Ruleset Update Summary - 2026/02/11 - v11123

rulesbot · February 11, 2026, 9:43pm

Summary:

180 new OPEN, 213 new PRO (180 + 33)

Thanks @silentpush, @Malwarebytes

Added rules:

Open:

2067454 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (uprock .com) (adware_pup.rules)
2067455 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (grass .io) (adware_pup.rules)
2067456 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (cashraven .io) (adware_pup.rules)
2067457 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (mysterium .network) (adware_pup.rules)
2067458 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (passiveapp .com) (adware_pup.rules)
2067459 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (bytelixir .com) (adware_pup.rules)
2067460 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (earnapp .com) (adware_pup.rules)
2067461 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (packetstream .io) (adware_pup.rules)
2067462 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (traffmonetizer .com) (adware_pup.rules)
2067463 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (repocket .com) (adware_pup.rules)
2067464 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (proxyrack .com) (adware_pup.rules)
2067465 - ET ADWARE_PUP Observed DNS Query to Bandwidth Sharing Tool Domain (earn .fm) (adware_pup.rules)
2067466 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (uprock .com in TLS SNI) (adware_pup.rules)
2067467 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (grass .io in TLS SNI) (adware_pup.rules)
2067468 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (cashraven .io in TLS SNI) (adware_pup.rules)
2067469 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (mysterium .network in TLS SNI) (adware_pup.rules)
2067470 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (passiveapp .com in TLS SNI) (adware_pup.rules)
2067471 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (bytelixir .com in TLS SNI) (adware_pup.rules)
2067472 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (earnapp .com in TLS SNI) (adware_pup.rules)
2067473 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (packetstream .io in TLS SNI) (adware_pup.rules)
2067474 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (traffmonetizer .com in TLS SNI) (adware_pup.rules)
2067475 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (repocket .com in TLS SNI) (adware_pup.rules)
2067476 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (proxyrack .com in TLS SNI) (adware_pup.rules)
2067477 - ET ADWARE_PUP Observed Bandwidth Sharing Tool Domain (earn .fm in TLS SNI) (adware_pup.rules)
2067478 - ET ADWARE_PUP Observed DNS Query to Passive Income App Domain (savvyconnect .com) (adware_pup.rules)
2067479 - ET ADWARE_PUP Observed DNS Query to Passive Income App Domain (surveyjunkie .com) (adware_pup.rules)
2067480 - ET ADWARE_PUP Observed DNS Query to Passive Income App Domain (mobprofit .go2cloud .org) (adware_pup.rules)
2067481 - ET ADWARE_PUP Observed DNS Query to Passive Income App Domain (brandbee .io) (adware_pup.rules)
2067482 - ET ADWARE_PUP Observed DNS Query to Passive Income App Domain (caden .io) (adware_pup.rules)
2067483 - ET ADWARE_PUP Observed DNS Query to Passive Income App Domain (honeybook .com) (adware_pup.rules)
2067484 - ET ADWARE_PUP Observed DNS Query to Passive Income App Domain (pawns .app) (adware_pup.rules)
2067485 - ET ADWARE_PUP Observed DNS Query to Passive Income App Domain (datacy .com) (adware_pup.rules)
2067486 - ET ADWARE_PUP Observed Passive Income App Domain (savvyconnect .com in TLS SNI) (adware_pup.rules)
2067487 - ET ADWARE_PUP Observed Passive Income App Domain (surveyjunkie .com in TLS SNI) (adware_pup.rules)
2067488 - ET ADWARE_PUP Observed Passive Income App Domain (mobprofit .go2cloud .org in TLS SNI) (adware_pup.rules)
2067489 - ET ADWARE_PUP Observed Passive Income App Domain (brandbee .io in TLS SNI) (adware_pup.rules)
2067490 - ET ADWARE_PUP Observed Passive Income App Domain (caden .io in TLS SNI) (adware_pup.rules)
2067491 - ET ADWARE_PUP Observed Passive Income App Domain (honeybook .com in TLS SNI) (adware_pup.rules)
2067492 - ET ADWARE_PUP Observed Passive Income App Domain (pawns .app in TLS SNI) (adware_pup.rules)
2067493 - ET ADWARE_PUP Observed Passive Income App Domain (datacy .com in TLS SNI) (adware_pup.rules)
2067494 - ET INFO DYNAMIC_DNS Query to a *.it-como-hobby .com domain (info.rules)
2067495 - ET INFO DYNAMIC_DNS HTTP Request to a *.it-como-hobby .com domain (info.rules)
2067496 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chuckyr .cyou) (malware.rules)
2067497 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (chuckyr .cyou) in TLS SNI (malware.rules)
2067498 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (joyfuhldiscovery .click) (malware.rules)
2067499 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (joyfuhldiscovery .click) in TLS SNI (malware.rules)
2067500 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (psychob .cyou) (malware.rules)
2067501 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (psychob .cyou) in TLS SNI (malware.rules)
2067502 - ET INFO LVCHA VPN Domain (lvcha .org) in DNS Lookup (info.rules)
2067503 - ET INFO LVCHA VPN Domain (lvchaapp .store) in DNS Lookup (info.rules)
2067504 - ET INFO LVCHA VPN Domain (lcapp .shop) in DNS Lookup (info.rules)
2067505 - ET INFO LVCHA VPN Domain (lcapp .icu) in DNS Lookup (info.rules)
2067506 - ET INFO LVCHA VPN Domain (lcpro .qpon) in DNS Lookup (info.rules)
2067507 - ET INFO LVCHA VPN Domain (lcpro .bar) in DNS Lookup (info.rules)
2067508 - ET INFO LVCHA VPN Domain (lcpro .cc) in DNS Lookup (info.rules)
2067509 - ET INFO LVCHA VPN Domain (lcapp .xyz) in DNS Lookup (info.rules)
2067510 - ET INFO LVCHA VPN Domain (lcapp .sbs) in DNS Lookup (info.rules)
2067511 - ET INFO LVCHA VPN Domain (lcapp .qpon) in DNS Lookup (info.rules)
2067512 - ET INFO LVCHA VPN Domain (lcpro .icu) in DNS Lookup (info.rules)
2067513 - ET INFO LVCHA VPN Domain (lcpro .cfd) in DNS Lookup (info.rules)
2067514 - ET INFO LVCHA VPN Domain (lcvpn .sbs) in DNS Lookup (info.rules)
2067515 - ET INFO LVCHA VPN Domain (lcpro .vip) in DNS Lookup (info.rules)
2067516 - ET INFO LVCHA VPN Domain (lcapp .bond) in DNS Lookup (info.rules)
2067517 - ET INFO LVCHA VPN Domain (lvchaapp .cc) in DNS Lookup (info.rules)
2067518 - ET INFO LVCHA VPN Domain (lvcha .store) in DNS Lookup (info.rules)
2067519 - ET INFO LVCHA VPN Domain (lcpro .shop) in DNS Lookup (info.rules)
2067520 - ET INFO LVCHA VPN Domain (lvchavpn .cfd) in DNS Lookup (info.rules)
2067521 - ET INFO LVCHA VPN Domain (lcvpn .qpon) in DNS Lookup (info.rules)
2067522 - ET INFO LVCHA VPN Domain (lcapp .my) in DNS Lookup (info.rules)
2067523 - ET INFO LVCHA VPN Domain (lcvpn .cyou) in DNS Lookup (info.rules)
2067524 - ET INFO LVCHA VPN Domain (lvcha .qpon) in DNS Lookup (info.rules)
2067525 - ET INFO LVCHA VPN Domain (lvcha .in) in DNS Lookup (info.rules)
2067526 - ET INFO LVCHA VPN Domain (lcpro .top) in DNS Lookup (info.rules)
2067527 - ET INFO LVCHA VPN Domain (lcabc .icu) in DNS Lookup (info.rules)
2067528 - ET INFO LVCHA VPN Domain (lcapi .shop) in DNS Lookup (info.rules)
2067529 - ET INFO LVCHA VPN Domain (lvchaapp .icu) in DNS Lookup (info.rules)
2067530 - ET INFO LVCHA VPN Domain (lvchaapp .vip) in DNS Lookup (info.rules)
2067531 - ET INFO LVCHA VPN Domain (loopvpn .org) in DNS Lookup (info.rules)
2067532 - ET INFO LVCHA VPN Domain (lcvpn .cfd) in DNS Lookup (info.rules)
2067533 - ET INFO LVCHA VPN Domain (lcvpn .bond) in DNS Lookup (info.rules)
2067534 - ET INFO LVCHA VPN Domain (lcvpn .cc) in DNS Lookup (info.rules)
2067535 - ET INFO LVCHA VPN Domain (lvchaapp .site) in DNS Lookup (info.rules)
2067536 - ET INFO LVCHA VPN Domain (lcpro .cyou) in DNS Lookup (info.rules)
2067537 - ET INFO LVCHA VPN Domain (lvchavpn .bond) in DNS Lookup (info.rules)
2067538 - ET INFO LVCHA VPN Domain (lvchavpn .one) in DNS Lookup (info.rules)
2067539 - ET INFO LVCHA VPN Domain (lcpro .sbs) in DNS Lookup (info.rules)
2067540 - ET INFO LVCHA VPN Domain (lvcha .sbs) in DNS Lookup (info.rules)
2067541 - ET INFO LVCHA VPN Domain (lvchaapp .bond) in DNS Lookup (info.rules)
2067542 - ET INFO LVCHA VPN Domain (lcapp .bar) in DNS Lookup (info.rules)
2067543 - ET INFO LVCHA VPN Domain (lvchaapp .pw) in DNS Lookup (info.rules)
2067544 - ET INFO LVCHA VPN Domain (lcvpn .xyz) in DNS Lookup (info.rules)
2067545 - ET INFO LVCHA VPN Domain (lcpro .bond) in DNS Lookup (info.rules)
2067546 - ET INFO LVCHA VPN Domain (lcvpn .top) in DNS Lookup (info.rules)
2067547 - ET INFO LVCHA VPN Domain (lcvpn .shop) in DNS Lookup (info.rules)
2067548 - ET INFO LVCHA VPN Domain (lcapp .cfd) in DNS Lookup (info.rules)
2067549 - ET INFO LVCHA VPN Domain (lcapp .cyou) in DNS Lookup (info.rules)
2067550 - ET INFO LVCHA VPN Domain (lvchaapp .cyou) in DNS Lookup (info.rules)
2067551 - ET INFO LVCHA VPN Domain (lvcha .org) in TLS SNI (info.rules)
2067552 - ET INFO LVCHA VPN Domain (lvchaapp .store) in TLS SNI (info.rules)
2067553 - ET INFO LVCHA VPN Domain (lcapp .shop) in TLS SNI (info.rules)
2067554 - ET INFO LVCHA VPN Domain (lcapp .icu) in TLS SNI (info.rules)
2067555 - ET INFO LVCHA VPN Domain (lcpro .qpon) in TLS SNI (info.rules)
2067556 - ET INFO LVCHA VPN Domain (lcpro .bar) in TLS SNI (info.rules)
2067557 - ET INFO LVCHA VPN Domain (lcpro .cc) in TLS SNI (info.rules)
2067558 - ET INFO LVCHA VPN Domain (lcapp .xyz) in TLS SNI (info.rules)
2067559 - ET INFO LVCHA VPN Domain (lcapp .sbs) in TLS SNI (info.rules)
2067560 - ET INFO LVCHA VPN Domain (lcapp .qpon) in TLS SNI (info.rules)
2067561 - ET INFO LVCHA VPN Domain (lcpro .icu) in TLS SNI (info.rules)
2067562 - ET INFO LVCHA VPN Domain (lcpro .cfd) in TLS SNI (info.rules)
2067563 - ET INFO LVCHA VPN Domain (lcvpn .sbs) in TLS SNI (info.rules)
2067564 - ET INFO LVCHA VPN Domain (lcpro .vip) in TLS SNI (info.rules)
2067565 - ET INFO LVCHA VPN Domain (lcapp .bond) in TLS SNI (info.rules)
2067566 - ET INFO LVCHA VPN Domain (lvchaapp .cc) in TLS SNI (info.rules)
2067567 - ET INFO LVCHA VPN Domain (lvcha .store) in TLS SNI (info.rules)
2067568 - ET INFO LVCHA VPN Domain (lcpro .shop) in TLS SNI (info.rules)
2067569 - ET INFO LVCHA VPN Domain (lvchavpn .cfd) in TLS SNI (info.rules)
2067570 - ET INFO LVCHA VPN Domain (lcvpn .qpon) in TLS SNI (info.rules)
2067571 - ET INFO LVCHA VPN Domain (lcapp .my) in TLS SNI (info.rules)
2067572 - ET INFO LVCHA VPN Domain (lcvpn .cyou) in TLS SNI (info.rules)
2067573 - ET INFO LVCHA VPN Domain (lvcha .qpon) in TLS SNI (info.rules)
2067574 - ET INFO LVCHA VPN Domain (lvcha .in) in TLS SNI (info.rules)
2067575 - ET INFO LVCHA VPN Domain (lcpro .top) in TLS SNI (info.rules)
2067576 - ET INFO LVCHA VPN Domain (lcabc .icu) in TLS SNI (info.rules)
2067577 - ET INFO LVCHA VPN Domain (lcapi .shop) in TLS SNI (info.rules)
2067578 - ET INFO LVCHA VPN Domain (lvchaapp .icu) in TLS SNI (info.rules)
2067579 - ET INFO LVCHA VPN Domain (lvchaapp .vip) in TLS SNI (info.rules)
2067580 - ET INFO LVCHA VPN Domain (loopvpn .org) in TLS SNI (info.rules)
2067581 - ET INFO LVCHA VPN Domain (lcvpn .cfd) in TLS SNI (info.rules)
2067582 - ET INFO LVCHA VPN Domain (lcvpn .bond) in TLS SNI (info.rules)
2067583 - ET INFO LVCHA VPN Domain (lcvpn .cc) in TLS SNI (info.rules)
2067584 - ET INFO LVCHA VPN Domain (lvchaapp .site) in TLS SNI (info.rules)
2067585 - ET INFO LVCHA VPN Domain (lcpro .cyou) in TLS SNI (info.rules)
2067586 - ET INFO LVCHA VPN Domain (lvchavpn .bond) in TLS SNI (info.rules)
2067587 - ET INFO LVCHA VPN Domain (lvchavpn .one) in TLS SNI (info.rules)
2067588 - ET INFO LVCHA VPN Domain (lcpro .sbs) in TLS SNI (info.rules)
2067589 - ET INFO LVCHA VPN Domain (lvcha .sbs) in TLS SNI (info.rules)
2067590 - ET INFO LVCHA VPN Domain (lvchaapp .bond) in TLS SNI (info.rules)
2067591 - ET INFO LVCHA VPN Domain (lcapp .bar) in TLS SNI (info.rules)
2067592 - ET INFO LVCHA VPN Domain (lvchaapp .pw) in TLS SNI (info.rules)
2067593 - ET INFO LVCHA VPN Domain (lcvpn .xyz) in TLS SNI (info.rules)
2067594 - ET INFO LVCHA VPN Domain (lcpro .bond) in TLS SNI (info.rules)
2067595 - ET INFO LVCHA VPN Domain (lcvpn .top) in TLS SNI (info.rules)
2067596 - ET INFO LVCHA VPN Domain (lcvpn .shop) in TLS SNI (info.rules)
2067597 - ET INFO LVCHA VPN Domain (lcapp .cfd) in TLS SNI (info.rules)
2067598 - ET INFO LVCHA VPN Domain (lcapp .cyou) in TLS SNI (info.rules)
2067599 - ET INFO LVCHA VPN Domain (lvchaapp .cyou) in TLS SNI (info.rules)
2067600 - ET MALWARE APT-C-28/ScarCruft CnC Domain (techcross-wne .com) in DNS lookup (malware.rules)
2067601 - ET MALWARE APT-C-28/ScarCruft Domain (techcross-wne .com) in TLS SNI (malware.rules)
2067602 - ET MALWARE upStage Residential Proxy CnC Checkin (malware.rules)
2067603 - ET MALWARE upStage Residential Proxy CnC Response (malware.rules)
2067604 - ET MALWARE upStage Proxy Heartbeat (malware.rules)
2067605 - ET MALWARE upStage Proxy CnC Domain (pulse .herosms .cc) in DNS Lookup (malware.rules)
2067606 - ET MALWARE upStage Proxy CnC Domain (spark .herosms .io) in DNS Lookup (malware.rules)
2067607 - ET MALWARE upStage Proxy CnC Domain (mint .smshero .com) in DNS Lookup (malware.rules)
2067608 - ET MALWARE upStage Proxy CnC Domain (zest .hero-sms .ai) in DNS Lookup (malware.rules)
2067609 - ET MALWARE upStage Proxy CnC Domain (neo .herosms .co) in DNS Lookup (malware.rules)
2067610 - ET MALWARE upStage Proxy CnC Domain (flux .smshero .co) in DNS Lookup (malware.rules)
2067611 - ET MALWARE upStage Proxy CnC Domain (prime .herosms .vip) in DNS Lookup (malware.rules)
2067612 - ET MALWARE upStage Proxy CnC Domain (apex .herosms .ai) in DNS Lookup (malware.rules)
2067613 - ET MALWARE upStage Proxy CnC Domain (vivid .smshero .vip) in DNS Lookup (malware.rules)
2067614 - ET MALWARE upStage Proxy CnC Domain (glide .smshero .cc) in DNS Lookup (malware.rules)
2067615 - ET MALWARE upStage Proxy CnC Domain (nova .smshero .ai) in DNS Lookup (malware.rules)
2067616 - ET MALWARE Observed upStage Proxy CnC Domain (apex .herosms .ai) in TLS SNI (malware.rules)
2067617 - ET MALWARE Observed upStage Proxy CnC Domain (flux .smshero .co) in TLS SNI (malware.rules)
2067618 - ET MALWARE Observed upStage Proxy CnC Domain (neo .herosms .co) in TLS SNI (malware.rules)
2067619 - ET MALWARE Observed upStage Proxy CnC Domain (mint .smshero .com) in TLS SNI (malware.rules)
2067620 - ET MALWARE Observed upStage Proxy CnC Domain (spark .herosms .io) in TLS SNI (malware.rules)
2067621 - ET MALWARE Observed upStage Proxy CnC Domain (soc .hero-sms .co) in TLS SNI (malware.rules)
2067622 - ET MALWARE Observed upStage Proxy CnC Domain (vivid .smshero .vip) in TLS SNI (malware.rules)
2067623 - ET MALWARE Observed upStage Proxy CnC Domain (prime .herosms .vip) in TLS SNI (malware.rules)
2067624 - ET MALWARE Observed upStage Proxy CnC Domain (nova .smshero .ai) in TLS SNI (malware.rules)
2067625 - ET MALWARE Observed upStage Proxy CnC Domain (pulse .herosms .cc) in TLS SNI (malware.rules)
2067626 - ET MALWARE Observed upStage Proxy CnC Domain (glide .smshero .cc) in TLS SNI (malware.rules)
2067627 - ET MALWARE Observed upStage Proxy CnC Domain (zest .hero-sms .ai) in TLS SNI (malware.rules)
2067628 - ET MALWARE upStage Payload Delivery Domain (7zip .cloud) in DNS Lookup (malware.rules)
2067629 - ET MALWARE Observed upStage Payload Delivery Domain (7zip .cloud) in TLS SNI (malware.rules)
2067630 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (viertofly .com) (exploit_kit.rules)
2067631 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (ctpsih .com) (exploit_kit.rules)
2067632 - ET EXPLOIT_KIT LandUpdate808 Domain in TLS SNI (ctpsih .com) (exploit_kit.rules)
2067633 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (viertofly .com) (exploit_kit.rules)

Pro:

2866005 - ETPRO PHISHING TA4903 Domain in DNS Lookup (phishing.rules)
2866006 - ETPRO PHISHING TA4903 Domain in TLS SNI (phishing.rules)
2866007 - ETPRO PHISHING Observed Tycoon2FA Landing Page (phishing.rules)
2866008 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866009 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866010 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866011 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866012 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866013 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866014 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866015 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866016 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866017 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866018 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866019 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866020 - ETPRO PHISHING Observed DNS Query to Tycoon2FA Domain (phishing.rules)
2866021 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866022 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866023 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866024 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866025 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866026 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866027 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866028 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866029 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866030 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866031 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866032 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866033 - ETPRO PHISHING Observed Tycoon2FA Domain in TLS SNI (phishing.rules)
2866034 - ETPRO EXPLOIT Microsoft MSHTML Framework Security Feature Bypass (CVE-2026-21513) M1 (exploit.rules)
2866035 - ETPRO EXPLOIT Microsoft MSHTML Framework Security Feature Bypass (CVE-2026-21513) M2 (exploit.rules)
2866036 - ETPRO EXPLOIT Microsoft Word Security Feature Bypass (CVE-2026-21514) M1 (exploit.rules)
2866037 - ETPRO EXPLOIT Microsoft Word Security Feature Bypass (CVE-2026-21514) M2 (exploit.rules)

Disabled and modified rules:

2067371 - ET INFO Remote Monitoring and Management (RMM) Tool in TLS SNI (247ithelp .net) (info.rules)
2067432 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (tefalle .com) (exploit_kit.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/05/14 - v10927 Ruleset Updates	119	May 14, 2025
Ruleset Update Summary - 2025/10/14 - v11039 Ruleset Updates	135	October 14, 2025
Ruleset Update Summary - 2025/10/22 - v11046 Ruleset Updates	96	October 22, 2025
Ruleset Update Summary - 2024/12/01 - v10769 Ruleset Updates	33	December 1, 2024
Ruleset Update Summary - 2023/12/06 - v10480 Ruleset Updates	445	December 6, 2023

Ruleset Update Summary - 2026/02/11 - v11123

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics