Ruleset Update Summary - 2025/06/02 - v10938

rulesbot · June 2, 2025, 10:55pm

Summary:

46 new OPEN, 153 new PRO (46 + 107)

Added rules:

Open:

2062667 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (acoustpbns .run) (malware.rules)
2062668 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (acoustpbns .run) in TLS SNI (malware.rules)
2062669 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (battlefled .top) (malware.rules)
2062670 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (battlefled .top) in TLS SNI (malware.rules)
2062671 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (biighy .live) (malware.rules)
2062672 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (biighy .live) in TLS SNI (malware.rules)
2062673 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (daggioc .run) (malware.rules)
2062674 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (daggioc .run) in TLS SNI (malware.rules)
2062675 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drhvxj .live) (malware.rules)
2062676 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drhvxj .live) in TLS SNI (malware.rules)
2062677 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fipctc .digital) (malware.rules)
2062678 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fipctc .digital) in TLS SNI (malware.rules)
2062679 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hxisiq) (malware.rules)
2062680 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (hxisiq) in TLS SNI (malware.rules)
2062681 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sxzkfc .digital) (malware.rules)
2062682 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (sxzkfc .digital) in TLS SNI (malware.rules)
2062683 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tidwhf .live) (malware.rules)
2062684 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tidwhf .live) in TLS SNI (malware.rules)
2062685 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gaauo .live) (malware.rules)
2062686 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gaauo .live) in TLS SNI (malware.rules)
2062687 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (greengwjz .top) (malware.rules)
2062688 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (greengwjz .top) in TLS SNI (malware.rules)
2062689 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mibtsm .run) (malware.rules)
2062690 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mibtsm .run) in TLS SNI (malware.rules)
2062691 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pavpwe .run) (malware.rules)
2062692 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pavpwe .run) in TLS SNI (malware.rules)
2062693 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (evgida .live) (malware.rules)
2062694 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (evgida .live) in TLS SNI (malware.rules)
2062695 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (htedh5e .today) (malware.rules)
2062696 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (htedh5e .today) in TLS SNI (malware.rules)
2062697 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (medbnel .digital) (malware.rules)
2062698 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (medbnel .digital) in TLS SNI (malware.rules)
2062699 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (swoenship .run) (malware.rules)
2062700 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (swoenship .run) in TLS SNI (malware.rules)
2062701 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (witchdbhy .run) (malware.rules)
2062702 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (witchdbhy .run) in TLS SNI (malware.rules)
2062703 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (techradar .top) (exploit_kit.rules)
2062704 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (techradar .top) (exploit_kit.rules)
2062705 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (pre-order .chablalker .com) (malware.rules)
2062706 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (pre-order .chablalker .com) (malware.rules)
2062707 - ET WEB_SPECIFIC_APPS Linksys WPS PIN Parameter Command Injection Attempt (CVE-2025-5438) (web_specific_apps.rules)
2062708 - ET WEB_SPECIFIC_APPS D-Link DCS932L setSystemEmail EmailSMTPPortNumber Buffer Overflow Attempt (web_specific_apps.rules)
2062709 - ET MALWARE Win32/XWorm CnC Activity (Outbound) (malware.rules)
2062710 - ET WEB_SPECIFIC_APPS D-Link DCS932L setSystemAdmin/setSystemWizard AdminID Command Injection Attempt (web_specific_apps.rules)
2062711 - ET WEB_SPECIFIC_APPS Netgear R8500 host_check.php hostname Parameter Buffer Overflow Attempt (web_specific_apps.rules)
2062712 - ET MALWARE Win32/XWorm CnC Activity (Inbound) (malware.rules)

Pro:

2862016 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2862017 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862018 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862019 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862020 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862021 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862022 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862023 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862024 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862025 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862026 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862027 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862028 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862029 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862030 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862031 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862032 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862033 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862034 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862035 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862036 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862037 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862038 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862039 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862040 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862041 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862042 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862043 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862044 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862045 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2862046 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862047 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2862048 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862049 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2862050 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862051 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862052 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2862053 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862054 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862055 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862056 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862057 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862058 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862059 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862060 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862061 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862062 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862063 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862064 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862065 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862066 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862067 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862068 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862069 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862070 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862071 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862072 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862073 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862074 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862075 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862076 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862077 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862078 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862079 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862080 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862081 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862082 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862083 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862084 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862085 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862086 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862087 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862088 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862089 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862090 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862091 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862092 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862093 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862094 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862095 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862096 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862097 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862098 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2862099 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862100 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2862101 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862102 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2862103 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862104 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862105 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2862106 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862107 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862108 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862109 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862110 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862111 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862112 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862113 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862114 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862115 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862116 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862117 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862118 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862119 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862120 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862121 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862122 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Disabled and modified rules:

2062604 - ET INFO DYNAMIC_DNS Query to nip .io Domain (info.rules)

Removed rules:

2008438 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/05/05 - v10920 Ruleset Updates	110	May 5, 2025
Ruleset Update Summary - 2025/05/20 - v10931 Ruleset Updates	88	May 20, 2025
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	129	November 12, 2024
Ruleset Update Summary - 2025/02/03 - v10851 Ruleset Updates	132	February 3, 2025
Ruleset Update Summary - 2025/05/01 - v10918 Ruleset Updates	92	May 1, 2025

Ruleset Update Summary - 2025/06/02 - v10938

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Removed rules:

Related topics