Ruleset Update Summary - 2025/07/29 - v10981

rulesbot · July 29, 2025, 9:53pm

Summary:

8 new OPEN, 25 new PRO (8 + 17)

Thanks @aryakaNetworks

Added rules:

Open:

2063806 - ET INFO DYNAMIC_DNS Query to a *.olivercressey .co .uk domain (info.rules)
2063807 - ET INFO DYNAMIC_DNS HTTP Request to a *.olivercressey .co .uk domain (info.rules)
2063808 - ET INFO DYNAMIC_DNS Query to a *.chucktam .com domain (info.rules)
2063809 - ET INFO DYNAMIC_DNS HTTP Request to a *.chucktam .com domain (info.rules)
2063810 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (m .groiz .com) (malware.rules)
2063811 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (m .groiz .com) (malware.rules)
2063812 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (guosong .top) (exploit_kit.rules)
2063813 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (guosong .top) (exploit_kit.rules)

Pro:

2863733 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2863734 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863735 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863736 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2863737 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2863738 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2863739 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2863740 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2863741 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2863742 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2863743 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2863744 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2863745 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2863746 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2863747 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2863748 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2863749 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Modified inactive rules:

2055286 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tylmxvx .top) (exploit_kit.rules)
2055287 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (tylmxvx .top) (exploit_kit.rules)
2055310 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (kirklareliliste .cfd) (exploit_kit.rules)
2055311 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (belvedereparkway .site) (exploit_kit.rules)
2055313 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (belvedereparkway .site) (exploit_kit.rules)
2055341 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (carnivalsale .com) (exploit_kit.rules)
2055343 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (localdominationsystems .com) (exploit_kit.rules)
2055344 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (carnivalsale .com) (exploit_kit.rules)
2055345 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (boylegmfg .com) (exploit_kit.rules)
2055346 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (localdominationsystems .com) (exploit_kit.rules)
2055357 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (cafeespeciales .com) (exploit_kit.rules)
2055362 - ET MALWARE Lumma Stealer Domain in DNS Lookup (spoortsiso .shop) (malware.rules)
2055363 - ET MALWARE Lumma Stealer Domain in DNS Lookup (uttercarrigsno .shop) (malware.rules)
2055364 - ET MALWARE Lumma Stealer Domain in TLS SNI (drinnkysoapmzv .shop) (malware.rules)
2055365 - ET MALWARE Lumma Stealer Domain in TLS SNI (spoortsiso .shop) (malware.rules)
2055366 - ET MALWARE Lumma Stealer Domain in TLS SNI (uttercarrigsno .shop) (malware.rules)
2055371 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (iprotosample .com) (exploit_kit.rules)
2055383 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (expertcloud .xyz) (exploit_kit.rules)
2055384 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (expertcloud .xyz) (exploit_kit.rules)
2055396 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (queimaxofc .com) (exploit_kit.rules)
2055398 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (queimaxofc .com) (exploit_kit.rules)
2055403 - ET INFO Abused File Sharing Service (tempfiles .ninja) in DNS Lookup (info.rules)
2055405 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (codcraft .shop) (exploit_kit.rules)
2055407 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (datawiz .shop) (exploit_kit.rules)
2055408 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (deslgnpro .shop) (exploit_kit.rules)
2055409 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (happywave .shop) (exploit_kit.rules)
2055410 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckipath .shop) (exploit_kit.rules)
2055411 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (pixelsmith .shop) (exploit_kit.rules)
2055412 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (salesguru .online) (exploit_kit.rules)
2055413 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statlstic .shop) (exploit_kit.rules)
2055414 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statmaster .shop) (exploit_kit.rules)
2055415 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (trendset .website) (exploit_kit.rules)
2055416 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (vodog .shop) (exploit_kit.rules)
2055417 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artvislon .shop) (exploit_kit.rules)
2055419 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (analytlx .shop) (exploit_kit.rules)
2055420 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (codcraft .shop) (exploit_kit.rules)
2055421 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (codemingle .shop) (exploit_kit.rules)
2055422 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (datawiz .shop) (exploit_kit.rules)
2055423 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (deslgnpro .shop) (exploit_kit.rules)
2055424 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (happywave .shop) (exploit_kit.rules)
2055425 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckipath .shop) (exploit_kit.rules)
2055426 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (pixelsmith .shop) (exploit_kit.rules)
2055428 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statlstic .shop) (exploit_kit.rules)
2055429 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statmaster .shop) (exploit_kit.rules)
2055430 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (trendset .website) (exploit_kit.rules)
2055431 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (vodog .shop) (exploit_kit.rules)
2055432 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artvislon .shop) (exploit_kit.rules)
2055433 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (statistall .com) (exploit_kit.rules)
2055434 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (analytlx .shop) (exploit_kit.rules)
2055435 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (elmipardaz .com) (exploit_kit.rules)
2055436 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (elmipardaz .com) (exploit_kit.rules)
2055437 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (skibidirizz .lol) (exploit_kit.rules)
2055438 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (skibidirizz .lol) (exploit_kit.rules)
2055439 - ET MALWARE Lumma Stealer Domain in DNS Lookup (fictionnykwop .shop) (malware.rules)
2055440 - ET MALWARE Lumma Stealer Domain in TLS SNI (fictionnykwop .shop) (malware.rules)
2055446 - ET MALWARE Malicious Domain Observed in DNS Lookup (jslibc .com) (malware.rules)
2055448 - ET MALWARE Observed Malicious Domain (jslibc .com in TLS SNI) (malware.rules)
2055470 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (birddogerc .com) (exploit_kit.rules)
2055471 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (birddogerc .com) (exploit_kit.rules)
2055472 - ET EXPLOIT_KIT ClickFix Domain in DNS Lookup (ajsdiaolke .shop) (exploit_kit.rules)
2055473 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (ajsdiaolke .shop) (exploit_kit.rules)
2055499 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (luckkystar .shop) (exploit_kit.rules)
2055500 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (selllify .shop) (exploit_kit.rules)
2055501 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (artickon .shop) (exploit_kit.rules)
2055502 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (articon .website) (exploit_kit.rules)
2055503 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (seilsmart .shop) (exploit_kit.rules)
2055504 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (happyllfe .online) (exploit_kit.rules)
2055505 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (luckkystar .shop) (exploit_kit.rules)
2055506 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (selllify .shop) (exploit_kit.rules)
2055507 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (artickon .shop) (exploit_kit.rules)
2055508 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (articon .website) (exploit_kit.rules)
2055509 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (seilsmart .shop) (exploit_kit.rules)
2055510 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (happyllfe .online) (exploit_kit.rules)
2055533 - ET MALWARE Gamaredon CnC Domain in DNS Lookup (wilderness-activists-gazette-purse .trycloudflare .com) (malware.rules)
2055534 - ET MALWARE Observed Gamaredon Domain (wilderness-activists-gazette-purse .trycloudflare .com in TLS SNI) (malware.rules)
2055536 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (financialinvestmentsgrp .com) (exploit_kit.rules)
2857973 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857975 - ETPRO MALWARE Observed Lumma Domain in TLS SNI (malware.rules)
2857984 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2857985 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858005 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858006 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858019 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858020 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
2858021 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2024/08/19 - v10669 Ruleset Updates	155	August 19, 2024
Ruleset Update Summary - 2025/04/14 - v10904 Ruleset Updates	134	April 14, 2025
Ruleset Update Summary - 2025/02/18 - v10861 Ruleset Updates	186	February 18, 2025
Ruleset Update Summary - 2025/01/14 - v10837 Ruleset Updates	100	January 14, 2025
Ruleset Update Summary - 2025/07/30 - v10982 Ruleset Updates	57	July 30, 2025

Ruleset Update Summary - 2025/07/29 - v10981

Summary:

Added rules:

Open:

Pro:

Modified inactive rules:

Related topics