Ruleset Update Summary - 2025/05/29 - v10936

Summary:

15 new OPEN, 44 new PRO (15 + 29)


Added rules:

Open:

  • 2062618 - ET WEB_SPECIFIC_APPS D-Link DIR-850L Buffer Overflow (web_specific_apps.rules)
  • 2062619 - ET WEB_SPECIFIC_APPS Smartbedded MeteoBridge Unauthenticated Remote Code Execution (CVE-2025-4008) (web_specific_apps.rules)
  • 2062620 - ET WEB_SPECIFIC_APPS Apache CXF Aegis DataBinding Server-Side Request Forgery (CVE-2024-28752) (web_specific_apps.rules)
  • 2062621 - ET WEB_SPECIFIC_APPS vBulletin replaceAdTemplate Pre-Auth RCE (CVE-2025-48828 & CVE-2025-48827) (web_specific_apps.rules)
  • 2062622 - ET INFO DYNAMIC_DNS Query to a *.bowmansarrow .us domain (info.rules)
  • 2062623 - ET INFO DYNAMIC_DNS HTTP Request to a *.bowmansarrow .us domain (info.rules)
  • 2062624 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (chaojiwang .top) (exploit_kit.rules)
  • 2062625 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (chaojiwang .top) (exploit_kit.rules)
  • 2062626 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (www .robstuder .com) (malware.rules)
  • 2062627 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (www .robstuder .com) (malware.rules)
  • 2062628 - ET WEB_SPECIFIC_APPS Netfax client.php Admin Credentials Disclosure Attempt (CVE-2025-48045) (web_specific_apps.rules)
  • 2062629 - ET WEB_SPECIFIC_APPS Netfax client.php Successful Admin Credentials Disclosure Response (CVE-2025-48045) (web_specific_apps.rules)
  • 2062630 - ET WEB_SPECIFIC_APPS Netfax config.php Successful SMTP Disclosure Response (CVE-2025-48046) (web_specific_apps.rules)
  • 2062631 - ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M1 (CVE-2025-48047) (web_specific_apps.rules)
  • 2062632 - ET WEB_SPECIFIC_APPS Netfax test.php g_ETHNAMESERVER2 Parameter Command Injection Attempt M2 (CVE-2025-48047) (web_specific_apps.rules)

Pro:

  • 2861965 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861966 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861967 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861968 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861969 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2861970 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861971 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2861972 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861973 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2861974 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861975 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861976 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2861977 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861978 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861979 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861980 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861981 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861982 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861983 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861984 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861985 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2861986 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2861987 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2861988 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2861989 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2861990 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2861991 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2861992 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2861993 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)