Ruleset Update Summary - 2025/05/29 - v10936

rulesbot · May 29, 2025, 8:48pm

Summary:

15 new OPEN, 44 new PRO (15 + 29)

Added rules:

Open:

2062618 - ET WEB_SPECIFIC_APPS D-Link DIR-850L Buffer Overflow (web_specific_apps.rules)
2062619 - ET WEB_SPECIFIC_APPS Smartbedded MeteoBridge Unauthenticated Remote Code Execution (CVE-2025-4008) (web_specific_apps.rules)
2062620 - ET WEB_SPECIFIC_APPS Apache CXF Aegis DataBinding Server-Side Request Forgery (CVE-2024-28752) (web_specific_apps.rules)
2062621 - ET WEB_SPECIFIC_APPS vBulletin replaceAdTemplate Pre-Auth RCE (CVE-2025-48828 & CVE-2025-48827) (web_specific_apps.rules)
2062622 - ET INFO DYNAMIC_DNS Query to a *.bowmansarrow .us domain (info.rules)
2062623 - ET INFO DYNAMIC_DNS HTTP Request to a *.bowmansarrow .us domain (info.rules)
2062624 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chaojiwang .top) (exploit_kit.rules)
2062625 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chaojiwang .top) (exploit_kit.rules)
2062626 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (www .robstuder .com) (malware.rules)
2062627 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (www .robstuder .com) (malware.rules)
2062628 - ET WEB_SPECIFIC_APPS Netfax client.php Admin Credentials Disclosure Attempt (CVE-2025-48045) (web_specific_apps.rules)
2062629 - ET WEB_SPECIFIC_APPS Netfax client.php Successful Admin Credentials Disclosure Response (CVE-2025-48045) (web_specific_apps.rules)
2062630 - ET WEB_SPECIFIC_APPS Netfax config.php Successful SMTP Disclosure Response (CVE-2025-48046) (web_specific_apps.rules)
2062631 - ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M1 (CVE-2025-48047) (web_specific_apps.rules)
2062632 - ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M2 (CVE-2025-48047) (web_specific_apps.rules)

Pro:

2861965 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861966 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861967 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861968 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861969 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2861970 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861971 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2861972 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861973 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861974 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861975 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861978 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861979 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861980 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861981 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861982 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861983 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861984 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861985 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861986 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861987 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861988 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861989 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861990 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861991 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861992 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861993 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	127	March 11, 2025
Ruleset Update Summary - 2025/03/24 - v10889 Ruleset Updates	120	March 24, 2025
Ruleset Update Summary - 2025/01/16 - v10839 Ruleset Updates	128	January 16, 2025
Ruleset Update Summary - 2025/01/30 - v10849 Ruleset Updates	118	January 30, 2025
Ruleset Update Summary - 2025/04/02 - v10896 Ruleset Updates	112	April 2, 2025

Ruleset Update Summary - 2025/05/29 - v10936

Summary:

Added rules:

Open:

Pro:

Related topics