Ruleset Update Summary - 2025/07/11 - v10968

rulesbot · July 11, 2025, 8:08pm

Summary:

8 new OPEN, 66 new PRO (8 + 58)

Thanks @zoomequipd

Added rules:

Open:

2063411 - ET INFO Observed DNS Query to PAY2KEY Domain (pay2key .com) (info.rules)
2063412 - ET INFO Observed DNS Query to PAY2KEY Domain (clients .pay2key .com) (info.rules)
2063413 - ET INFO Observed PAY2KEY Domain (pay2key .com in TLS SNI) (info.rules)
2063414 - ET INFO Observed PAY2KEY Domain (clients .pay2key .com in TLS SNI) (info.rules)
2063415 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (ai-dev .overscaleconsulting .com) (malware.rules)
2063416 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (ai-dev .overscaleconsulting .com) (malware.rules)
2063417 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (images .mildecommercialrealestate .com) (malware.rules)
2063418 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (images .mildecommercialrealestate .com) (malware.rules)

Pro:

2863431 - ETPRO MALWARE DarkCloud Stealer Banner in Telegram Exfil (malware.rules)
2863432 - ETPRO MALWARE DarkCloud Stealer Key Logger Function Exfiltrating Data via Telegram (malware.rules)
2863433 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863434 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863435 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863436 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863437 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863438 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863439 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863440 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863441 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863442 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863443 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863444 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863445 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863446 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863447 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863448 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863449 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863450 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863451 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863452 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863453 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863454 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863455 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863456 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863457 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863458 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863459 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863460 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863461 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863462 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863463 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863464 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863465 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863466 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863467 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863468 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863469 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863470 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863471 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863472 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863473 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863474 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863475 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863476 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863477 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863478 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863479 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863480 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863481 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863482 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863483 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863484 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863485 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863486 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863487 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863488 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)

Disabled and modified rules:

2863205 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863206 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863207 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863209 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863215 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863232 - ETPRO MALWARE Observed DNS Query to UNK_MachoMan Domain (malware.rules)
2863262 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863264 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863272 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863289 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)
2863306 - ETPRO MALWARE Observed UNK_MachoMan Domain in TLS SNI (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/05/16 - v10929 Ruleset Updates	149	May 16, 2025
Ruleset Update Summary - 2025/02/12 - v10858 Ruleset Updates	106	February 12, 2025
Ruleset Update Summary - 2025/03/28 - v10893 Ruleset Updates	119	March 28, 2025
Ruleset Update Summary - 2024/09/12 - v10688 Ruleset Updates	47	September 12, 2024
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	337	March 25, 2024

Ruleset Update Summary - 2025/07/11 - v10968

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics