Ruleset Update Summary - 2026/01/19 - v11106

Ruleset Updates
1

Summary:

14 new OPEN, 106 new PRO (14 + 92)

Added rules:

Open:

  • 2066802 - ET INFO DYNAMIC_DNS Query to a *.primeops .net domain (info.rules)
  • 2066803 - ET INFO DYNAMIC_DNS HTTP Request to a *.primeops .net domain (info.rules)
  • 2066804 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (creativehjub .tech) (malware.rules)
  • 2066805 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (creativehjub .tech) in TLS SNI (malware.rules)
  • 2066806 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (degreehourz .click) (malware.rules)
  • 2066807 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (degreehourz .click) in TLS SNI (malware.rules)
  • 2066808 - ET INFO DYNAMIC_DNS Query to a *.sulevkivastik .ee domain (info.rules)
  • 2066809 - ET INFO DYNAMIC_DNS HTTP Request to a *.sulevkivastik .ee domain (info.rules)
  • 2066810 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cyberplg .cyou) (malware.rules)
  • 2066811 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (cyberplg .cyou) in TLS SNI (malware.rules)
  • 2066812 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (directi .cyou) (malware.rules)
  • 2066813 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (directi .cyou) in TLS SNI (malware.rules)
  • 2066814 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reagoofydwqioo .shop) (malware.rules)
  • 2066815 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (reagoofydwqioo .shop) in TLS SNI (malware.rules)

Pro:

  • 2865697 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865698 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865699 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2865700 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2865701 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2865702 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2865703 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2865704 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2865705 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2865706 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2865707 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2865708 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2865709 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865710 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865711 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865712 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2865713 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2865714 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2865715 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2865716 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2865717 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2865718 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2865719 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2865720 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2865721 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2865722 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2865723 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2865724 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2865725 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2865726 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865727 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865728 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2865729 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2865730 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2865731 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2865732 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2865733 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2865734 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2865735 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2865736 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2865737 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2865738 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2865739 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865740 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865741 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865742 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2865743 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2865744 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2865745 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2865746 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2865747 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2865748 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2865749 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2865750 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2865751 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2865752 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2865753 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2865754 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2865755 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2865756 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865757 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865758 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2865759 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2865760 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2865761 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2865762 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2865763 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2865764 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2865765 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2865766 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2865767 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2865768 - ETPRO MALWARE Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2865769 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865770 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865771 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2865772 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2865773 - ETPRO MALWARE Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2865774 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2865775 - ETPRO MALWARE Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2865776 - ETPRO MALWARE Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2865777 - ETPRO MALWARE Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2865778 - ETPRO MALWARE Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2865779 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2865780 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2865781 - ETPRO MALWARE Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2865782 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2865783 - ETPRO MALWARE Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2865784 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2865785 - ETPRO MALWARE Malicious Win32/NetSupport Rat CnC Checkin (malware.rules)
  • 2865786 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2865787 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)
  • 2865788 - ETPRO MALWARE Win32/zgRAT CnC Checkin (malware.rules)

Modified inactive rules:

  • 2002068 - ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon (exploit.rules)
  • 2003039 - ET EXPLOIT UPnP DLink M-Search Overflow Attempt (exploit.rules)
  • 2003321 - ET P2P Edonkey Server Message (p2p.rules)
  • 2003473 - ET ADWARE_PUP DelFin Project Spyware (payload-alt) (adware_pup.rules)
  • 2003673 - ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt – mod_liens_index.php config pathMod (web_specific_apps.rules)
  • 2003717 - ET WEB_SPECIFIC_APPS miplex2 Remote Inclusion SmartyFU.class.php system (web_specific_apps.rules)
  • 2003908 - ET WEB_SPECIFIC_APPS ACP3 XSS Attempt – index.php form cat (web_specific_apps.rules)
  • 2009311 - ET WEB_SPECIFIC_APPS WeBid ST_countries.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010283 - ET MALWARE Opachki Link Hijacker HTTP Header Injection (malware.rules)
  • 2017485 - ET EXPLOIT_KIT Unknown EK Using Office/.Net ROP/ASLR Bypass (exploit_kit.rules)
  • 2018620 - ET MALWARE Downloader.Win32.Tesch.A Bot Command Checkin 2 (malware.rules)
  • 2019286 - ET MALWARE Job314 EK Payload Checkin (malware.rules)
  • 2019607 - ET MALWARE CryptoBot Downloading Files (malware.rules)
  • 2020670 - ET MALWARE Cryptolocker .onion Proxy Domain (juf5pjk4sl7uojh4) (malware.rules)
  • 2021273 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (TeslaCrypt MITM) (malware.rules)
  • 2021981 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (malware.rules)
  • 2022076 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu) (malware.rules)
  • 2022510 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (malware.rules)
  • 2022610 - ET MALWARE Scarlet Mimic DNS Lookup 45 (malware.rules)
  • 2023555 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
  • 2024077 - ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Chthonic MITM) (malware.rules)
  • 2100302 - GPL EXPLOIT Redhat 7.0 lprd overflow (exploit.rules)
  • 2800182 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure 1 (exploit.rules)
  • 2800436 - ETPRO EXPLOIT IBM Tivoli Storage Manager Express Backup Heap Corruption 4 (exploit.rules)
  • 2805848 - ETPRO MOBILE_MALWARE Exploit.Andr.Lotoor Checkin (mobile_malware.rules)
  • 2805922 - ETPRO MOBILE_MALWARE Monitor.AndroidOS.Biige.a Checkin (mobile_malware.rules)
  • 2807401 - ETPRO MALWARE Trojan-Downloader.Win32.Banload.byyi Checkin (malware.rules)
  • 2809216 - ETPRO MOBILE_MALWARE Android.Trojan.SmsSpy.FS Checkin (mobile_malware.rules)
  • 2809396 - ETPRO MOBILE_MALWARE Android/Smsir.B Checkin via FTP (mobile_malware.rules)
  • 2810919 - ETPRO ADWARE_PUP ZyngaTables Downloading Malicious Chrome Extension (adware_pup.rules)
  • 2813033 - ETPRO MALWARE Rovnix DNS Lookup (beliypoyas.su) (malware.rules)
  • 2815237 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Agent.ef Checkin (mobile_malware.rules)