Ruleset Update Summary - 2026/02/25 - v11134

Ruleset Updates
1

Summary:

9 new OPEN, 63 new PRO (9 + 54)

Added rules:

Open:

  • 2067919 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (credil .club) (malware.rules)
  • 2067920 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (credil .club) in TLS SNI (malware.rules)
  • 2067921 - ET MALWARE PureLogs Stealer CnC ping Request (malware.rules)
  • 2067922 - ET MALWARE Purelogs Stealer plugin Request (malware.rules)
  • 2067923 - ET MALWARE PureLogs Stealer userinfo Request (malware.rules)
  • 2067924 - ET MALWARE PureLogs Stealer browser Request (malware.rules)
  • 2067925 - ET MALWARE PureLogs Stealer discord Request (malware.rules)
  • 2067926 - ET MALWARE PureLogs Stealer filesearch Request (malware.rules)
  • 2067927 - ET MALWARE PureLogs Stealer finish Request (malware.rules)

Pro:

  • 2866323 - ETPRO PHISHING Generic Phish Landing Page 2026-02-24 (phishing.rules)
  • 2866324 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2866325 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866326 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2866327 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2866328 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2866329 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2866330 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2866331 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2866332 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2866333 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866334 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2866335 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2866336 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2866337 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2866338 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2866339 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2866340 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2866341 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866342 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866343 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2866344 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2866345 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2866346 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2866347 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2866348 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2866349 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2866350 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2866351 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2866352 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2866353 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
  • 2866354 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866355 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866356 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
  • 2866357 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
  • 2866358 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - INFO Outbound (malware.rules)
  • 2866359 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD+ Outbound (malware.rules)
  • 2866360 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD+ Inbound (malware.rules)
  • 2866361 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - RD- Outbound (malware.rules)
  • 2866362 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
  • 2866363 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - sendfileto Inbound (malware.rules)
  • 2866364 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
  • 2866365 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - savePlugin Inbound (malware.rules)
  • 2866366 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
  • 2866367 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
  • 2866368 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Outbound (malware.rules)
  • 2866369 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)
  • 2866370 - ETPRO MALWARE TA446/ColdCopy CnC Activity (GET) (malware.rules)
  • 2866371 - ETPRO MALWARE Observed TA446/ColdCopy ClickFix Landing Page (malware.rules)
  • 2866372 - ETPRO MALWARE Observed TA446/ColdCopy ClickFix Landing Page (malware.rules)
  • 2866373 - ETPRO MALWARE Observed TA446/ColdCopy ClickFix Landing Page (malware.rules)
  • 2866374 - ETPRO MALWARE TA446/ColdCopy ClickFix Landing Page Resource Request (malware.rules)
  • 2866375 - ETPRO MALWARE Observed DNS Query to TA446/ColdCopy Domain (malware.rules)
  • 2866376 - ETPRO MALWARE Observed TA446/ColdCopy Domain in TLS SNI (malware.rules)