Ruleset Update Summary - 2025/07/01 - v10961

rulesbot · July 1, 2025, 8:49pm

Summary:

23 new OPEN, 45 new PRO (23 + 22)

Added rules:

Open:

2063247 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (plaquist-simulator .com) (malware.rules)
2063248 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (everlight-beta .netlify .app) (malware.rules)
2063249 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (mythstealer .win) (malware.rules)
2063250 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (combatshell .com) (malware.rules)
2063251 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (luraka-game .github .io) (malware.rules)
2063252 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (yomiragame .blogspot .com) (malware.rules)
2063253 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (combatsouls .com) (malware.rules)
2063254 - ET MALWARE Myth Stealer Related Domain in DNS Lookup (myth .cocukporno .lol) (malware.rules)
2063255 - ET MALWARE Observed Myth Stealer Related Domain (plaquist-simulator .com) in TLS SNI (malware.rules)
2063256 - ET MALWARE Observed Myth Stealer Related Domain (everlight-beta .netlify .app) in TLS SNI (malware.rules)
2063257 - ET MALWARE Observed Myth Stealer Related Domain (mythstealer .win) in TLS SNI (malware.rules)
2063258 - ET MALWARE Observed Myth Stealer Related Domain (combatshell .com) in TLS SNI (malware.rules)
2063259 - ET MALWARE Observed Myth Stealer Related Domain (luraka-game .github .io) in TLS SNI (malware.rules)
2063260 - ET MALWARE Observed Myth Stealer Related Domain (yomiragame .blogspot .com) in TLS SNI (malware.rules)
2063261 - ET MALWARE Observed Myth Stealer Related Domain (combatsouls .com) in TLS SNI (malware.rules)
2063262 - ET MALWARE Observed Myth Stealer Related Domain (myth .cocukporno .lol) in TLS SNI (malware.rules)
2063263 - ET EXPLOIT_KIT Generic MultiStage Javascript Redirect Activity M2 (exploit_kit.rules)
2063264 - ET MALWARE Myth Stealer Data Exfiltration Attempt M1 (malware.rules)
2063265 - ET MALWARE Myth Stealer Data Exfiltration Attempt M2 (malware.rules)
2063266 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (cpanel .thekooljack .com) (malware.rules)
2063267 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (cpanel .thekooljack .com) (malware.rules)
2063268 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (insye .xyz) (malware.rules)
2063269 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (insye .xyz) in TLS SNI (malware.rules)

Pro:

2863343 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863344 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863345 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863346 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863347 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2863348 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863349 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2863350 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863351 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2863352 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863353 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863354 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2863355 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863356 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863357 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863358 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863359 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863360 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863361 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863362 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863363 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863364 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/02/03 - v10851 Ruleset Updates	140	February 3, 2025
Ruleset Update Summary - 2025/05/20 - v10931 Ruleset Updates	92	May 20, 2025
Ruleset Update Summary - 2025/06/02 - v10938 Ruleset Updates	120	June 2, 2025
Ruleset Update Summary - 2024/11/12 - v10740 Ruleset Updates	129	November 12, 2024
Ruleset Update Summary - 2024/12/23 - v10813 Ruleset Updates	120	December 23, 2024

Ruleset Update Summary - 2025/07/01 - v10961

Summary:

Added rules:

Open:

Pro:

Related topics