Ruleset Update Summary - 2026/02/23 - v11131

rulesbot · February 23, 2026, 9:59pm

Summary:

16 new OPEN, 88 new PRO (16 + 72)

Added rules:

Open:

2067865 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (quicksp .pics) (malware.rules)
2067866 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (quicksp .pics) in TLS SNI (malware.rules)
2067867 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (salivae .cyou) (malware.rules)
2067868 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (salivae .cyou) in TLS SNI (malware.rules)
2067869 - ET INFO URL Shortner Service Domain in DNS Lookup (v .gd) (info.rules)
2067870 - ET INFO Observed URL Shortener Service Domain (v .gd in TLS SNI) (info.rules)
2067871 - ET MALWARE Observed DNS Query to TrustConnect Domain (primerelays .com) (malware.rules)
2067872 - ET MALWARE Observed DNS Query to TrustConnect Domain (hardconnect .net) (malware.rules)
2067873 - ET MALWARE Observed DNS Query to TrustConnect Domain (softconnectsoftware .com) (malware.rules)
2067874 - ET MALWARE Observed DNS Query to TrustConnect Domain (axiscontrol .ltd) (malware.rules)
2067875 - ET MALWARE Observed TrustConnect Domain in TLS SNI (primerelays .com) (malware.rules)
2067876 - ET MALWARE Observed TrustConnect Domain in TLS SNI (hardconnect .net) (malware.rules)
2067877 - ET MALWARE Observed TrustConnect Domain in TLS SNI (softconnectsoftware .com) (malware.rules)
2067878 - ET MALWARE Observed TrustConnect Domain in TLS SNI (axiscontrol .ltd) (malware.rules)
2067879 - ET MALWARE TrustConnect RAT CnC Activity (Agent Registration) (malware.rules)
2067880 - ET MALWARE TrustConnect RAT CnC Activity (Successful Registration) (malware.rules)

Pro:

2866220 - ETPRO MALWARE TA406 Payload Retrieval (gzip) (malware.rules)
2866221 - ETPRO MALWARE TA406 Payload Retrieval (Powershell) (malware.rules)
2866222 - ETPRO MALWARE TA406 Payload Response (Powershell for Host Recon) (malware.rules)
2866223 - ETPRO MALWARE TA406 Host Recon Exfil (malware.rules)
2866224 - ETPRO HUNTING TA406 Style Payload Request (hunting.rules)
2866225 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866226 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866227 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866228 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866229 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866230 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866231 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866232 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866233 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866234 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866235 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866236 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866237 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2866238 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866239 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2866240 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866241 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2866242 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866243 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866244 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2866245 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866246 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866247 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866248 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866249 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866250 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866251 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2866252 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2866253 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2866254 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2866255 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866256 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2866257 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866258 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2866259 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866260 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866261 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2866262 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866263 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
2866264 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866265 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866266 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
2866267 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
2866268 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
2866269 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
2866270 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
2866271 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
2866272 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
2866273 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
2866274 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
2866275 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
2866276 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
2866277 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
2866278 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
2866279 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
2866280 - ETPRO MALWARE Observed DNS Query to TransferLoader Domain (malware.rules)
2866281 - ETPRO MALWARE Observed DNS Query to TransferLoader Domain (malware.rules)
2866282 - ETPRO MALWARE Observed TransferLoader Domain in TLS SNI (malware.rules)
2866283 - ETPRO MALWARE Observed TransferLoader Domain in TLS SNI (malware.rules)
2866284 - ETPRO MALWARE Observed DNS Query to TA406 Domain (malware.rules)
2866285 - ETPRO MALWARE Observed TA406 Domain in TLS SNI (malware.rules)
2866286 - ETPRO MALWARE TransferLoader CnC Activity (M1) (malware.rules)
2866287 - ETPRO MALWARE TransferLoader CnC Activity (M2) (malware.rules)
2866288 - ETPRO MALWARE TA406 CnC Activity (POST) (malware.rules)
2866289 - ETPRO MALWARE TA406 Payload Request (GET) (malware.rules)
2866290 - ETPRO ATTACK_RESPONSE TA406 Payload Inbound (attack_response.rules)
2866291 - ETPRO ATTACK_RESPONSE TA406 Payload Inbound (attack_response.rules)

Disabled and modified rules:

2009099 - ET P2P ThunderNetwork UDP Traffic (p2p.rules)

Topic	Replies	Views
Ruleset Update Summary - 2026/02/25 - v11134 Ruleset Updates	91	February 25, 2026
Ruleset Update Summary - 2026/01/05 - v11096 Ruleset Updates	65	January 5, 2026
Ruleset Update Summary - 2024/10/25 - v10728 Ruleset Updates	113	October 25, 2024
Ruleset Update Summary - 2026/01/19 - v11106 Ruleset Updates	46	January 19, 2026
Ruleset Update Summary - 2024/03/25 - v10559 Ruleset Updates	349	March 25, 2024

Ruleset Update Summary - 2026/02/23 - v11131

Summary:

Added rules:

Open:

Pro:

Disabled and modified rules:

Related topics