Ruleset Update Summary - 2025/07/16 - v10971

rulesbot · July 16, 2025, 8:31pm

Summary:

32 new OPEN, 42 new PRO (32 + 10)

Added rules:

Open:

2063513 - ET MALWARE SillyRAT CnC Command Inbound (Keylogger:On) (malware.rules)
2063514 - ET MALWARE SillyRAT CnC Server PING Inbound (malware.rules)
2063515 - ET MALWARE SillyRAT CnC Command Inbound (Keylogger:Dump) (malware.rules)
2063516 - ET MALWARE SillyRAT CnC Victim Keylogger Exfil (malware.rules)
2063517 - ET MALWARE SillyRAT CnC Command Inbound (Screenshot) (malware.rules)
2063518 - ET MALWARE SillyRAT CnC Command Inbound (shell) (malware.rules)
2063519 - ET MALWARE SillyRAT CnC Command Inbound (sysinfo) (malware.rules)
2063520 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (m .awareinsurance .com) (malware.rules)
2063521 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (m .awareinsurance .com) (malware.rules)
2063522 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (blihlo .shop) (malware.rules)
2063523 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (blihlo .shop) in TLS SNI (malware.rules)
2063524 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (exploreativethinking .top) (malware.rules)
2063525 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (exploreativethinking .top) in TLS SNI (malware.rules)
2063526 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (geymej .top) (malware.rules)
2063527 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (geymej .top) in TLS SNI (malware.rules)
2063528 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gigohe .top) (malware.rules)
2063529 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gigohe .top) in TLS SNI (malware.rules)
2063530 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mcaumnb .shop) (malware.rules)
2063531 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mcaumnb .shop) in TLS SNI (malware.rules)
2063532 - ET EXPLOIT Alcatel-Lucent cluster_cor Command Injection Attempt (CVE-2025-52690) (exploit.rules)
2063533 - ET WEB_SPECIFIC_APPS Alcatel-Lucent Authentication Bypass Attempt (CVE-2025-52689) (web_specific_apps.rules)
2063534 - ET WEB_SPECIFIC_APPS Asus RT get_wan_status multiple parameters Buffer Overflow Attempt (web_specific_apps.rules)
2063535 - ET PHISHING ODx Phish Landing Page 2025-07-15 (phishing.rules)
2063536 - ET PHISHING ODx /next.php Exfil Activity M1 (phishing.rules)
2063537 - ET WEB_SPECIFIC_APPS Netgear usb_device.cgi multiple parameters Buffer Overflow Attempt (web_specific_apps.rules)
2063538 - ET PHISHING ODx /next.php Exfil Activity M2 (phishing.rules)
2063539 - ET PHISHING ODx /next.php Exfil Activity M3 (phishing.rules)
2063540 - ET PHISHING ODx /next.php Exfil Activity M4 (phishing.rules)
2063541 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (warpdrive .top) (exploit_kit.rules)
2063542 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (ashesplayer .top) (exploit_kit.rules)
2063543 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (warpdrive .top) (exploit_kit.rules)
2063544 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (ashesplayer .top) (exploit_kit.rules)

Pro:

2863515 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863516 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863517 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863518 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863519 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863520 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863521 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863522 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863523 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2863524 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)

Modified inactive rules:

2057029 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (solcongeneral .com) (exploit_kit.rules)
2057030 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (solcongeneral .com) (exploit_kit.rules)
2057038 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (adullamglobal .com) (exploit_kit.rules)
2057039 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (adullamglobal .com) (exploit_kit.rules)
2057040 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cuansurga .cam) (exploit_kit.rules)
2057041 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cuansurga .cam) (exploit_kit.rules)
2057058 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (arubapalmrealtor .com) (exploit_kit.rules)
2057059 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (arubapalmrealtor .com) (exploit_kit.rules)
2057060 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cosdfdfrefdch .best) (exploit_kit.rules)
2057061 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cosdfdfrefdch .best) (exploit_kit.rules)
2057113 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (prepare2swim .com) (exploit_kit.rules)
2057118 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (prepare2swim .com) (exploit_kit.rules)
2057148 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (hdlclub2 .cc) (exploit_kit.rules)
2057149 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (hdlclub2 .cc) (exploit_kit.rules)
2057157 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (omegaarea .site) (exploit_kit.rules)
2057159 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (omegaarea .site) (exploit_kit.rules)
2057165 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (becreativemind .com) (exploit_kit.rules)
2057168 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (becreativemind .com) (exploit_kit.rules)
2858793 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858828 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858829 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858830 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858831 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858832 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858833 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858834 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/03/24 - v10889 Ruleset Updates	120	March 24, 2025
Ruleset Update Summary - 2025/07/18 - v10973 Ruleset Updates	77	July 18, 2025
Ruleset Update Summary - 2025/05/12 - v10925 Ruleset Updates	101	May 12, 2025
Ruleset Update Summary - 2025/05/13 - v10926 Ruleset Updates	157	May 13, 2025
Ruleset Update Summary - 2025/02/07 - v10855 Ruleset Updates	168	February 7, 2025

Ruleset Update Summary - 2025/07/16 - v10971

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics