Ruleset Update Summary - 2025/05/27 - v10934

rulesbot · May 27, 2025, 8:22pm

Summary:

51 new OPEN, 156 new PRO (51 + 105)

Added rules:

Open:

2062551 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bidausid .live) (malware.rules)
2062552 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (bidausid .live) in TLS SNI (malware.rules)
2062553 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dancioluffaro .com) (malware.rules)
2062554 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dancioluffaro .com) in TLS SNI (malware.rules)
2062555 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (devietil) (malware.rules)
2062556 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (devietil) in TLS SNI (malware.rules)
2062557 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (twinwx .digital) (malware.rules)
2062558 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (twinwx .digital) in TLS SNI (malware.rules)
2062559 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (untgst .run) (malware.rules)
2062560 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (untgst .run) in TLS SNI (malware.rules)
2062561 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gofzm .digital) (malware.rules)
2062562 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gofzm .digital) in TLS SNI (malware.rules)
2062563 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (incqtq .run) (malware.rules)
2062564 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (incqtq .run) in TLS SNI (malware.rules)
2062565 - ET INFO DYNAMIC_DNS Query to a *.dingshun .org domain (info.rules)
2062566 - ET INFO DYNAMIC_DNS HTTP Request to a *.dingshun .org domain (info.rules)
2062567 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cvzco .run) (malware.rules)
2062568 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cvzco .run) in TLS SNI (malware.rules)
2062569 - ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI (info.rules)
2062570 - ET INFO Observed DNS Query to Cloudflare R2 Public Bucket (r2 .dev) Domain (info.rules)
2062571 - ET MALWARE Katz Stealer User-Agent Observed (katz-ontop) (malware.rules)
2062572 - ET INFO DYNAMIC_DNS Query to a *.kameli .org domain (info.rules)
2062573 - ET INFO DYNAMIC_DNS HTTP Request to a *.kameli .org domain (info.rules)
2062574 - ET MALWARE Win32/TA569 Gholoader Domain in DNS Lookup (promo .summat10n .org) (malware.rules)
2062575 - ET MALWARE Win32/TA569 Gholoader Domain in TLS SNI (promo .summat10n .org) (malware.rules)
2062576 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (adwwworks .com) (exploit_kit.rules)
2062577 - ET EXPLOIT_KIT LandUpdate808 Domain (adwwworks .com) in TLS SNI (exploit_kit.rules)
2062578 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (harumseeiw .top) (malware.rules)
2062579 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (harumseeiw .top) in TLS SNI (malware.rules)
2062580 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (insiqf) (malware.rules)
2062581 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (insiqf) in TLS SNI (malware.rules)
2062582 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nercy .live) (malware.rules)
2062583 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (nercy .live) in TLS SNI (malware.rules)
2062584 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (dnsgowindows-ds .org) (exploit_kit.rules)
2062585 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (dnsg-windows-ds-data .live) (exploit_kit.rules)
2062586 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (windowsmsn-cn .live) (exploit_kit.rules)
2062587 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (dnsgowindows-ds .org) (exploit_kit.rules)
2062588 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (dnsg-windows-ds-data .live) (exploit_kit.rules)
2062589 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (windowsmsn-cn .live) (exploit_kit.rules)
2062590 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (donation .benjaminssoldiers .com) (malware.rules)
2062591 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (donation .benjaminssoldiers .com) (malware.rules)
2062592 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (images .nashbashracing .com) (malware.rules)
2062593 - ET MALWARE HATVIBE C2 Beacon (malware.rules)
2062594 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (images .nashbashracing .com) (malware.rules)
2062595 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (losartan .top) (exploit_kit.rules)
2062596 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (zt45gg .top) (exploit_kit.rules)
2062597 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (syavsp5 .top) (exploit_kit.rules)
2062598 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (losartan .top) (exploit_kit.rules)
2062599 - ET MALWARE HATVIBE C2 Response (malware.rules)
2062600 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (zt45gg .top) (exploit_kit.rules)
2062601 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (syavsp5 .top) (exploit_kit.rules)

Pro:

2861814 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861815 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861816 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861817 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861818 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2861819 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861820 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2861821 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861822 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861823 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861824 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861825 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861826 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861827 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861828 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861829 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861830 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861831 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861832 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861833 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861834 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861835 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861836 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861837 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861838 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861839 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861840 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861841 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861842 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861843 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861844 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861845 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861846 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861847 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2861848 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861849 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2861850 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861851 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861852 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861853 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861854 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861855 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861856 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861857 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861858 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861859 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861860 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861861 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861862 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861863 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861864 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861865 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861866 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861867 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861868 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2861869 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861870 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2861871 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861872 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861873 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861874 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861875 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861876 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861877 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861878 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861879 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861880 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861881 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2861882 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861883 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2861884 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861885 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861886 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861887 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861888 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861889 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861890 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861891 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861892 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861893 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861894 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861895 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861896 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861897 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861898 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861899 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861900 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861901 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861902 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861903 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861904 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861905 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2861906 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2861907 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861908 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2861909 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2861910 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2861911 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2861912 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2861913 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2861914 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2861915 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2861916 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2861917 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2861918 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/04/28 - v10915 Ruleset Updates	100	April 28, 2025
Ruleset Update Summary - 2025/05/05 - v10920 Ruleset Updates	83	May 5, 2025
Ruleset Update Summary - 2025/05/20 - v10931 Ruleset Updates	68	May 20, 2025
Ruleset Update Summary - 2024/11/29 - v10761 Ruleset Updates	46	November 29, 2024
Ruleset Update Summary - 2024/11/11 - v10739 Ruleset Updates	110	November 11, 2024

Ruleset Update Summary - 2025/05/27 - v10934

Summary:

Added rules:

Open:

Pro:

Related topics