Ruleset Update Summary - 2025/05/09 - v10924

rulesbot · May 9, 2025, 8:35pm

Summary:

9 new OPEN, 9 new PRO (9 + 0)

Thanks @OligoSecurity

2062220 - ET HUNTING Observed Possible Fake Updates/Login Domain (security-check-… in TLS SNI) (hunting.rules)
2062221 - ET HUNTING Observed DNS Query to Possible Fake Updates/Login Domain (security-check-…) (hunting.rules)
2062222 - ET EXPLOIT_KIT DollyWay v3 PHP TDS Redirect (exploit_kit.rules)
2062223 - ET EXPLOIT_KIT DollyWay v3 PHP TDS (data.txt) (exploit_kit.rules)
2062224 - ET WEB_SPECIFIC_APPS Ray Framework (ShadowRay) Unauthenticated Jobs API Command Execution (CVE-2023-48022) (web_specific_apps.rules)
2062225 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (my-privatebanker .top) (exploit_kit.rules)
2062226 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (my-privatebanker .top) (exploit_kit.rules)
2062227 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .santechplumbing .com) (malware.rules)
2062228 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .santechplumbing .com) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/01/28 - v10847 Ruleset Updates	116	January 28, 2025
Ruleset Update Summary - 2025/04/30 - v10917 Ruleset Updates	60	April 30, 2025
Ruleset Update Summary - 2024/12/18 - v10810 Ruleset Updates	91	December 18, 2024
Ruleset Update Summary - 2024/07/15 - v10645 Ruleset Updates	186	July 15, 2024
Ruleset Update Summary - 2024/07/17 - v10647 Ruleset Updates	88	July 17, 2024