Ruleset Update Summary - 2025/07/30 - v10982

Ruleset Updates
1

Summary:

16 new OPEN, 41 new PRO (16 + 25)

Added rules:

Open:

  • 2063814 - ET INFO DYNAMIC_DNS Query to a *.npflifang .com domain (info.rules)
  • 2063815 - ET INFO DYNAMIC_DNS HTTP Request to a *.npflifang .com domain (info.rules)
  • 2063816 - ET MALWARE Win32/TA569 Gholoader CnC Domain in DNS Lookup (images .therunningink .com) (malware.rules)
  • 2063817 - ET MALWARE Win32/TA569 Gholoader CnC Domain in TLS SNI (images .therunningink .com) (malware.rules)
  • 2063818 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (maszgn .club) (malware.rules)
  • 2063819 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (maszgn .club in TLS SNI) (malware.rules)
  • 2063820 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mastwin .in) (malware.rules)
  • 2063821 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mastwin .in in TLS SNI) (malware.rules)
  • 2063822 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (precisionbiomeds .com) (malware.rules)
  • 2063823 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (precisionbiomeds .com in TLS SNI) (malware.rules)
  • 2063824 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (physicianusepeptides .com) (malware.rules)
  • 2063825 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (physicianusepeptides .com in TLS SNI) (malware.rules)
  • 2063826 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inkermen .top) (malware.rules)
  • 2063827 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (inkermen .top in TLS SNI) (malware.rules)
  • 2063828 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (htsfhtdrjbyy1bgxbv .cfd) (malware.rules)
  • 2063829 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (htsfhtdrjbyy1bgxbv .cfd in TLS SNI) (malware.rules)

Pro:

  • 2863770 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2863771 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863772 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2863773 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2863774 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2863775 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2863776 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2863777 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2863778 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2863779 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863780 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863781 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2863782 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2863783 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2863784 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2863785 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2863786 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2863787 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2863788 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2863789 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2863790 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2863791 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2863792 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2863793 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2863794 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)

Modified inactive rules:

  • 2055041 - ET EXPLOIT_KIT ClickFix Domain in TLS SNI (dais7nsa .lol) (exploit_kit.rules)
  • 2055047 - ET PHISHING TA427/Kimsuky Domain in DNS Lookup (phishing.rules)
  • 2055059 - ET PHISHING TA427/Kimsuky Domain in TLS SNI (phishing.rules)
  • 2055070 - ET MALWARE DNS Query to TA399 SideWinder Domain (mofa-gov-pk .dowmload .info) (malware.rules)
  • 2055071 - ET MALWARE Observed TA399/SideWinder Domain (mofa-gov-pk .dowmload .info in TLS SNI) (malware.rules)
  • 2055072 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (barelytherejewels .com) (exploit_kit.rules)
  • 2055073 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (barelytherejewels .com) (exploit_kit.rules)
  • 2055075 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (majordatabases .lat) (exploit_kit.rules)
  • 2055082 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (suezcanal .portdedjibouti .live) (malware.rules)
  • 2055083 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (notice .portdedjibouti .live) (malware.rules)
  • 2055085 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (cabinet-division-pk .fia-gov .com) (malware.rules)
  • 2055086 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (sarabanmithnavy .tni-mil .com) (malware.rules)
  • 2055087 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (moitt-gov-pk .fia-gov .net) (malware.rules)
  • 2055088 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (moitt .paknavy-govpk .info) (malware.rules)
  • 2055089 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (training .detru .info) (malware.rules)
  • 2055090 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (www-army-mil-bd .dirctt88 .co) (malware.rules)
  • 2055091 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (mofa-gov-pk .donwloaded .com) (malware.rules)
  • 2055092 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (mailarmylk .mods .email) (malware.rules)
  • 2055093 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (reports .dgps-govtpk .com) (malware.rules)
  • 2055094 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (navy-lk .direct888 .net) (malware.rules)
  • 2055095 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (mofa-gov-pk .directt888 .com) (malware.rules)
  • 2055096 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (moemaldives .pmd-office .com) (malware.rules)
  • 2055097 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (mod-gov-bd .dowmload .co) (malware.rules)
  • 2055098 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (mora .pdfadobe .com) (malware.rules)
  • 2055099 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (efes-mindef-gov-pk .dowmload .org) (malware.rules)
  • 2055100 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (opmcm-gov-np .fia-gov .net) (malware.rules)
  • 2055102 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (commerce-gov-pk .directt888 .com) (malware.rules)
  • 2055103 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (salary-cutting .session-out .com) (malware.rules)
  • 2055104 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (mailmofagovmm .mofa .email) (malware.rules)
  • 2055105 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (investigation04 .session-out .com) (malware.rules)
  • 2055107 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (paknavy .defpak .org) (malware.rules)
  • 2055108 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (msacn .ntcpk .net) (malware.rules)
  • 2055109 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (invitation-letter .govpk .info) (malware.rules)
  • 2055110 - ET MALWARE TA399 SideWinder APT CnC Domain in DNS Lookup (heatwave .paknavy .store) (malware.rules)
  • 2055111 - ET MALWARE Observed TA399/Sidewinder APT Domain (suezcanal .portdedjibouti .live in TLS SNI) (malware.rules)
  • 2055112 - ET MALWARE Observed TA399/Sidewinder APT Domain (notice .portdedjibouti .live in TLS SNI) (malware.rules)
  • 2055113 - ET MALWARE Observed TA399/Sidewinder APT Domain (mofa-gov-sa .direct888 .net in TLS SNI) (malware.rules)
  • 2055114 - ET MALWARE Observed TA399/Sidewinder APT Domain (cabinet-division-pk .fia-gov .com in TLS SNI) (malware.rules)
  • 2055115 - ET MALWARE Observed TA399/Sidewinder APT Domain (sarabanmithnavy .tni-mil .com in TLS SNI) (malware.rules)
  • 2055116 - ET MALWARE Observed TA399/Sidewinder APT Domain (moitt-gov-pk .fia-gov .net in TLS SNI) (malware.rules)
  • 2055117 - ET MALWARE Observed TA399/Sidewinder APT Domain (moitt .paknavy-govpk .info in TLS SNI) (malware.rules)
  • 2055118 - ET MALWARE Observed TA399/Sidewinder APT Domain (training .detru .info in TLS SNI) (malware.rules)
  • 2055119 - ET MALWARE Observed TA399/Sidewinder APT Domain (www-army-mil-bd .dirctt88 .co in TLS SNI) (malware.rules)
  • 2055120 - ET MALWARE Observed TA399/Sidewinder APT Domain (mofa-gov-pk .donwloaded .com in TLS SNI) (malware.rules)
  • 2055121 - ET MALWARE Observed TA399/Sidewinder APT Domain (mailarmylk .mods .email in TLS SNI) (malware.rules)
  • 2055122 - ET MALWARE Observed TA399/Sidewinder APT Domain (reports .dgps-govtpk .com in TLS SNI) (malware.rules)
  • 2055123 - ET MALWARE Observed TA399/Sidewinder APT Domain (navy-lk .direct888 .net in TLS SNI) (malware.rules)
  • 2055124 - ET MALWARE Observed TA399/Sidewinder APT Domain (mofa-gov-pk .directt888 .com in TLS SNI) (malware.rules)
  • 2055125 - ET MALWARE Observed TA399/Sidewinder APT Domain (moemaldives .pmd-office .com in TLS SNI) (malware.rules)
  • 2055126 - ET MALWARE Observed TA399/Sidewinder APT Domain (mod-gov-bd .dowmload .co in TLS SNI) (malware.rules)
  • 2055127 - ET MALWARE Observed TA399/Sidewinder APT Domain (mora .pdfadobe .com in TLS SNI) (malware.rules)
  • 2055128 - ET MALWARE Observed TA399/Sidewinder APT Domain (efes-mindef-gov-pk .dowmload .org in TLS SNI) (malware.rules)
  • 2055130 - ET MALWARE Observed TA399/Sidewinder APT Domain (opmcm-gov-np .fia-gov .net in TLS SNI) (malware.rules)
  • 2055131 - ET MALWARE Observed TA399/Sidewinder APT Domain (www-moha-gov-lk .direct888 .net in TLS SNI) (malware.rules)
  • 2055132 - ET MALWARE Observed TA399/Sidewinder APT Domain (commerce-gov-pk .directt888 .com in TLS SNI) (malware.rules)
  • 2055133 - ET MALWARE Observed TA399/Sidewinder APT Domain (salary-cutting .session-out .com in TLS SNI) (malware.rules)
  • 2055134 - ET MALWARE Observed TA399/Sidewinder APT Domain (mailmofagovmm .mofa .email in TLS SNI) (malware.rules)
  • 2055135 - ET MALWARE Observed TA399/Sidewinder APT Domain (investigation04 .session-out .com in TLS SNI) (malware.rules)
  • 2055136 - ET MALWARE Observed TA399/Sidewinder APT Domain (president-gov-lk .donwloaded .net in TLS SNI) (malware.rules)
  • 2055137 - ET MALWARE Observed TA399/Sidewinder APT Domain (paknavy .defpak .org in TLS SNI) (malware.rules)
  • 2055138 - ET MALWARE Observed TA399/Sidewinder APT Domain (msacn .ntcpk .net in TLS SNI) (malware.rules)
  • 2055139 - ET MALWARE Observed TA399/Sidewinder APT Domain (invitation-letter .govpk .info in TLS SNI) (malware.rules)
  • 2055140 - ET MALWARE Observed TA399/Sidewinder APT Domain (heatwave .paknavy .store in TLS SNI) (malware.rules)
  • 2055141 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (mailnavybd .govpk .net) (malware.rules)
  • 2055142 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (ministryofforeignaffairs-mofa-gov-pk .dytt88 .org) (malware.rules)
  • 2055143 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (moma .comsats-net .com) (malware.rules)
  • 2055144 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (bdmil .alit .live) (malware.rules)
  • 2055145 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (mofabn .ksewpk .com) (malware.rules)
  • 2055146 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (mohgovsg .bahariafoundation .live) (malware.rules)
  • 2055147 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (mtss .bol-south .org) (malware.rules)
  • 2055148 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (forecast .comsats-net .com) (malware.rules)
  • 2055149 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (promotionlist .comsats-net .com) (malware.rules)
  • 2055150 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (dgms .paknavy-gov .com) (malware.rules)
  • 2055151 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (cstc-spares-vip-163 .dowmload .net) (malware.rules)
  • 2055152 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (paknavy .jmicc .xyz) (malware.rules)
  • 2055153 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (dgpr .paknvay-pk .net) (malware.rules)
  • 2055154 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (careitservices .paknvay-pk .net) (malware.rules)
  • 2055155 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (dgmp-paknavy .mod-pk .com) (malware.rules)
  • 2055156 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (paknavy .paknavy .live) (malware.rules)
  • 2055157 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (cabinet-gov-pk .ministry-pk .net) (malware.rules)
  • 2055158 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (defencelk .cvix .live) (malware.rules)
  • 2055160 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (srilanka-navy .lforvk .com) (malware.rules)
  • 2055161 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (sppc .moma-pk .org) (malware.rules)
  • 2055162 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (mofadividion .ptcl-gov .com) (malware.rules)
  • 2055163 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (paknavy-gov-pk .downld .net) (malware.rules)
  • 2055164 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (sl-navy .office-drive .live) (malware.rules)
  • 2055165 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (pnwc .bol-north .com) (malware.rules)
  • 2055166 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (mailrta .mfagov .org) (malware.rules)
  • 2055167 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (mailaplf .cvix .live) (malware.rules)
  • 2055168 - ET MALWARE TA399/Sidewinder APT CnC Domain in DNS Lookup (srilankanavy .ksew .org) (malware.rules)
  • 2055169 - ET MALWARE Observed TA399/Sidewinder APT Domain (mailnavybd .govpk .net in TLS SNI) (malware.rules)
  • 2055170 - ET MALWARE Observed TA399/Sidewinder APT Domain (ministryofforeignaffairs-mofa-gov-pk .dytt88 .org in TLS SNI) (malware.rules)
  • 2055171 - ET MALWARE Observed TA399/Sidewinder APT Domain (moma .comsats-net .com in TLS SNI) (malware.rules)
  • 2055172 - ET MALWARE Observed TA399/Sidewinder APT Domain (bdmil .alit .live in TLS SNI) (malware.rules)
  • 2055173 - ET MALWARE Observed TA399/Sidewinder APT Domain (mofabn .ksewpk .com in TLS SNI) (malware.rules)
  • 2055174 - ET MALWARE Observed TA399/Sidewinder APT Domain (mohgovsg .bahariafoundation .live in TLS SNI) (malware.rules)
  • 2055175 - ET MALWARE Observed TA399/Sidewinder APT Domain (mtss .bol-south .org in TLS SNI) (malware.rules)
  • 2055176 - ET MALWARE Observed TA399/Sidewinder APT Domain (forecast .comsats-net .com in TLS SNI) (malware.rules)
  • 2055177 - ET MALWARE Observed TA399/Sidewinder APT Domain (promotionlist .comsats-net .com in TLS SNI) (malware.rules)
  • 2055178 - ET MALWARE Observed TA399/Sidewinder APT Domain (dgms .paknavy-gov .com in TLS SNI) (malware.rules)
  • 2055179 - ET MALWARE Observed TA399/Sidewinder APT Domain (cstc-spares-vip-163 .dowmload .net in TLS SNI) (malware.rules)
  • 2055180 - ET MALWARE Observed TA399/Sidewinder APT Domain (paknavy .jmicc .xyz in TLS SNI) (malware.rules)
  • 2055181 - ET MALWARE Observed TA399/Sidewinder APT Domain (dgpr .paknvay-pk .net in TLS SNI) (malware.rules)
  • 2055182 - ET MALWARE Observed TA399/Sidewinder APT Domain (careitservices .paknvay-pk .net in TLS SNI) (malware.rules)
  • 2055183 - ET MALWARE Observed TA399/Sidewinder APT Domain (dgmp-paknavy .mod-pk .com in TLS SNI) (malware.rules)
  • 2055184 - ET MALWARE Observed TA399/Sidewinder APT Domain (paknavy .paknavy .live in TLS SNI) (malware.rules)
  • 2055185 - ET MALWARE Observed TA399/Sidewinder APT Domain (cabinet-gov-pk .ministry-pk .net in TLS SNI) (malware.rules)
  • 2055186 - ET MALWARE Observed TA399/Sidewinder APT Domain (defencelk .cvix .live in TLS SNI) (malware.rules)
  • 2055187 - ET MALWARE Observed TA399/Sidewinder APT Domain (mofa-gov .interior-pk .org in TLS SNI) (malware.rules)
  • 2055188 - ET MALWARE Observed TA399/Sidewinder APT Domain (srilanka-navy .lforvk .com in TLS SNI) (malware.rules)
  • 2055189 - ET MALWARE Observed TA399/Sidewinder APT Domain (sppc .moma-pk .org in TLS SNI) (malware.rules)
  • 2055190 - ET MALWARE Observed TA399/Sidewinder APT Domain (mofadividion .ptcl-gov .com in TLS SNI) (malware.rules)
  • 2055191 - ET MALWARE Observed TA399/Sidewinder APT Domain (paknavy-gov-pk .downld .net in TLS SNI) (malware.rules)
  • 2055192 - ET MALWARE Observed TA399/Sidewinder APT Domain (sl-navy .office-drive .live in TLS SNI) (malware.rules)
  • 2055193 - ET MALWARE Observed TA399/Sidewinder APT Domain (pnwc .bol-north .com in TLS SNI) (malware.rules)
  • 2055194 - ET MALWARE Observed TA399/Sidewinder APT Domain (mailrta .mfagov .org in TLS SNI) (malware.rules)
  • 2055195 - ET MALWARE Observed TA399/Sidewinder APT Domain (mailaplf .cvix .live in TLS SNI) (malware.rules)
  • 2055196 - ET MALWARE Observed TA399/Sidewinder APT Domain (srilankanavy .ksew .org in TLS SNI) (malware.rules)
  • 2055197 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (utvj .com) (exploit_kit.rules)
  • 2055198 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (utvj .com) (exploit_kit.rules)
  • 2055207 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (informupdate .uno) (exploit_kit.rules)
  • 2055208 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (informupdate .uno) (exploit_kit.rules)
  • 2055232 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (gxsicmj3l .top) (exploit_kit.rules)
  • 2055233 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (legderlivesapp .online) (exploit_kit.rules)
  • 2055234 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (gxsicmj3l .top) (exploit_kit.rules)
  • 2055235 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (legderlivesapp .online) (exploit_kit.rules)
  • 2055248 - ET EXPLOIT_KIT ClearFake Domain in DNS Lookup (bigdownload .xyz) (exploit_kit.rules)
  • 2055249 - ET EXPLOIT_KIT ClearFake Domain in TLS SNI (bigdownload .xyz) (exploit_kit.rules)
  • 2055312 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (kirklareliliste .cfd) (exploit_kit.rules)
  • 2055314 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (tlymxvx .top) (exploit_kit.rules)
  • 2055342 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (boylegmfg .com) (exploit_kit.rules)
  • 2055360 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (cafeespeciales .com) (exploit_kit.rules)
  • 2055361 - ET MALWARE Lumma Stealer Domain in DNS Lookup (drinnkysoapmzv .shop) (malware.rules)
  • 2055372 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (iprotosample .com) (exploit_kit.rules)
  • 2055406 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (codemingle .shop) (exploit_kit.rules)
  • 2055418 - ET EXPLOIT_KIT Credit Card Skimmer Domain in DNS Lookup (statistall .com) (exploit_kit.rules)
  • 2055427 - ET EXPLOIT_KIT Credit Card Skimmer Domain in TLS SNI (salesguru .online) (exploit_kit.rules)
  • 2857897 - ETPRO MALWARE TA582 Domain in DNS Lookup (fpvuzhe73uz .top) (malware.rules)
  • 2857898 - ETPRO MALWARE TA582 Domain in DNS Lookup (cmcebigeiajbfcb .top) (malware.rules)
  • 2857909 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)
  • 2857910 - ETPRO MALWARE TA582 Domain in DNS Lookup (malware.rules)

Disabled and modified rules:

  • 2863705 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2863710 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2863715 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2863717 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)