Ruleset Update Summary - 2025/06/26 - v10958

rulesbot · June 26, 2025, 9:32pm

Summary:

12 new OPEN, 46 new PRO (12 + 34)

Added rules:

Open:

2063185 - ET INFO URL Shortener Service Domain in DNS Lookup (reurl .cc) (info.rules)
2063186 - ET INFO URL Shortener Service Domain in TLS SNI (reurl .cc) (info.rules)
2063187 - ET INFO DYNAMIC_DNS Query to a *.szamitogepesz .com domain (info.rules)
2063188 - ET INFO DYNAMIC_DNS HTTP Request to a *.szamitogepesz .com domain (info.rules)
2063189 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (ai .lanpdt .org) (malware.rules)
2063190 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (ai .lanpdt .org) (malware.rules)
2063191 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tymvd .xyz) (malware.rules)
2063192 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tymvd .xyz) in TLS SNI (malware.rules)
2063193 - ET ATTACK_RESPONSE TA399 Fake 404 WebPage Inbound (attack_response.rules)
2063194 - ET ATTACK_RESPONSE TA399 Fake 404 WebPage Inbound (attack_response.rules)
2063195 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (franquicias .top) (exploit_kit.rules)
2063196 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (franquicias .top) (exploit_kit.rules)

Pro:

2863111 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863112 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863113 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863114 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863115 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863116 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863117 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863118 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863119 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863120 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863121 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863122 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863123 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863124 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863125 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863126 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863127 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863128 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863129 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863130 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863131 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863132 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863133 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863134 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863135 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863136 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863137 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863138 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863139 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863140 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863141 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863142 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863143 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2863144 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/06 - v10873 Ruleset Updates	67	March 6, 2025
Ruleset Update Summary - 2024/08/22 - v10672 Ruleset Updates	78	August 22, 2024
Ruleset Update Summary - 2025/04/30 - v10917 Ruleset Updates	95	April 30, 2025
Ruleset Update Summary - 2025/01/10 - v10835 Ruleset Updates	114	January 10, 2025
Ruleset Update Summary - 2024/08/09 - v10663 Ruleset Updates	93	August 9, 2024

Ruleset Update Summary - 2025/06/26 - v10958

Summary:

Added rules:

Open:

Pro:

Related topics