Ruleset Update Summary - 2025/07/22 - v10975

rulesbot · July 22, 2025, 8:42pm

Summary:

27 new OPEN, 74 new PRO (27 + 47)

Added rules:

Open:

2063647 - ET EXPLOIT Microsoft SharePoint ToolPane Authentication Bypass (CVE-2025-49706) (exploit.rules)
2063648 - ET WEB_SPECIFIC_APPS Microsoft Sharepoint Authenticated WebParts TypeConverter Remote Code Execution (CVE-2020-0932) (web_specific_apps.rules)
2063649 - ET INFO DYNAMIC_DNS Query to a *.aedifice .net domain (info.rules)
2063650 - ET INFO DYNAMIC_DNS HTTP Request to a *.aedifice .net domain (info.rules)
2063651 - ET INFO DYNAMIC_DNS Query to a *.zmurk .com domain (info.rules)
2063652 - ET INFO DYNAMIC_DNS HTTP Request to a *.zmurk .com domain (info.rules)
2063653 - ET INFO DYNAMIC_DNS Query to a *.tedbuy .com domain (info.rules)
2063654 - ET INFO DYNAMIC_DNS HTTP Request to a *.tedbuy .com domain (info.rules)
2063655 - ET INFO DYNAMIC_DNS Query to a *.botar .co .uk domain (info.rules)
2063656 - ET INFO DYNAMIC_DNS HTTP Request to a *.botar .co .uk domain (info.rules)
2063657 - ET INFO DYNAMIC_DNS Query to a *.bellyfatcat .com domain (info.rules)
2063658 - ET INFO DYNAMIC_DNS HTTP Request to a *.bellyfatcat .com domain (info.rules)
2063659 - ET INFO DYNAMIC_DNS Query to a *.aistis .com domain (info.rules)
2063660 - ET INFO DYNAMIC_DNS HTTP Request to a *.aistis .com domain (info.rules)
2063661 - ET INFO DYNAMIC_DNS Query to a *.socialnomad .com domain (info.rules)
2063662 - ET INFO DYNAMIC_DNS HTTP Request to a *.socialnomad .com domain (info.rules)
2063663 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (calc .diversifieddebtsolutions .com) (malware.rules)
2063664 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (calc .diversifieddebtsolutions .com) (malware.rules)
2063665 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (corronxu .xyz) (malware.rules)
2063666 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (corronxu .xyz) in TLS SNI (malware.rules)
2063667 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (worlejrc .xyz) (malware.rules)
2063668 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (worlejrc .xyz) in TLS SNI (malware.rules)
2063669 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (headtechnologies .xyz) (exploit_kit.rules)
2063670 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (headtechnologies .xyz) (exploit_kit.rules)
2063671 - ET WEB_SPECIFIC_APPS Tenda setMacFilterCfg deviceList Parameter Buffer Overflow Attempt (CVE-2025-8017) (web_specific_apps.rules)
2063672 - ET WEB_SPECIFIC_APPS Tenda SetStaticRouteCfg list Parameter Buffer Overflow Attempt (CVE-2025-5527) (web_specific_apps.rules)
2063673 - ET EXPLOIT Totolink MQTT ckeckKeepAlive ipAddr Parameter Command Injection Attempt (CVE-2025-7952) (exploit.rules)

Pro:

2863564 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863565 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863566 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863567 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863568 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863569 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863570 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863571 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863572 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863573 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863574 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863575 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863576 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863577 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863578 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863579 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863580 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863581 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863582 - ETPRO MALWARE Observed DNS Query to TA455 Domain (malware.rules)
2863583 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863584 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863585 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863586 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863587 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863588 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863589 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863590 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863591 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863592 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863593 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863594 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863595 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863596 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863597 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863598 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863599 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863600 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863601 - ETPRO MALWARE Observed TA455 Domain in TLS SNI (malware.rules)
2863602 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863603 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863604 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863605 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863606 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863607 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863608 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863609 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2863610 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)

Modified inactive rules:

2858507 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Removed rules:

2863405 - ETPRO EXPLOIT Microsoft SharePoint ToolPane Authentication Bypass (CVE-2025-49706) (exploit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/07/18 - v10973 Ruleset Updates	77	July 18, 2025
Ruleset Update Summary - 2025/03/11 - v10876 Ruleset Updates	129	March 11, 2025
Ruleset Update Summary - 2025/03/20 - v10887 Ruleset Updates	97	March 20, 2025
Ruleset Update Summary - 2025/05/13 - v10926 Ruleset Updates	157	May 13, 2025
Ruleset Update Summary - 2025/04/08 - v10900 Ruleset Updates	136	April 8, 2025

Ruleset Update Summary - 2025/07/22 - v10975

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Removed rules:

Related topics