Ruleset Update Summary - 2025/05/28 - v10935

Ruleset Updates
1

Summary:

16 new OPEN, 22 new PRO (16 + 6)

Added rules:

Open:

  • 2062602 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (prepare .adroitbookkeeping .com) (malware.rules)
  • 2062603 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (prepare .adroitbookkeeping .com) (malware.rules)
  • 2062604 - ET INFO DYNAMIC_DNS Query to nip .io Domain (info.rules)
  • 2062605 - ET INFO DYNAMIC_DNS Query to sslip .io Domain (info.rules)
  • 2062606 - ET MALWARE Generic CnC Domain in DNS Lookup (store-tiktok .com) (malware.rules)
  • 2062607 - ET MALWARE Observed Generic Domain (store-tiktok .com in TLS SNI) (malware.rules)
  • 2062608 - ET WEB_SPECIFIC_APPS ASUS AiProtection_HomeProtection.asp oauth_google_auth_code Parameter Command Injection Attempt (CVE-2023-39780) (web_specific_apps.rules)
  • 2062609 - ET WEB_SPECIFIC_APPS ASUS asusrouter-- User-Agent And asus_token Cookie Null Byte Authentication Bypass Attempt (web_specific_apps.rules)
  • 2062610 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clatdk .live) (malware.rules)
  • 2062611 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (clatdk .live) in TLS SNI (malware.rules)
  • 2062612 - ET WEB_SPECIFIC_APPS ASUS AiProtection_HomeProtection.asp oauth_google_refresh_token Parameter Command Injection Attempt (web_specific_apps.rules)
  • 2062613 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (pielsteel .top) (exploit_kit.rules)
  • 2062614 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (pielsteel .top) (exploit_kit.rules)
  • 2062615 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (feedback .jjsbootjack .com) (malware.rules)
  • 2062616 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (feedback .jjsbootjack .com) (malware.rules)
  • 2062617 - ET WEB_SPECIFIC_APPS Rockwell Powermonitor 1000 firstrun Authentication Bypass Attempt (web_specific_apps.rules)

Pro:

  • 2861943 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861944 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861945 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861946 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2861947 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2861948 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)