Ruleset Update Summary - 2025/06/25 - v10957

rulesbot · June 25, 2025, 8:49pm

Summary:

13 new OPEN, 54 new PRO (13 + 41)

Added rules:

Open:

2063156 - ET HUNTING Observed Usage of Non-Alphanumeric Javascript Obfuscation M1 (hunting.rules)
2063161 - ET INFO Observed Usage of Non-Alphanumeric Javascript Obfuscation M2 (info.rules)
2063174 - ET INFO FileSharing Service in DNS Lookup (icedrive .net) (info.rules)
2063175 - ET INFO FileSharing Service in DNS Lookup (koofr .net) (info.rules)
2063176 - ET INFO FileSharing Service in DNS Lookup (koofr .eu) (info.rules)
2063177 - ET INFO Observed FileSharing Service Domain (icedrive .net) in TLS SNI (info.rules)
2063178 - ET INFO Observed FileSharing Service Domain (koofr .net) in TLS SNI (info.rules)
2063179 - ET INFO Observed FileSharing Service Domain (koofr .eu) in TLS SNI (info.rules)
2063180 - ET WEB_SPECIFIC_APPS CentOS Web Panel Unauthenticated Remote Command Execution (CVE-2025-48703) (web_specific_apps.rules)
2063181 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (cpanel .productdevelopmentplan .com) (malware.rules)
2063182 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (cpanel .productdevelopmentplan .com) (malware.rules)
2063183 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (adsay .xyz) (malware.rules)
2063184 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (adsay .xyz) in TLS SNI (malware.rules)

Pro:

2863068 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863069 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863070 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863071 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863072 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863073 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863074 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863075 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863076 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863077 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863078 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863079 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863080 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863081 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863082 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863083 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863084 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863085 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863086 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863087 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863088 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863089 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863090 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863091 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863092 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863093 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863094 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863095 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863096 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863097 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863098 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863099 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863100 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863101 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863102 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863103 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863104 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863105 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863106 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863107 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863108 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Removed rules:

2063156 - ET PHISHING Observed Usage of Non-Alphanumeric Javascript Obfuscation M1 (phishing.rules)
2063161 - ET PHISHING Observed Usage of Non-Alphanumeric Javascript Obfuscation M2 (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/06/24 - v10956 Ruleset Updates	79	June 24, 2025
Ruleset Update Summary - 2025/01/10 - v10835 Ruleset Updates	114	January 10, 2025
Ruleset Update Summary - 2024/05/29 - v10605 Ruleset Updates	259	May 29, 2024
Ruleset Update Summary - 2024/01/16 - v10507 Ruleset Updates	564	January 16, 2024
Ruleset Update Summary - 2024/11/20 - v10746 Ruleset Updates	91	November 20, 2024

Ruleset Update Summary - 2025/06/25 - v10957

Summary:

Added rules:

Open:

Pro:

Removed rules:

Related topics