Ruleset Update Summary - 2025/06/23 - v10955

rulesbot · June 23, 2025, 9:03pm

Summary:

30 new OPEN, 34 new PRO (30 + 4)

Thanks KevinRoss

Added rules:

Open:

2063126 - ET INFO DYNAMIC_DNS Query to a *.6ip .it domain (info.rules)
2063127 - ET INFO DYNAMIC_DNS HTTP Request to a *.6ip .it domain (info.rules)
2063128 - ET INFO DYNAMIC_DNS Query to a *.poptour .com .ar domain (info.rules)
2063129 - ET INFO DYNAMIC_DNS HTTP Request to a *.poptour .com .ar domain (info.rules)
2063130 - ET INFO Reverse Proxy/Tunneling Service Domain in DNS Lookup (localto .net) (info.rules)
2063131 - ET INFO Reverse Proxy/Tunneling Service Domain in DNS Lookup (localtonet .com) (info.rules)
2063132 - ET INFO Observed Reverse Proxy/Tunneling Service Domain (localto .net) in TLS SNI (info.rules)
2063133 - ET INFO Observed Reverse Proxy/Tunneling Service Domain (localtonet .com) in TLS SNI (info.rules)
2063134 - ET HUNTING Observed ConnectWise ScreenConnect SSL Certificate (hunting.rules)
2063135 - ET HUNTING Observed ConnectWise ScreenConnect SSL Certificate (hunting.rules)
2063136 - ET HUNTING Observed ConnectWise ScreenConnect SSL Certificate (hunting.rules)
2063137 - ET INFO Anonymous File Sharing Service Domain in DNS Lookup (filemail .com) (info.rules)
2063138 - ET INFO Observed Anonymous Filesharing Service Domain (filemail .com) in TLS SNI (info.rules)
2063139 - ET MALWARE IP_LOGGER CnC Checkin (GET) (malware.rules)
2063140 - ET MALWARE TransferLoader CnC Domain in DNS Lookup (baza .com) (malware.rules)
2063141 - ET MALWARE TransferLoader CnC Domain in DNS Lookup (sharemoc .space) (malware.rules)
2063142 - ET MALWARE TransferLoader CnC Domain in DNS Lookup (mainstomp .cloud) (malware.rules)
2063143 - ET MALWARE TransferLoader CnC Domain in DNS Lookup (temptransfer .live) (malware.rules)
2063144 - ET MALWARE Observed TransferLoader Domain (baza .com) in TLS SNI (malware.rules)
2063145 - ET MALWARE Observed TransferLoader Domain (sharemoc .space) in TLS SNI (malware.rules)
2063146 - ET MALWARE Observed TransferLoader Domain (mainstomp .cloud) in TLS SNI (malware.rules)
2063147 - ET MALWARE Observed TransferLoader Domain (temptransfer .live) in TLS SNI (malware.rules)
2063148 - ET MALWARE IP_LOGGER CnC Server Response (SERVER_OK) (malware.rules)
2063149 - ET MALWARE IP_LOGGER CnC Server Response (IP Logged) (malware.rules)
2063150 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (photo .suziestuder .com) (malware.rules)
2063151 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (photo .suziestuder .com) (malware.rules)
2063152 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (equidn .xyz) (malware.rules)
2063153 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (equidn .xyz) in TLS SNI (malware.rules)
2063154 - ET MALWARE TransferLoader User-Agent Observed (Microsoft Edge/1.0) (malware.rules)
2063155 - ET MALWARE TransferLoader Custom HTTP Header and Values Observed (X-Custom-Header) (malware.rules)

Pro:

2863008 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
2863009 - ETPRO MALWARE TA453 CnC Domain in DNS Lookup (malware.rules)
2863010 - ETPRO MALWARE Observed TA453 Domain in TLS SNI (malware.rules)
2863011 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/05/16 - v10929 Ruleset Updates	141	May 16, 2025
Ruleset Update Summary - 2024/07/08 - v10640 Ruleset Updates	153	July 8, 2024
Ruleset Update Summary - 2025/02/21 - v10864 Ruleset Updates	183	February 21, 2025
Ruleset Update Summary - 2023/08/16 - v10395 Ruleset Updates	222	August 16, 2023
Ruleset Update Summary - 2024/08/15 - v10667 Ruleset Updates	80	August 15, 2024

Ruleset Update Summary - 2025/06/23 - v10955

Summary:

Added rules:

Open:

Pro:

Related topics