271 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861272 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861273 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861274 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861275 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861276 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861277 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861278 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861279 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861280 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861281 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861282 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861283 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861284 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861285 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861286 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861287 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861288 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861289 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861290 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861291 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2861292 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
2861293 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
2861294 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
2861295 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
2861296 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
2861297 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
2861298 - ETPRO MALWARE TA399 Domain in DNS Lookup (malware.rules)
2861299 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
2861300 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
2861301 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
2861302 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
2861303 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
2861304 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)
2861305 - ETPRO MALWARE Observed TA399 Domain in TLS SNI (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/06/06 - v10341 Ruleset Updates	170	June 6, 2023
Ruleset Update Summary - 2025/04/30 - v10917 Ruleset Updates	60	April 30, 2025
Ruleset Update Summary - 2023/06/05 - v10340 Ruleset Updates	377	June 5, 2023
Ruleset Update Summary - 2023/04/11 - v10295 Ruleset Updates	279	April 11, 2023
Ruleset Update Summary - 2025/02/12 - v10858 Ruleset Updates	102	February 12, 2025

Ruleset Update Summary - 2025/04/25 - v10914

Summary:

Added rules:

Open:

Pro:

Related topics