Ruleset Update Summary - 2025/06/05 - v10942

rulesbot · June 5, 2025, 9:09pm

Summary:

14 new OPEN, 14 new PRO (14 + 0)

Thanks @james_inthe_box, @ViriBack

Added rules:

Open:

2062773 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lepidobdkn .digital) (malware.rules)
2062774 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (lepidobdkn .digital) in TLS SNI (malware.rules)
2062775 - ET MALWARE Diamotrix Clipper POST Request M1 (malware.rules)
2062776 - ET MALWARE Diamotrix Clipper POST Request M2 (malware.rules)
2062777 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .doggiefountain .com) (malware.rules)
2062778 - ET MALWARE ShadowByte Botnet Framework New Zombie Checkin (malware.rules)
2062779 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .imirp .co .uk) (malware.rules)
2062780 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .doggiefountain .com) (malware.rules)
2062781 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .imirp .co .uk) (malware.rules)
2062782 - ET MALWARE Diamotrix Clipper Domain (diamotrix .world) in DNS Lookup (malware.rules)
2062783 - ET MALWARE Diamotrix Clipper Domain (diamotrix .club) in DNS Lookup (malware.rules)
2062784 - ET MALWARE Observed Diamotrix Clipper Domain (diamotrix .world) in TLS SNI (malware.rules)
2062785 - ET MALWARE Observed Diamotrix Clipper Domain (diamotrix .club) in TLS SNI (malware.rules)
2062786 - ET MALWARE ShadowByte Botnet FrameWork Zombie C2 Command Request (malware.rules)

Modified inactive rules:

2801727 - ETPRO SCADA Wonderware InBatch Buffer Overflow Attempt (scada.rules)
2801731 - ETPRO SCADA RealWin HMI Service Buffer Overflow Attempt 2 (scada.rules)

Disabled and modified rules:

2862017 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862018 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862019 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862020 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862021 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862022 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862023 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862024 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862025 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862026 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862027 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862028 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862029 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862030 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862031 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862032 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862033 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862034 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862035 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862036 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862037 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862038 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862039 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862040 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862041 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862042 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862043 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862044 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862045 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2862046 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862047 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2862048 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862049 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2862050 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862051 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862052 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2862053 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862054 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862055 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862056 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862057 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862058 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862059 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862060 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862061 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2862062 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2862063 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2862064 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2862065 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2862066 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2862067 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2862068 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2862069 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/03/05 - v10545 Ruleset Updates	901	March 5, 2024
Ruleset Update Summary - 2023/12/01 - v10477 Ruleset Updates	301	December 1, 2023
Ruleset Update Summary - 2024/08/30 - v10678 Ruleset Updates	151	August 30, 2024
Ruleset Update Summary - 2024/01/10 - v10503 Ruleset Updates	434	January 10, 2024
Ruleset Update Summary - 2024/05/03 - v10589 Ruleset Updates	275	May 3, 2024

Ruleset Update Summary - 2025/06/05 - v10942

Summary:

Added rules:

Open:

Modified inactive rules:

Disabled and modified rules:

Related topics