Ruleset Update Summary - 2025/05/16 - v10929

rulesbot · May 16, 2025, 8:10pm

Summary:

6 new OPEN, 23 new PRO (6 + 17)

2062401 - ET INFO DYNAMIC_DNS Query to a *.jaypetroleum .com domain (info.rules)
2062402 - ET INFO DYNAMIC_DNS HTTP Request to a *.jaypetroleum .com domain (info.rules)
2062403 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (www .kmmagency .com) (malware.rules)
2062404 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (www .kmmagency .com) (malware.rules)
2062405 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (itrtruck .com) (exploit_kit.rules)
2062406 - ET EXPLOIT_KIT LandUpdate808 Domain (itrtruck .com) in TLS SNI (exploit_kit.rules)

2861712 - ETPRO MALWARE Observed DNS Query to TA399/Sidewinder Domain (malware.rules)
2861713 - ETPRO MALWARE Observed DNS Query to TA399/Sidewinder Domain (malware.rules)
2861714 - ETPRO MALWARE Observed DNS Query to TA399/Sidewinder Domain (malware.rules)
2861715 - ETPRO MALWARE Observed DNS Query to TA399/Sidewinder Domain (malware.rules)
2861716 - ETPRO MALWARE Observed TA399/Sidewinder Domain in TLS SNI (malware.rules)
2861717 - ETPRO MALWARE Observed TA399/Sidewinder Domain in TLS SNI (malware.rules)
2861718 - ETPRO MALWARE Observed TA399/Sidewinder Domain in TLS SNI (malware.rules)
2861719 - ETPRO MALWARE Observed TA399/Sidewinder Domain in TLS SNI (malware.rules)
2861722 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861723 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861724 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861725 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861726 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861727 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861728 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861729 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861730 - ETPRO PHISHING Darcula Phish Landing Page 2025-05-16 (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/06/03 - v10608 Ruleset Updates	242	June 3, 2024
Ruleset Update Summary - 2025/04/30 - v10917 Ruleset Updates	77	April 30, 2025
Ruleset Update Summary - 2025/03/28 - v10893 Ruleset Updates	107	March 28, 2025
Ruleset Update Summary - 2024/08/05 - v10659 Ruleset Updates	155	August 5, 2024
Ruleset Update Summary - 2023/08/24 - v10402 Ruleset Updates	328	August 24, 2023