Ruleset Update Summary - 2025/05/21 - v10932

rulesbot · May 21, 2025, 8:44pm

Summary:

15 new OPEN, 26 new PRO (15 + 11)

2062497 - ET WEB_SPECIFIC_APPS FoxCMS id Parameter Command Injection Attempt (CVE-2025-29306) (web_specific_apps.rules)
2062498 - ET MALWARE Observed Malicious SSL Cert (VenomRAT/DcRAT) (malware.rules)
2062499 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (helplabp .run) (malware.rules)
2062500 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (helplabp .run) in TLS SNI (malware.rules)
2062501 - ET MALWARE Observed Malicious SSL Cert (Various RAT) (malware.rules)
2062502 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (www .alifsemi .com) (malware.rules)
2062503 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (www .alifsemi .com) (malware.rules)
2062504 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (avodaride .top) (exploit_kit.rules)
2062505 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (avodaride .top) (exploit_kit.rules)
2062506 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (dnsgo-windowsds .live) (exploit_kit.rules)
2062507 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (dnsgo-windowsds .live) (exploit_kit.rules)
2062508 - ET MALWARE Observed DNS Query to ACR/Amatera Stealer Domain (winthigh .top) (malware.rules)
2062509 - ET MALWARE Observed ACR/Amatera Domain (winthigh .top in TLS SNI) (malware.rules)
2062510 - ET MALWARE ACR/Amatera Stealer CnC Exfil (POST) M1 (malware.rules)
2062511 - ET MALWARE ACR/Amatera Stealer CnC Exfil (POST) M2 (malware.rules)

2861790 - ETPRO MALWARE Observed DNS Query to TAA399/TinyTick Domain (malware.rules)
2861791 - ETPRO MALWARE Observed TA399/TinyTick Domain in TLS SNI (malware.rules)
2861792 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2861793 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
2861794 - ETPRO PHISHING CoAceV Checkin 2025-05-21 (phishing.rules)
2861795 - ETPRO PHISHING CoAceV Phish Landing Page 2025-05-21 (phishing.rules)
2861796 - ETPRO MALWARE TA399/TinyTick Payload Request (GET) (malware.rules)
2861797 - ETPRO ATTACK_RESPONSE TA399/TinyTick Payload Inbound (attack_response.rules)
2861798 - ETPRO MALWARE Observed TA399/TinyTick BackDoor User-Agent (malware.rules)
2861799 - ETPRO MALWARE Observed TA399/TinyTick BackDoor CnC Activity (POST) (malware.rules)
2861800 - ETPRO MALWARE Observed TA399/TinyTick BackDoor Victim Checkin (GET) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/26 - v10891 Ruleset Updates	137	March 26, 2025
Ruleset Update Summary - 2025/01/10 - v10835 Ruleset Updates	114	January 10, 2025
Ruleset Update Summary - 2025/04/07 - v10899 Ruleset Updates	141	April 7, 2025
Ruleset Update Summary - 2025/02/04 - v10852 Ruleset Updates	109	February 4, 2025
Ruleset Update Summary - 2025/01/02 - v10822 Ruleset Updates	58	January 2, 2025