Ruleset Update Summary - 2026/02/06 - v11120

Ruleset Updates
1

Summary:

17 new OPEN, 26 new PRO (17 + 9)

Thanks @zscaler

Added rules:

Open:

  • 2067351 - ET MALWARE TrustConnect RAT CnC Domain in DNS Lookup (trustconnectsoftware .com) (malware.rules)
  • 2067352 - ET MALWARE Observed TrustConnect RAT Domain (trustconnectsoftware .com in TLS SNI) (malware.rules)
  • 2067353 - ET INFO Samba rsync Sender Mode Session Established (info.rules)
  • 2067354 - ET EXPLOIT Samba rsync s2length Checksum Length Heap Buffer Overflow (CVE-2024-12084) (exploit.rules)
  • 2067355 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dinglev .cyou) (malware.rules)
  • 2067356 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (dinglev .cyou) in TLS SNI (malware.rules)
  • 2067357 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (elephanntys .shop) (malware.rules)
  • 2067358 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (elephanntys .shop) in TLS SNI (malware.rules)
  • 2067359 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gibelohc .cyou) (malware.rules)
  • 2067360 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (gibelohc .cyou) in TLS SNI (malware.rules)
  • 2067361 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cloud .aaddigitalstrategies .com) (malware.rules)
  • 2067362 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cloud .aaddigitalstrategies .com) (malware.rules)
  • 2067363 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (rpgpals .com) (exploit_kit.rules)
  • 2067364 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (rpgpals .com) (exploit_kit.rules)
  • 2067365 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (guapospain .com) (exploit_kit.rules)
  • 2067366 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (guapospain .com) (exploit_kit.rules)
  • 2067367 - ET MALWARE Marco Stealer Data Exfiltration Attempt (malware.rules)

Pro:

  • 2865954 - ETPRO MALWARE TrustConnect RAT CnC Activity (Files Browse) (malware.rules)
  • 2865955 - ETPRO MALWARE TrustConnect RAT CnC Activity (GET Agent Commands) (malware.rules)
  • 2865956 - ETPRO MALWARE TrustConnect RAT CnC Activity (POST Command Results) (malware.rules)
  • 2865957 - ETPRO MALWARE TrustConnect RAT CnC Activity (Agent Heartbeat) (malware.rules)
  • 2865958 - ETPRO MALWARE TrustConnect RAT CnC Activity (Heartbeat Response) (malware.rules)
  • 2865959 - ETPRO MALWARE TrustConnect RAT CnC Activity (WebSocket Upgrade Request) (malware.rules)
  • 2865960 - ETPRO MALWARE TrustConnect RAT CnC Activity (Agent Register) (malware.rules)
  • 2865961 - ETPRO MALWARE TrustConnect RAT CnC Activity (Agent Update) (malware.rules)
  • 2865962 - ETPRO MALWARE TrustConnect RAT CnC Activity (Files Pull) (malware.rules)

Modified inactive rules:

  • 2800183 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure 2 (exploit.rules)
  • 2800437 - ETPRO EXPLOIT IBM Director CIM Server Consumer Name Handling Denial of Service 1 (exploit.rules)
  • 2800868 - ETPRO EXPLOIT Powerpoint Download (exploit.rules)
  • 2801200 - ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x46 (exploit.rules)
  • 2802159 - ETPRO MALWARE Delf/Hupigon/PWS.Banker.54377 Checkin Response from CnC (malware.rules)
  • 2802912 - ETPRO MALWARE Backdoor.Nervos.A Checkin to Server (malware.rules)